SQL Server Hosted on Lightsail Unavailable remotely - sql-server

I have a SQL Server - Developer edition - hosted on an Ubuntu 20.04 Lightsail instance in AWS. I have a static IP configured, and I have my ports opened up on 1041 to allow traffic to the server. I am able to SSH into the server remotely, and I can see that the 1041 port is open - however, any time I try to connect to the server through SSMS, I'm unable to actually connect to it, with the error
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TC Provider, error: 0 - The wait operation timed out.) (Microsoft SQL Server, Error: 258)
I'm able to run commands using /opt/mssql-tools/bin/sqlcmd -S localhost,[myPort] -U [myUsr] -P [myPwd] -Q "[myQuery]", so I know the server is up and running, and responsive.
I've validated that the server is listening on the SQL Server port by calling netstat -tunlp, and seeing that the port is in the LISTEN state.
I've validated that I have no additional Firewall running, so the only thing that should be blocking is the Lightsail Networking. I decided to go for broke, and opened up the server to all TCP traffic - which still got me nowhere.
I've checked to see that remote connections are allowed (they are) - but I have a feeling this is where my issue lies. I read that the command to allow remote connections is EXEC sp_configure 'remote access', 1 ; - I ran this, and rebooted and still nothing. Then I found out that that command isn't necessarily related to allowing remote connections TO the server, and it instead allows remote connections FROM the server.
Is there any other options/tools that I'm missing that I can use to allow remote connections to the SQL Server?
Edit 1 - Updating ipaddress in config
On the advice of #AlwaysLearning, I updated my mssql.conf file to explicitly list 0.0.0.0 as the ipaddress of the sql server.
When I did this, I restarted the mssql server, and it now crashes constantly. I removed the 0.0.0.0 address, but it looks like that was able to force mssql to start up listening under 0.0.0.0?
However, it is still unable to connect remotely. I noticed that when I run tcpdump -nn -i any port 1041, I DO see connections to it, but I DON'T see my attempts from my external connection to it. It looks like I'm listening correctly now, but I don't actually get any traffic to the server?

Related

Can't reach docker-hosted SQL server from web app docker on same host

On the same virutal machine (remote, ubuntu), I have
An SQL Server running in a Docker
An .NET Core 2.2 (IdentityServer) application running in a docker
An instance of jwilder.nginx-proxy serving as a reverse-proxy for every web application on the machine
A multitude of other .NET Core apps
I am able to connect to all of my websites using both machine IP + port and domain name, which means the reverse proxy works as expected and the dockers are well-configured
I am able to connect to the SQL Server using SSMS from my local machine, which means that the SQL Server docker properly forwards the TCP connection on port 1433
The IdentityServer .NET Core 2 web application is able to connect to the SQL Server when run on my local machine.
The remote-docker IdentityServer application can't reach the SQL Server instance with the following error (shortened for clarity - removed stack trace)
System.Data.SqlClient.SqlException (0x80131904):
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
(provider: TCP Provider, error: 40 - Could not open a connection to SQL Server) at [...]
I know that the SQL server is running and reachable from the internet, and I know that the application's code is not at fault because I tested both.
So I deduced it had to be the IdentityServer docker that was blocking the connexion. So I tried:
Using the --expose 20 command on the IdentityServer docker
Opening mapping the port 20 inside the container to some port outside -p 45264:20 in addition to the already exposed port 80
I originally worked on using the port 1433 on both sides of the mapping but since it didn't work I tried using an other port on the outside (20). Didn't change anything
Here is the connexion string used by the IdentityServer (sensitive data hidden):
Data Source=***.***.***.***,20;Initial Catalog=Identity;Persist Security Info=True;User ID=**;Password=******************
Why can't my IdentityServer docker reach the SQL Server docker while the SQL Server itself is perfectly reachable? How can I make this setup work?
When wrapping SQL server into Docker, the first thing to anticipate is the way you connect. SQL Server prefers named pipes and you have to explicitly set mode to tcp.
If connection is done locally, don't use localhost, change it to 127.0.0.1. Also writing explicit tcp: prefix may help, like this: Server=tcp:x.y.z.q,1433
As I understood you run Sql Server and IdentityServer (which has connection problem) in separate docker containers.
If this is so then referring to localhost (i.e. 127.0.0.1) is not correct. Because in this case IdentityServer tries to connect to itself. This would work if the IdentityServer have run on the host machine, since you forward SQL server port to it. But in your case, you should connect to the SQL server container IP instead.
Considering all above I see three options for you to solve this:
You can get ip address of SQL Server container by running docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <sql_container_name_or_id>
Run SQL container with static IP via docker run --ip <static_ip_value> <sql_container_name_or_id> and then use static ip you have specified in connection string.
Run SQL container with specified host name via docker run --hostname <sql_host_name> <sql_container_name_or_id> and then use specified hostname in the connection string.
It is up to you which way to go.
Use tcp, 127.0.0.1 and host port to connect. Mention in the identity server docker settings that it depends on sql database server container. Like this,
identityservice:
...
depends_on:
- sqldataservice
This way the database container will be made available first.
"ConnectionString": "Server=tcp:127.0.0.1,8433;Database=dbname;User Id=sa;Password=abc#1234;"
I ended up giving up on getting this to work using a single host, so I simply decided to have the SQL Server run in a separate machine.

IIS can't connect to SQL Server using SQL Server authentication

I have a very strange problem that I have tried to figure out for some time now but unsuccessfully. At work I am using a laptop for development. We have our application run locally on each developer's laptop, but we all use the same dev database. So when I take my work laptop home and connect it to our vpn, my laptop's IIS connects to SQL Server and everything works just fine.
The problem is when I try to use my personal desktop for work I connect it to the same vpn I connect my laptop to run the same code that is on the laptop with the same connection strings, but IIS can't connect to SQL Server and I get this error:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
On both computers I am able to connect to SQL Server using SSMS with no problem. On both computers I can run Integration Tests that hit the database just fine (integration tests use the exact same connection string that the application is using), but if I try to run the application it can't connect. I have tried changing all sorts of settings in IIS but to no avail.
Thanks for your help in advance.
Make sure SQL Server Service is running
If a named instance, make sure SQL Server browser service is running
Make sure SQL Server is configured to allow remote connections
Examine the SQL Server error log for messages confirming that SQL is listening on the expected network interfaces and ports
Test server connectivity with PING from the client machine
Test port connectivity using TELNET or PowerShell to the server and port (from step 4) from the client machine. For example
a. TELNET 1433
b. PowerShell: 1433 | % { echo ((new-object Net.Sockets.TcpClient).Connect("YourServerName",$)) "server listening on TCP port $" }
Check firewall settings if step 5 or 6 connectivity test fails

Connect to SQL Server 2016 via Putty/SSH

I have an SSH tunnel established to my Server using Putty. I have set up two tunnels:
L3407 => 192.168.100.107:3389
L31433 => 192.168.100.107:1433
I can successfully RDP into the server using "localhost:3407". However, when I open SSMS and try using "localhost,31433" it won't connect. The error I get reads:
"A network-realted or instance-speciffic error occured while establishing a connection to SQL Server. The server was not found or was not accessible. Verify the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - The remote computer refused the network connection.) (Microsoft SQL Server, Error: 1225)"
I've verified that TCP/IP is turned on in SQL Server Configuration Manager, and the IP addresses are setup. I have checked the logs on the SQL Server, and I have:
- Server is listening on [127.0.0.1 <ipv4> 1434]
- Server is listening on [::1 <ipv6> 1434]
- Server is listening on ['any' <ipv4> 1433]
- Server is listening on ['any' <ipv6> 1433]
I can connect to SSMS on the server using the machine name (named pipes),(LOCAL), localhost, 192.168.100.107, or the public IP. And if I open a hole in the Firewall for port 1433, then I can connect locally using ":1433". (Of course I almost immediately start seeing hacking attempts, so it has to be turned right back off.)
Based on the error I would think that the server is blocking it somehow, but the local Firewall is off and the hardware Firewall logs no attempts for RDP or SSMS (as expected, since it is going through the tunnel).
I am lost on what else to try. Anyone have any ideas?

How does .NET Core on Linux determine what port a SQL Server instance listens on?

I have an ASP.NET Core 1.1 Web API which runs in a Docker container on Ubuntu and connects out to a SQL Server database (SQL Server 2012 SP3) on a Windows server. This works in 3 out of 4 of out environments, but in one environment it cannot connect to the SQL Server and I am trying to troubleshoot it.
The error is:
Unhandled Exception: System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 25 - Connection string is not valid)
The SQL Server has an instance name: SQLSERVER1\APPS. From the Linux server I can ping the server SQLSERVER1 and telnet to SQLSERVER1 1372 (1372 is the port for the APPS instance: so network connectivity is there.
The only space I can see for the problem to occur is how .NET Core translates the instance name to a port number. Does anyone know how this is done and whether it is configurable on the client machine?
Remote named instance listening port discovery relies SQL Server Browser Service and protocol. As you cannot leverage this for your Linux docker image, I suggest you connect by explicitly specifying the port and omitting the instance name: "server=tcp:SQLSERVER1,1372;database=...;...":
The name or network address of the instance of SQL Server to which to connect. The port number can be specified after the server name: server=tcp:servername, portnumber
BTW if you live the instance name it should make no difference whatsoever after you explicitly specify the port.
PS. After reading again the question, the issue is related but different cause. Normally the Linux container can discover the Windows SQL Server, as the Browser service is probably up and running (proof that 3 envs. it works). In the 4th environment it means something blocks the discovery. Either the Browser service is stopped, or the browser discovery protocol listening port is blocked in the FW (UDP 1433), or perhaps the UDP packet (or the response!) is lost somewhere between the container and the server. You can investigate and find the root cause, but, you can also just ignore the problem and work around the issue by... specifying the port explicitly, just as I showed.

SQL Server 2008 remote connection only works once

When I connect to the SQL Server 2008 remotely it only works once, after that the server hangs. The service cannot be stopped or restarted and when trying to connect again it gives a 'Timeout' error.
The server has TCP/IP connections enabled. The default port is set to 1433 and I cleared the 0 from the dynamic ports. I enabled the 127.0.0.1 IP and the public IP and set the 1433 IP to them. Named pipes and the other protocol (Shared Memory or something) are disabled.
I am connecting from the remote machine using the 'sa' user and a strong password. The server is set to accept both authentication modes.
Connecting for the first time from the remote machine works perfect. Queries work and data can be retrieved from the databases. After disconnecting and trying to connect again it gives a timeout error. This error is generated because the SQL Server is hanged somewhere.
At this point it is impossible to Stop or Restart the SQL Server service from the service machine. The only solution is to restart the computer. However, connecting to the server locally from SQL Management Studio still works.
I think it has something to do with going into an infinite loop somewhere, or it doesn't drop the connection on the 1433 port after disconnecting from the remote machine and it still waits for input from it.
have you ruled out anything at the network layer such as software or hardware firewalls, NAT'ing, proxies ect?
Are you running SQL Server as a default or named instance?
if you do a netstat while things are working & then when you get a time out, what do you see?
Try running network monitor or wireshark on the server to see if the request is getting through & if so is the server responding?
EDIT:
It's a bit of a concern that you can connect to the server on port 1433 when sql server isn't running you should be getting a connection refused (no firewall) or a timeout (with a firewall)
Run profiler on the server & audit logins/logouts you should be able to see the client connect? it may help you troubleshoot the issue?
Try a blunt instrument like re-installing the sql server connectivity driver eg. mdac, sql native on the client.

Resources