| Author |
Topic |
|
Ken Blum
Constraint Violating Yak Guru
383 Posts |
 Posted - 2008-07-25 : 15:28:14
|
| I have been testing Web Synchronization Replication here at may office and have not had any problems. I am now trying to initialize a subsciber that is off-site, and when I attempt to initialize the subscription I get "A Security Error Occurred - The Merge Agent could not connect to the URL during Web Synchronization."This normally happens when the SSL Certificate has not been installed on the subscriber machine, but I have installed it. When I run the https://MyWebSite.com/My_Replication/replisapi.dll?diag from IE it shows SUCCESS for all tests and the certificate warning does not pop up - it only asks for the login name & password - which I have retyped into the subscription properties.The server is Windows 2003 sever, SQL 2005 Standard, IIS 6.0, IE 7.TIA,Ken |
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2008-07-26 : 19:17:34
|
| Are they in same domain? |
 |
|
|
Ken Blum
Constraint Violating Yak Guru
383 Posts |
Posted - 2008-07-28 : 08:39:04
|
| No. The IIS Server here at the office is in our DMZ and is obviously not part of the domain. The SQL Server is part of our domain and has connectivity to the IIS server. The server at the client is not part of our domain and will not be a part of our domain.I tested web synchronization from my house (a different subscription) on my laptop and it worked. I logged in under a local user, so I was not logged in under our domain or have any VPN connection established. My laptop has WIN 2000 on it, and the remote sever has Win 2003 Server (no firewall). Could that be the issue? |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2008-07-28 : 22:35:35
|
| When you logon via vpn, you are on same network with sql server. Does your client connect to your sql via vpn too? |
|
|
|
Ken Blum
Constraint Violating Yak Guru
383 Posts |
Posted - 2008-07-29 : 08:10:42
|
| No VPN. Using Web Synchronization over HTTPS. |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2008-07-29 : 22:45:25
|
| Then ensure sql port is open on both side. |
|
|
|
Ken Blum
Constraint Violating Yak Guru
383 Posts |
Posted - 2008-08-14 : 09:10:56
|
| The whole idea behind Web Synchronization is to perform replication over https port 443, and not have to open port 1433 over the firewall.I eventually found out that the problem was that the SSL Certificate was being stored in the User Certificate Store, instead of the Computer Certificate Store on the subscriber machine. Since the agents are running under a computer account, this would fail. I am now replicating data over the internet without having to open any ports other than standard internet ports 443 (SSL HTTPS traffic) and port 80 (HTTP traffic, which could probably be closed also). Sweet! |
|
|
|
Jcomp
Starting Member
1 Post |
Posted - 2009-09-10 : 19:13:18
|
Hi Ken,Sorry for offtopic, but I just to thank you for following post, I have the same problem, and thanks to you it is solved. quote:
Originally posted by Ken Blum
The whole idea behind Web Synchronization is to perform replication over https port 443, and not have to open port 1433 over the firewall.I eventually found out that the problem was that the SSL Certificate was being stored in the User Certificate Store, instead of the Computer Certificate Store on the subscriber machine. Since the agents are running under a computer account, this would fail. I am now replicating data over the internet without having to open any ports other than standard internet ports 443 (SSL HTTPS traffic) and port 80 (HTTP traffic, which could probably be closed also). Sweet!
|
|
|
|
Ken Blum
Constraint Violating Yak Guru
383 Posts |
Posted - 2009-09-11 : 13:23:00
|
| No Problem!Note that once you purchase a "real" certificate, like we have recently done, you don't need to install the certificate on the subscriber since it is automatically verified via the certificate authority that issued it. |
|
|
|
sudesh128
Starting Member
2 Posts |
Posted - 2010-03-08 : 05:08:50
|
| Hi Ken BlumI have a same problem u got, but i cant configure my certificate as u say above. if u can plz help mekssamapth@gmail.comsudesh |
|
|
|
Ken Blum
Constraint Violating Yak Guru
383 Posts |
Posted - 2010-03-08 : 11:44:23
|
| Run MMC and Add the Ceritificates Snap-In. Make sure you select Computer Account, then import your certificate under the Trusted Root Certifcation Authorites. |
|
|
|
sudesh128
Starting Member
2 Posts |
Posted - 2010-03-09 : 00:15:50
|
| dear Ken Blumon the client computer or on the server?please give me the steps to do thissudesh |
|
|
|
|
Web Sync Replication - A Security Error occurred