My organization had a security audit and was told that we need to DISABLE the "allow remote connection to this server" option for all of our SQL Servers. What impact would this have on connection to the SQL Server via Management Studio (SSMS) from a client machine/desktop or from a web app that might use a connection string or any other external app? All of the documentation I see regarding connectivity issues to a SQL Server seem to include "ENABLING" this option as a solution. Is there a workaround that will allow us to disable it but still allow the access we need from the target clients?
We have multiple versions that we would be doing this on 2012, 2014, 2016 and 2017.
The "allow remote connection to this server" option in SSMS (Server Properties-->Connections) is actually the remote access configuration option. This option is often mistaken for enabling remote network connectivity via SQL Server Configuration Manager, which might be what you've read.
The remote access option is a long deprecated feature that will be removed in a future SQL Server version. It will likely have no impact but your environment may be atypical so you may want to first test in a pre-prod environment before making the change in prod.
Below is the excerpt from the documentation.
The remote access option controls the execution of stored procedures
from local or remote servers on which instances of SQL Server are
running. This default value for this option is 1. This grants
permission to run local stored procedures from remote servers or
remote stored procedures from the local server. To prevent local
stored procedures from being run from a remote server or remote stored
procedures from being run on the local server, set the option to 0.
Related
When using SQL Server Management Studio I try to query a DB created with "Single user" restrictions.
I log in by using SQL Credentials and "sa" user and by running sp_who2 command I double check nobody is connected to the DB, nevertheless when executing a query on a DB table, the system replies:
Database 'MyDB' is already open and can only have one user at a time.
I'd like to understand why I am experiencing this issue.
Can anybody help on this?
When you set a db in "single user" mode you can only open a single connection to the database (more info here).
So when you open SSMS to navigate through database objects you open the only permitted connection. After this any other operation that requires a new connection to the db will fail, for example creating a new query window to write a query.
From MS Docs:
When you start an instance of SQL Server in single-user mode, SQL Server Management Studio can connect to SQL Server. Object Explorer in Management Studio might fail because it requires more than one connection for some operations. To manage SQL Server in single-user mode, execute Transact-SQL statements by connecting only through the Query Editor in Management Studio, or use the sqlcmd utility.
The same happens on premise if you have the SQL Server agent running.
Another advice from MS Docs (if you are running SQL Server on premise):
Stop the SQL Server Agent service before connecting to an instance of SQL Server in single-user mode; otherwise, the SQL Server Agent service uses the connection, thereby blocking it.
I don't seem to be able to connect to a locally installed SQL Server 2019 instance using DataGrip (2019.3).
No matter which auth I use (domain or SQL), I get the following error:
"The specified database user/password combination is rejected: [08S01] The server SQL19 is not configured to listen with TCP/IP"
URL I'm connecting to is jdbc:sqlserver://localhost\SQL19.
If instead of "SQL19" part I use SQL Server 2016 instance name, it works fine,
so I'm assuming I'm configuring the connection correctly, unless there's some tweaks I need for SQL 2019?
I can connect to a 2019 instance from SSMS and applications, it's available via TCP/IP etc.
Answering my own question with some details (#moscas answer is correct, but I feel details may still be useful for somebody).
TCP/IP seems to be disabled by default in SQL Server 2019, and SQL Configuration Manager turned out to be not easy to find: it doesn't show up when you do regular search in "Start" menu and it doesn't exist under SQL Server's folder in the menu (wtf, Microsoft?).
You need to go Computer Management (this does show up in search) -> Services and Application -> SQL Server Configuration Manager -> SQL Server Network Configuration, choose your instance and enable TCP/IP.
Datagrip starts to work then.
As far as I know, SSMS does not require TCP/IP, that's why it works. For DataGrip, you need to turn it on.
Perhaps this doc will help: https://www.jetbrains.com/help/datagrip/db-tutorial-connecting-to-ms-sql-server.html
In additional to enable TCP/IP in SQL Server Configuration Manager. I also had to enable the Sql Browser service under Sql Service Service.
I installed SQL Server 2005 Express on a remote machine and I can connect to that with machinename\sqlexpress locally.
But I can't connect to that engine remotely.
I did these steps, but the problem still exists:
Turned off firewall on both sides
Enabled tcpip protocol and set tcp port (IPALL) to 1433 and disabled 'Listen All' (because if TCP is enabled and 'Listen All' is enabled at the same time, SQL Server engine is going to stop and I have to disable Listen All in order to start engine)
server allow for remote connection box is checked
Ensured that SQL Browser is started
I use mix mode authentication
and also when I try to connect to engine I see packets in Wireshark with dst port=1434 that belong to the SQL Browser service.
At the end I can't connect to the SQL Server engine locally with this server name:
127.0.0.1\SQLEXPRESS
but
machinename\sqlexpress
or
.\sqlexpress
are OK.
Thank you for your attention
The point of the 2005 product was to be local. I remember, I was there.
#RossPresser provided a link in the comments that will "enable" remote access. In this case they are getting around the intention of the product and probably breaking the licensing agreement. They are also using tools that are not included in the 2005 Express package but in the enterprise products.
Microsoft has since changed their policy and now provides free products that include remote access and remote tools.
The OP should just use these newer products -- there is no need to use 2005 remotely and is probably a HUGE security risk to do so once you break/root the product to enable remote access.
Just use any Express product since 2005 -- it will work turn-key.
After I stoped and restarted again SQL Server, I cannot connect to SQL Server, this is error:
As recommended, I folowed the steps below:
Start the SQL Configuration Manager (ie: Start->Programs->SQL
Server->Configuration Tools)
Expand the SQL native Client
configuration Click Client Protocols (you may have a 32-bit and a
64-bit, apply to both)
Ensure Shared memory, TCP/IP, Named Pipes are
enabled in that order
Expand SQL Server Network Configuration
Ensure Shared Memory for either SQLEXPRESS and/or MSSQLSERVER is enabled
Click SQL Server Services
Restart any running services
But in the last step, I saw "SQL Server Services" but I dont know how to Restart any running services.
Click right on SQL Server Services but no helpful option here, help!!!
There may be few things that may be causing this problem may be RPC is not enabled on your system, As your error says ("The remote procedure call failed") or may be your firewall is not configured correctly.
So i suggest you to check few things like
1 Check if Remote Connections are enabled on your SQL Server database here .
2 If a firewall is turned on but not correctly configured, attempts to connect to SQL
Server might be blocked here.
--Hope it helps.
I am attempting to move msdb (SQL Server 2005) by using the instructions here:
http://support.microsoft.com/kb/224071
However, when I start SQL Server in single user mode, I have no way to access the database. I have tried starting sqlcmd from the console (and also for good measure tried starting ssms), but I'm unable to get into any tool to do my work because it says it is in single user mode and only one administrator can be logged in. In the services console I see no other SQL Server related processes running, so what is preventing me from getting in?
Thanks...
Some application is stealing the only connection available. See Starting SQL Server in Single-User Mode for a tip how to prevent that:
When you use the -m option with sqlcmd or Management Studio, you can
limit the connections to a specified client application. For example,
-m"sqlcmd" limits connections to a single connection and that
connection must identify itself as the sqlcmd client program. Use this
option when you are starting SQL Server in single-user mode and an
unknown client application is taking the only available connection. To
connect through the Query Editor in Management Studio, use
-m"Microsoft SQL Server Management Studio - Query".