Access self-installed instance of SQL Server from Azure Virtual Machine - sql-server

I have created the virtual machine on Azure and installed a free version of the SQL Server database. I have created a new login in the SQL Server to access the database. I also added the inbound rule to enable TCP port on the Azure portal of the virtual machine.
Now I am trying to access the SQL Server instance from my local computer over IP but it's not connecting. Is there anything I am missing? I am getting this error:

Use Configuration Manager to enable TCP/IP connections and listen on port 1433.
Add a Windows Firewall rule allowing inbound traffic on port 1433.
Configure the VM's Network Security Group to allow inbound traffic on port 1433.

Related

SQL Server Remote Connection enable for specified IP Address

I have a Windows Server 2016. In this server I have a SQL Server 2016 installed.
I must configure the sql server to allow remote connections because there are some databeses which synchronise with our local databases.
I do this by openning the SQL Server Configuration Manager, selecting SQL Server Network Configuration and enabling the TCP/IP protocol.
But, this causes a security gap.
I realised that the SQL Log File C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Log is constantly increaising the size.
By analysing the log file, I realised that there are some IP addresses tries to connect constantly with a wrong password (15 times per minute).
As I need to keep open the TCP/IP protocol, I tried to add an inbound firewall rule to the firewall but it doesn't change anything.
First, I tried to disable the TCP/IP and authorise connections from a defined IP. It didn't work.
Then, I tried to enable TCP/IP and block the port 1433 for any IP but it doesn't block. I can connect from a local pc.
Briefly, if I enable the TCP/IP, the remote connection is enabled to any IP. If I disable the TCP/IP, the remote connection is disabled to any IP. It doesn't consider the firewall rule.
Is there a way to enable the remote connection for a specific IP Address ?
Here is what I do to block the 1433 port (But I am allways able to connect via SSMS from a local computer ( which is in another domain ) :
I faced recently the same issue and fixed it by setting customised rule in windows Firewall:
1) Enable TCPIP, otherwise no connection will be possible
2) then you should use the windows firewall as follows:
first Block the port 1433 for any inbound connection
then add a customised rule to port 1433 for which you authorise connections from only specific Ip address, you can follow the steps explained in this link
Here is a screenshot of the firewall setting I have
Here is a screenshot of the port blocking setting I have

Initial Azure VM setup won't allow any port connections (NSG port allowed VM firewall off)

I've created a new Azure VM and tried opening 1433 for a remote database connection (I understand long term this shouldn't be a public port).
I've created a rule in my NSG to open port 1433, and entirely disabled windows firewall, and I still cannot get through port 1433.
If I go in and disassociate the NSG, then I can connect just fine, so it's not the server that's blocking, it's happening at the NSG level
This is a fresh install of Windows 2012 R2 Datacenter.
Here's my NSG
Inbound security rules image
Here's my VM Networking details
Networking VM Rules
Check if SQL-Server service accept remote connections and if it's listening on 1433 port. Specify a source IP address for the rule (is absolutely not recommended to open a port to all). Do a port scan to the specific ip.

Cannot connect to Azure VM with SQL Server

I cannot get my Azure VM with SQL Server to connect from anything other than the local machine. This is a Windows VM where I downloaded and installed SQL Server manually. I am at a loss.
If I RDP to the machine and connect to SQL Server it succeeds. If I attempt to hit it from any other box on my Virtual Network it will not connect. I can ping the box and the name resolves to the proper IP address. Test-NetConnection shows that I cannot connect on port 1433, but I can connect on other ports like 3389.
Here is all I've tried/confirmed thus far.
TCP/IP is enabled in configuration manager and set to listen on port 1433. Remote access is enabled in configurations.
I added a port 1433 Windows firewall rule for all 3 profiles.
I turned off the Windows firewall for all 3 profiles.
Confirmed both machines are definitely on the same virtual network.
The default NSG rule is in place for any port/protocol on the same Virtual Network.
I added an explicit NSG rule for the source IP of another machine to any port/protocol.
I modified the rule that allowed me to RDP to the box from my personal IP to include 1433 in addition to 3389. Test-NetConnection succeeds on 3389 and fails on 1433.
None of these made a difference.
I created a new VM where the machine came pre-installed with SQL Server. It connects just fine from any other machine on the VirtualNetwork without making any changes to any firewall or NSG rules.
What am I missing?
Is SQL listening on the internal address and an allowed connection IP? http://www.mohamedmostafa.co.uk/blog/2009/10/10/setup-configure-microsoft-sql-server-to-allow-remote-connection-remote-sql-management-studio-access/
Sound like your MSSQL is setup with a dynamic port in the tcp/ip protocol. Check the TCP/IP protocol and if the port is blank, set it to the desired port (1433) and set NSG to allow communication on this port.

Accessing SQL server residing on AWS through application on local machine

I have SQL server 208 R2 hosted on AWS. Can I access that SQL server through my web application on local machine without VPN?
What connection string we need to give in web.config. So I no need to have SQL server on my local machine.
I can run and test my application without having SQL server on my local machine.
If your SQL Server is publicly accessible, then you can simply connect directly to it. It's a bad practice to expose database servers directly to the internet, however, so don't do this.
If your SQL Server is not publicly accessible, then you can connect to it via an SSH tunnel. You would launch a publicly-accessible EC2 instance, restrict its security groups to allowing SSH from your local IP address, and then use SSH on your local machine to port-forward to the SQL Server via the SSH tunnel. You can then connect your database client to the local port on your machine and that will be forwarded to the SQL server via the SSH tunnel. Here's an example.
The SQL Server will also have to allow inbound connections from your EC2 instance.
Assuming it's the default SQL Server instance listening on port 443, and your EC2 instance has a public IP address, you could do the following:
Enable access to your EC2 instance through port 443 from your local machine public IP.
Configure Windows firewall to allow access through port 443
Ensure TCP/IP protocol is enabled for your SQL Server Instance
Use data source=<the public ip address of your E2 instance> in the connection string.
To enable access to your EC2 instance through port 443 from your local machine public IP do the following:
Go to AWS mangement console.
Go to EC2 Service.
Click on Running Instances
Click on your EC2 instance running SQL Server
Click on one of the security groups listed on the Description tab.
Click on the Inbound tab.
Click on the Edit button
Click on Add Rule button
Select Custom TCP rule on the Type dropdown list.
Enter 443 on Port Range.
Select My IP on Source dropdown list.
Enter "SQL Server from My local IP" on Description text box.
Your public IP address might change over time, so you might need to update the source when this happens.
To configure Windows firewall to allow access through port 443 open an RDP session to your EC2 instance and use Windows Firewall with Advanced Security tool and add the the rule.
To ensure TCP/IP protocol is enabled for your SQL Server Instance do the following:
Open an Remote Desktop session to your EC2 instance.
Open SQL Server Configuration Manager.
Expand SQL Server Network Configuration
Click on Protocols for
Enable TCP/IP protocol if not enabled.
Hope it helps

Azure Inbound security rules not working for fix Source port

I am trying to connect SQL Server from local machine.
Following inbound security rule is not working with the fix source port. But it works with * for source port.
What is wrong with this setup?
In SQL, 1433 is the port on the server, not necessarily the port on the client. Depending on the client being used, you may have any random high order port in use to make the SQL connection. Only use 1433 as the source if you know that the app/client you are using uses 1433 only.
Azure SQL Server firewall prevents all access to your database server until you specify which machine or computer have permission to access your database externally, by Allowing IP Address to your Azure SQL SERVER. The firewall grants access based on the originating IP address of your each request.

Resources