4

I have a two-node SQL Server 2016 Standard Always-On environment and when I create a new availability group, I receive the error message below:

The Endpoints tab lists at least one endpoint that uses only Windows Authentication. However, the server instance might be running under a nondomain account. To use the listed endpoint, change the corresponding SQL Server service account to a domain account. To continue using the nondomain account, alter the endpoint to use a certificate.

Do you want to use the listed endpoints?

Now there is a fair amount of information to correct this, but I am struggling to find a fix for my scenario. All im finding, is when you are running SQL Server and the endpoints as a non-domain user, as the message suggests.

I am running both instances as the same domain user, which has admin on both nodes and sysadmin in each instance of SQL Server, and this can be seen on the endpoints tab, both endpoint SQL Service account entries are the Domain\svc_account that is running SQL Server.

The Availability groups get created perfectly, i occasionally have do grant CREATE DB to the secondary node to initialize the seeding, but other than that all is great. Failovers are perfect etc. We do have over 20 AG's. Could that be an issue? I believe AG have been tested successfully at up to 100 groups. Being SQL Server Standard, we can only do 1 DB per group, and most of the DBs are small at <5GB.

So I am assuming its not causing any issues yet, but regardless I would like to know if its something I can ignore, or fix, in my scenario.

SSMS Window

The output of Node 1:

Node1

Node 2:

Node2

Thank you for all your assistance.

MDCCL
8,5303 gold badges32 silver badges63 bronze badges
asked Jan 24, 2019 at 14:41
8
  • 3
    You're getting this in SSMS, correct? What's the version of SSMS? Commented Jan 25, 2019 at 11:59
  • Correct, I get the error in SSMS. Version 17.9.1 I get it both on SSMS on the one node and on my desktop. Both are running the same version. Commented Jan 25, 2019 at 13:30
  • 2
    Could you post a screenshot of the entire SSMS view at the time this occurs? Commented Jan 25, 2019 at 14:55
  • Thanks @SeanGallardy, Screenshot added to original post Commented Jan 25, 2019 at 15:03
  • 2
    Ah, ok, makes more sense now. Can you put the output of sys.database_mirroring_endpoints from both servers in the AG? Commented Jan 25, 2019 at 15:31

1 Answer 1

4

So i am assuming its not causing any issues yet, but regardless i would like to know if its something i can ignore in my scenario, or fix.

Looks like since everything seems to be configured properly (I can't see the domain account information [which is redacted as it should be :) ]) so I wouldn't worry about it. If this happens on multiple servers in the environment then it may require further investigation but overall everything you posted seems in line with a normal configured system.

I traced this down to a call IsValidDomainUserForWinAuthentication used in SSMS which, for whatever reason, is returning false. Looking at the logic, it's checking a few various items, but the one that stands out is the assumption on how the service account name is configured (allowable characters) and that calls to LookupAccountName complete successfully. It would take a time travel trace or full memory dump of SSMS (when the message box is shown) to really investigate further which I don't believe is warranted at this time.

answered Jan 25, 2019 at 16:58
1
  • Thank you very much @Sean. I will be at peace knowing its actually just SSMS and not my configuration :) Commented Jan 25, 2019 at 17:04

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.