SQL logging are occuring simultaneously. If SQL logging fails, the fact
that IAS can log to a local file keeps authentication going.
connection drops it stops authenticating, and drops all requests.
Post by James McIllece [MS]Post by Marc JonkersHi,
We have IAS configured to log to a central SQL server. When there is
no connection between the SQL and IAS server, the authentication
requests are dropped on the IAS. Resulting in a lot of things not
working. Is there a solution for this, if the IAS cannot log to SQL
that authentication still occurs?
Thx,
Marc Jonkers
Hi Marc --
IAS was intentionally designed so that authentication fails if logging
fails; the reason is that you would have a big security hole if there were
no logging during an attack and would not be able to track down whoever was
initiating the attack.
There are several SQL server logging scenarios presented in the IAS SQL
Server Logging whitepaper that can assist in preventing this failure of
service in circumstances where the connection between the servers is lost.
You can install SQL Server on the IAS server or you can install MSDE 2000
on the IAS server, then replicate records to a central SQL Server (if you
have more than one IAS server that is logging to SQL).
Another option is to also enable local file logging, so that both local and
SQL logging are occuring simultaneously. If SQL logging fails, the fact
that IAS can log to a local file keeps authentication going.
For more info, see "Deploying SQL Server Logging with Windows Server 2003
Internet Authentication Service (IAS)" at
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4357F7-4070-
4902-95F1-3AD411D963B2&displaylang=en
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.