0

2 Windows Server 2012 VM's on MS Azure and access is via RDP over Azure Point to Site VPN using a client certificate.

I can connect to the VM's fine but I need to connect to SQL Server 2008 R2 which is running on the VM. Connecting now gives me a "cannot generate SSPI context" which I assume is down to my current windows logon not been part of the domain.

I am not able to change the VPN setup to use Username / Password as it always reverts back to certificate.

How can I connect to my instance of SQL ? Can I somehow add the client cert to the sql login ?

Any help would be great.

henda79
  • 151
  • 2

1 Answers1

0

It seems like this isn't possible with the Azure P2S VPN. As a workaround, install the Routing and Remote access to one of the VM's with NAT and the user can login using the credentials supplied to the VPN.

But if someone knows different...

henda79
  • 151
  • 2
  • You can set-up Point-to-Site VPN w/ cert auth: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal but to use certificate-based authentication for SQL you would need to leverage Azure Active Directory and join the SQL instance to a specific tenant: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure – Mike Ubezzi Aug 27 '19 at 01:40
  • Thanks Mike. The SQL Instance in on a VM and not Azure SQL, can it still be joined ? – henda79 Aug 28 '19 at 09:56
  • Yes, SQL Server on an Azure VM is a better solution with VPN than is using Azure SQL Database. – Mike Ubezzi Sep 06 '19 at 16:54