My question is regarding the following scenario:
-
I have a scheduled agent that runs on Server A.
-
The agent accesses databases on Server A and Server B.
-
The signer’s ID has been created on Server B and is allowed to access both server A (via cross-certificate) and Server B.
-
Server A and Server B are in different domains and don’t know each other. There is a connection document in Server A’s NAB, pointing to Server B.
If I run the agent manually (logged-in with the signer’s id), it works fine.
If I set the agent to be scheduled on Server A, the agent is not allowed to access Server B because the server is unable to authenticate the user.
From my understanding, a scheduled agent should run with the signer’s ID. In this scenario, it looks like that the agent is running with the ID of Server A. Even specifying the signer in the “Run on behalf of” field doesn’t help.
Is there any way to allow a server-scheduled agent to access a different server if only the signer, but not the scheduling server is allowed to access the remote machine?
Thanks a lot in advance.