Use Windows Domain Service Account with Portal
Trying to use Windows Domain Service Account with database transfer for a production portal environment. Lower-level environments use basic sql server auth. Failing. The wkplc_dbdomain.properties file has...
DBA.DbUser=ORG\SVC-ORG-MYDBSA
Log file shows wrong ID, with backslash removed...
DBA.DbUser=ORGSVC-ORG-MYDBSA
Summary of workaround...
- Execute ConfigEngine validation and transfer commands, using a SQL Server login for our DbUser in wkplc_dbdomain.properties file.
- After successful DB transfer, change DB owner to our Microsoft Windows user (the one defined in the J2C authentication alias for data source).
Workaround
- Update the JDBC Driver from version 3.0 to 6.0.
Driver should support Integrated Authentication
- Add the sqljdbc_auth.dll to the java class path for portal by placing the above file in...
C:\IBM\WebSphere\AppServer\java\bin
C:\IBM\WebSphere\AppServer\java\jre\bin- Create two local SQL server users...
portaldbaprd SQL Server User ORGSVC-ORG-MYDBSA Windows Service Account. User has admin access on both the portal and database servers. - Create Alias/Mapping of the domain user in SQL Server Management Studio
ORG\SVC-ORG-MYDBSA --> ORGSVC-ORG-MYDBSA
- Validate accounts using DB Visualizer Client
- Copy the sqljdbc_xa.dll file from to bin directory of the Microsoft SQL Server host.
- Run the xa_install.sql database script on the Microsoft SQL Server
- Set the datasource custom property integratedSecurity to true
- Set the Authentication Alias for XA Recovery to your alias. Set Component Managed Authentication Alias to none
- Configure XA transactions
- Stop all JVM's
- Edit the Windows services and change the Log On As to a user which has admin access on both the portal and database servers.
- Run the validate DB ConfigEngine task.
wkplc_dbdomain.properties should have the SQL Server user.
- Perform DB transfer
- Save changes to master repository and synchronize changes to nodes
- Test data source connection
- Restart the portal server