0

On a windows laptop, when I open Sql Server Management Studio (SSMS) (or any other application like Visual Studio or mstsc [RDP]) as run as a different user , a pop-up appears asking for credentials of the new user.

In my case, I'm trying to open the application using a domain account that is not readily accessible (this is important) to the laptop -- where I'm performing this run as a different user operation.

Goal is to connect to a database in Amazon Web Services (AWS), using SSMS installed on my local laptop. The network connection to AWS is managed through Putty tunnel (intermediary server that performs LocalForward to the destination AWS server).

Question is -- how do I bypass the initial pop-up screen that asks for my credentials?

The problem is, even if I provide the correct credentials in this pop-up, it says incorrect credentials. As it could not reach the AWS Active Directory (AD) to validate my credentials correctly.

The actual connection to the database server on AWS is attempted through localhost,1234, which is rerouted to the destination AWS server through the intermediary server. This set up is achieved within Putty tunnel configuration successfully for RDP connections.

Once I open the application, I could connect to the database server using localhost,1234 as localhost at port 1234 is rerouted to AWS intermediary server that redirects all connections to the database server let's say DB-Server:1433. Using Windows account authentication I can provide my credentials for AWS domain (not local laptop domain in our office)

Since the AWS AD is not available when the first open the application (as run as a different user), it cannot authenticate the credentials I provide and it fails to even open the application "as a different user".

How do I solve this problem?

Thanks, Toc

ToC
  • 161
  • 1
  • 6
  • You cannot the UAC prompt in question is part of the Windows NT kernel. You could provide the username and password, but that would still fail authentication, based on your description. – Ramhound Nov 19 '20 at 23:10
  • As @Ramhound states, you're trying to connect using credentials on the network. "I'm trying to open the application using a domain account that is not readily accessible." – DrMoishe Pippik Nov 19 '20 at 23:54
  • What's the actual problem you are trying to solve? It looks like you can connect to the database "_Using Windows account authentication I can provide my credentials for AWS domain_" So what is the problem? What are you trying to achieve with "run as"? – Andrew Savinykh Nov 20 '20 at 00:47
  • @AndrewSavinykh -- my latop is part of our work domain, but our AWS database servers are part of a different domain. So, for me to connect to AWS database server, using windows authentication -- I need "run as a different user" option. – ToC Nov 20 '20 at 15:46
  • @Ramhound -- thank you for the comment. That's the problem. If I can get past the pop-up and get to the actual application (SSMS or VS), then I could provide the correct remote domain credentials to login. I tried with `cmd` `runas /netonly` -- still it asks for credentials. – ToC Nov 20 '20 at 15:49
  • @DrMoishePippik -- yep, so how do I get past the pop-up. Please see previous comment with `cmd` that I tried – ToC Nov 20 '20 at 15:50
  • Another idea. If I try ‘Sql Server Authentication’ based login rather than Windows based authentication -- it might work; That could get me past this hurdle. I'll give it a spin. – ToC Nov 20 '20 at 15:53
  • @ToC - You can easily make a user from Domain B trust a user from Domain A. Provided you are an Administrator of both domains and that’s something that has been determined to be appropriate – Ramhound Nov 20 '20 at 16:06
  • @Ramhound -- good idea, but that's not an option in our environment. In Azure that's an easier option, but not with AWS – ToC Nov 20 '20 at 16:37
  • Sql Authentication worked !! It took some convincing to allow Sql Authentication in our environment, as Windows Authentication was the only allowed option until now. – ToC Dec 03 '20 at 16:41

1 Answers1

0

Based on @Ramhound response, I started looking for non-windows based authentication ideas and turns out, Sql Authentication works for this situation.

ToC
  • 161
  • 1
  • 6