About

Jesper Fütterer Jensen
Microsoft Azure MVP
Cloud Architect @ solvo it

That’s the basics. I work with Azure, implementing and designing cloud solutions for small and medium sized enterprises. I datacenter background, and focus on management, monitoring and such tasks in Azure.

2 comments

  1. Hi Jesper
    I have a question that you might be able to answer regarding a cloud only setup.
    I have looked at some of the Microsoft forums, and all articles written always expect that you have an on-premise Active Directory and need help with joing your Azure AD to that. However, my question is regarding as setup for us as a new Company that wants to be cloud only. This though seems to be rather challenging when it includes SQL Server. So here is the setup:
    I have Azure AD enabled, Domain Services is enabled.
    I have an Azure VM with Windows Server booted up that have SQL Server 2016 installed. The Azure VM is joined to the domain no problem, endpoints are configured and i can connect to the sql server using SQL Server Authentication from my laptop using the xyz.cloudapp.net server path.
    My laptop is running Windows 10 and is joined to Azure AD. So i can login to my laptop using my Company email and pw. In SQL Server Management Studio i can see that my user is called AzureAD\Christian but when trying to connect to the cloudapp.net i get:

    Cannot connect to xyz.cloudapp.net.
    Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (Microsoft SQL Server, Error: 18452)

    When using Active Directory Password Authentication and type in my azureAD credentials or use Active Directory Integrated Authentication I get:

    Cannot connect to xyz.cloudapp.net.
    A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.) (Microsoft SQL Server, Error: -2146893019)

    The certificate chain was issued by an authority that is not trusted

    So my question is, is this simply not supported yet to have a cloud only setup with no on-premise AD to get the laptops joined to ?

    Kind Regards
    Christian

    Like

    1. Hi Christian,

      Interesting scenario. I haven’t tested it, but to my knowledge this is not yet supported.
      I have a case for testing similar functionality soon, so I’ll try to remember you when I’m testing it!

      /Jesper

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s