DB mirror cannot be established between different domain servers and might fail with below error.
"The server network address
"TCP://server.domain.com:5022" can not be reached or does
not exist. Check the network address name and reissue the command.
(Microsoft SQL Server, Error: 1418)"
In this case, DB mirroring can be configured by using certificates.
Steps to setup DB mirroring using certificates.
On Principle Server:
-- Create the database master key
USE master;
CREATE master KEY encryption BY password = '<Password>';
go
-- Create a certificate for DB mirror
USE master;
CREATE certificate principlecert WITH subject =
'Principle certificate for DB mirror';
go
-- Create a mirror endpoint using certificate
CREATE endpoint endpoint_mirroring state = started AS tcp ( listener_port=5022,
listener_ip = ALL ) FOR database_mirroring ( authentication = certificate
principlecert, encryption = required algorithm aes, role = ALL );
go
-- Back up the certificateBACKUP CERTIFICATE PrincipleCert TO FILE = 'D:\PrincipleCert.cer';
-- Copy the certificate (PrincipleCert.cer) to mirror server
On Mirror Server:
-- Create the database master key
USE master;
CREATE master KEY encryption BY password = '<Password>';
go
--- Create a certificate for DB mirrror
USE master;
CREATE certificate mirrorcert WITH subject = 'Mirror certificate for DB mirror';
go
-- Create a mirror endpoint using certificate
CREATE endpoint endpoint_mirroring state = started AS tcp ( listener_port=5022,
listener_ip = ALL ) FOR database_mirroring ( authentication = certificate
mirrorcert, encryption = required algorithm aes, role = ALL );
go
--Back up the certificate
BACKUP certificate mirrorcert TO FILE = 'D:\MirrorCert.cer';
go
-- Copy the certificate(MirrorCert.cer) to Principle server
Note: For DB mirror purpose, I have created same login (eg:MirrorUser) on both Principle and Mirror server.
On Principle Server:
-- Create a login on Principle for Mirror server
USE master;
CREATE login mirroruser WITH password = 'password';
go
-- Create user on master
USE master;
CREATE USER mirroruser FOR login mirroruser;
go
-- Associate the certificate with the user
CREATE certificate mirrorcert AUTHORIZATION mirroruser FROM FILE =
'C:\MirrorCert.cer'
go
-- Grant CONNECT permission for endpoint.
GRANT connect on endpoint::endpoint_mirroring to [mirroruser];
go
On Mirror Server:
-- Create a login on Mirror for Principle server
USE master;
CREATE login mirroruser WITH password = 'password';
go
-- Create user on master
USE master;
CREATE USER mirroruser FOR login mirroruser;
go
-- Associate the certificate with the user
CREATE certificate principlecert AUTHORIZATION mirroruser FROM FILE =
'D:\PrincipleCert.cer'
go
-- Grant CONNECT permission for endpoint
GRANT connect on endpoint::endpoint_mirroring to [mirroruser];
go
Configuring the Mirroring Partners
On Mirror Server:
ALTER DATABASE mirrortestdb
SET partner = 'TCP://PrincipleServer.domain.com:5022';
go
On Principle server:
ALTER DATABASE mirrortestdb
SET partner = 'TCP://MirrorServer.domain.com:5022';
go
-- Change to high-performance mode
ALTER DATABASE mirrortestdb
SET partner safety OFF
go