Sunday, August 5, 2007

Merge publication -- Web Synchronization

DC:Server and Member:KingPC

It's better both SQL Servers are in Member server. I got problem with scenario: One is DC and the other is Member. I have to use the Domain Administrator with the Merge Agent. The similar problem occurs when I configure PEER-to-PEER replication. Agent security gave me real headache.

Work at DC:Server computer


Install Certificate Authority component



create an alias: WWW to match the common name in DNS




Make sure http://www.vip.com/ will be resolved to IIS web server.



IIS:
Default Web Site--properties --Directory Security -- Server Certificate

Make sure that the same name is used in the above two screenshots.

The web clients (browsers, etc.) will access your web site by the http://www.vip.com/.
Enable the web site to request 128-bit encryption.


Create a folder--C:\InetPub\wwwroot\REPLICATION

Share Name: REPLICATION with access permission as:

Security:VIP\Agent WRITE and Share permission: EVERYONE CHANGE
Configuring a local distributor


Distributor Properties --Publisher --Default Snapshot Folder--\\Server\REPLICATION

VIP\Agent will be a member of db_owner role in distribution and AdventureWorks databases.

Creating a Merge Publication
Check the Default Snapshot Folder: the snapshot files are created.


















Work at KingPC computer:

After a subcription is created and selects View Synchronization Status, "The system cannot find the file specified" message shows as follows:



I troubleshot as follows:


https://www.vip.com/certsrv/

https://www.vip.com/certsrv/certcarc.asp


Click on --install this CA certificate chain-- to install CA in the trust root certificate store.


https://www.vip.com/replication/replisapi.dll?diag


Because Merge agent security uses the regular user account VIP\agent, I use the VIP\agent to run the diagnostic. However, access denies message shows.


I use the Administrator to run replisapi.dll?diag as shown below:





It gets the desired result.


So, at Subscriber (KingPC), a Certificate with Administrator account is created. And then a Replication Merge proxy is created. After Changing the Merge Agent job proxy to the Administrator proxy, the Web Synchronization works.

I add the VIP\Agent to IIS_WGP group. Somehow, I can run replisapi.dll?diag test. But I still cannot use the VIP\agent to retrieve data from Web site unless I add the VIP\agent to the Administrators group.
Posted by at
Labels: