Sunday, August 28, 2011

Setting up database mirroring with certificates

We use certificates while setting up database mirroring for two partners that are in a workgroup or in non-trusted domains.  The idea is to create a certificate on each partner, export it to the other and then setup a login to use that certificate. As explained in BOL here, this is called setting up Inbound and Outbound connections

Here is a simplified representation of how it needs to be setup

0537.clip_5F00_image0018_5F00_thumb_5F00_08A129EE.png

If either of these is not setup correctly you can get a variety of error messages like these

Msg 1431, Level 16, State 4, Line 1

Neither the partner nor the witness server instance for database "TEST2" is available. Reissue the command when at least one of the instances becomes available.

Error: 1438, Severity: 16, State: 1.

The server instance Partner rejected configure request; read its error log file for more information. The reason 1405, and state 2, can be of use for diagnostics by Microsoft. This is a transient error hence retrying the request is likely to succeed. Correct the cause if any and retry.

Error: 1405, Severity: 16, State: 2

Apart from the blog post above, you can refer to Bemis 2189705 for a step by step approach to setting up database mirroring with certificates.  The steps consist of the following

1.       Setup Outbound connections:- Consists of creating the certificate, the endpoint ( with the certificate in the AUTHENTICATION clause) and then backing up the certificate

2.       Setup Inbound connections:-  Consists of restoring the certificate from the partner, associating it with a login and granting that login connect on the endpoint

3.       Run the ALTER DATABASE statements starting with Mirror server  first and then on Principal

 
Read more: Microsoft SQL Server Support Blog
QR: setting-up-database-mirroring-with-certificates.aspx

Posted via email from Jasper-Net