Creating the Endpoints
Each server instance in the
database mirroring configuration must have an endpoint defined so that
the other servers can communicate with it. This is sort of like a
private phone line to your friends. Let’s use the scripts provided as
opposed to using the Configure Security Wizard. The first endpoint
script is in the file 2008 Create EndPoint Partner1.SQL.
From SSMS, you need to open a
new query connection to your principal database by selecting File, New
and in the New Query dialog, selecting Query with Current Connection.
Open the SQL file for the first endpoint.
The following CREATE ENDPOINT T-SQL creates the endpoint named EndPoint4DBMirroring1430, with the listener_port value of 1430, and the database mirroring role Partner:
-- create endpoint for principal server --
CREATE ENDPOINT [EndPoint4DBMirroring1430]
STATE=STARTED
AS TCP (LISTENER_PORT = 1430, LISTENER_IP = ALL)
FOR DATA_MIRRORING (ROLE = PARTNER, AUTHENTICATION = WINDOWS NEGOTIATE
, ENCRYPTION = REQUIRED ALGORITHM RC4)
After this T-SQL runs, you should quickly run the following SELECT statements to verify that the endpoint has been correctly created:
select name,type_desc,port,ip_address from sys.tcp_endpoints;
SELECT db.name, m.mirroring_role_desc
FROM sys.database_mirroring m
JOIN sys.databases db
ON db.database_id = m.database_id
WHERE db.name = N'AdventureWorks';
select name,role_desc,state_desc from sys.database_mirroring_endpoints;
Figure 4 shows the desired result set from these queries.
If you also look at the database properties for the AdventureWorks database on the principal server (SQL08DE01,
in this example), you see the server network address for the principal
server automatically appear now when you look at the Database Properties
Mirroring page (see Figure 5).
Starting with the sample SQL scripts 2008 Create EndPoint Partner2.SQL and 2008 Create EndPoint Witness.SQL,
you need to repeat the endpoint creation process for the mirror server
(using a listener_port value of 1440) and the witness server (using a
listener_port value of 1450) by opening a query connection to each one
of these servers and running the following CREATE ENDPOINT commands:
-- create endpoint for mirror server --
CREATE ENDPOINT [EndPoint4DBMirroring1440]
STATE=STARTED
AS TCP (LISTENER_PORT = 1440, LISTENER_IP = ALL)
FOR DATA_MIRRORING (ROLE = PARTNER, AUTHENTICATION = WINDOWS NEGOTIATE
, ENCRYPTION = REQUIRED ALGORITHM RC4)
For the witness server (notice that the role is now Witness), you run the following:
-- create endpoint for witness server --
CREATE ENDPOINT [EndPoint4DBMirroring1450]
STATE=STARTED
AS TCP (LISTENER_PORT = 1450, LISTENER_IP = ALL)
FOR DATA_MIRRORING (ROLE = WITNESS, AUTHENTICATION = WINDOWS NEGOTIATE
, ENCRYPTION = REQUIRED ALGORITHM RC4)
Granting Permissions
It is possible to have an AUTHORIZATION [login] statement in the CREATE ENDPOINT
command that establishes the permissions for a login account to the
endpoint being defined. However, separating this out into a GRANT greatly stresses the point of allowing this connection permission. From each SQL query connection, you run a GRANT to allow a specific login account to connect on the ENDPOINT for database mirroring. If you don’t have a specific login account to use, default it to [NT AUTHORITY\SYSTEM].
First, from the principal server instance (SQL08DE01), you run the following GRANT (substituting [DBARCHLT\Paul Bertucci] with your specific login account to be used by database mirroring):
GRANT CONNECT ON ENDPOINT::EndPoint4DBMirroring1430 TO [DBARCHLT\Paul Bertucci];
Then, from the mirror server instance (SQL08DE02), you run the following GRANT:
GRANT CONNECT ON ENDPOINT:: EndPoint4DBMirroring1440 TO [DBARCHLT\Paul Bertucci];
Then, from the witness server instance (SQL08DE03), you run the following GRANT:
GRANT CONNECT ON ENDPOINT:: EndPoint4DBMirroring1450 TO [DBARCHLT\Paul Bertucci];
