Configuring Symantec Workspace Streaming to Work With Windows Authenticated MS-SQL Server
Today, there is a restriction in SWS that requires Microsoft SQL Server to be in a "mixed mode" authentication, i.e. to support both Windows authentication and SQL authentication. SWS needed SQL authentication because as part of the database configuration, the server install creates a local account in the SQL Server and defines that user account as the database owner of the Streaming database schema.
Several large enterprises have a policy where the Directory Services and Server Management teams do not let other teams create and manage accounts outside of the common user data source, which typically is Windows Active Directory. From their perspective, it is management overhead and security issue to some extent. Moreover, Microsoft encourages, in fact, almost enforces use of Windows authentication to SQL Server. This article will help cater to this scenario.
Use case: The intended servers where SWS will be installed are on the same Windows domain as Microsoft SQL Server machine. SQL Server does not support mixed mode authentication and requires a windows domain account that has access to the server and database instance to connect and use.
Below steps provide help to install and configure Symantec Workspace Streaming (SWS) product and database schema in an environment where only Windows authentication is supported on the database side.
The steps provided below are based on tests performed using the following software
- SWS server 6.1 SP8 on Windows 2003 / Windows 2008 installed as single node (front end and back end streaming components on the same machine) [Note: It is NOT required to have single node install to support Windows authenticated SQL Server. But, there may be additional steps required if done as a multi node install]
- MS-SQL Server 2005 / MS-SQL Server 2008 on Windows 2003 / Windows 2008
- Windows Active Directory on Windows 2003 / Windows 2008 with Windows 2000 forest and functionality level
- Logged in with administrator role to perform all tasks
Steps on SWS Server machine
- Login as administrator and copy the setup file to the local machine and start the install
- Select Install Product > Install Server > Hit next > accept license > choose default install folder
- Select 1st option "Single Node" > leave the default license > leave default ports and server name [Note: if you have multiple IP addresses on this server leave it at IP address]
- Select 3rd option "Create Streaming Server only", make note of the warning in the following screen and proceed
- Review the settings so far and select "Install"
- The installer complains again about the fact that database is not setup. Make note and select "Finish"
Now, we prepare the server configuration manually to connect to a SQL server that only supports Windows authentication
- Navigate to <install_folder>\streamletEngine\da\conf in windows explorer and open da.conf for edit
- Navigate to "PostgreSQL configuration" and comment the section below "=====..." - adding '#' to the beginning of a line identifies that line as commented out
- Navigate to "Microsoft SQL Server 2005 configuration" and uncomment the section below "=====..." - removing "#" uncomments it
- Update 'appstream.database.host' with the correct database server name or IP address
- Verify the port number of the database, typically the default works in most cases
- Append 'torque.dsfactory.appstream.connection.url' value with "domain=<your_windows_domain_name>"
- Update 'torque.dsfactory.appstream.connection.user' value with the windows domain user that has access to this server and instance - replace 'asuser' with the new name
- Save and exit [Note: leave the password at default, we'll deal with it at another step]
- Open command prompt and navigate to <install_folder>\streamletEngine\bin folder
- Execute "changeDaPassword" [Note: You may have to set java path]
- Enter the password for the domain user that was entered in da.conf file (in step 8d) and hit enter
Steps on Database Server machine
All the steps listed below have to executed in Enterprise SQL Manager / Management Studio
- 1. Login to SQL Management Studio using the domain account that you used in previous section 3c
- 2. Navigate to scripts folder in the SWS server machine under <install_folder>\streamletEngine\db\scripts\mssql2005 and copy the content of the following scripts and execute in the order specified after each script is completed successfully
- Paste the contents of "create_appstream-db.sql" in the query window and hit run
- Clear the content, type in "USE appstream" '(that is the name of the database) and then paste the contents of "create_appstream-schema.sql" in the same query window and hit run
- Clear the content, type "USE appstream", then paste contents of "id-table-schema.sql" in the same query window and hit run
- Clear the content, type "USE appstream", then paste the contents of "create_appstream-schema-idtable-init.sql" in the same query window and hit run
- Clear the content, type "USE appstream", then paste contents of "init_appstream_schema.sql" in the same query window and hit run
- After all the scripts are successfully executed verify the database schema and the tables
Once all these steps are completed restart the server where SWS was installed.
Note: Since database configuration was done outside of server install, none of the server components would have been added to the database, you would have to manually add them.
Steps to complete server setup
- Once the SWS server machine is back up, login to the admin console (using the shortcut created on your start menu) and use credentials as follows:
User name: admin Password: <blank>
- Navigate to Windows Services panel and ensure AWE Management Agent service is running
- Navigate to Console setup > Component on the left menu
- Add streamlet engine first
- Select streamlet engine as the component
- Enter the IP address / host name of the machine where you have the console
- Add the component
- Add front end components
- Select front end as the component
- Enter the IP address / host name of the machine where you have the console (since this is a single node install)
- Add the component
- Usually there is a message to restart the components
- Once the components are up, you have an option to integrate into your active directory or user data source
- Navigate to Configuration > User Data Source
- Follow the wizard steps that come up
Now you have a streaming infrastructure that works with a SQL Server that supports Windows authentication only.