I have a remote customer machine that will not connect with either Remote Desktop or Radmin/Remote Administrator v3.5.2.1
The machine is a fresh build of Win10 Pro 20H2 on a Xeon.
It responds to PING, and DIR \\Computer\C$ and file copies to the same.
I can PSEXEC to the machine, run CMD.EXE /k without problem.
I do not yet have access to gpedit.msc but I doubt there is a GPO on a fresh standalone build.
The machine is a WORKGROUP member.
This is the logfile from a powershell script I wrote to audit the machine.
Info Windows Version 10.0.19042.0
Type Client operating system
Edition Windows 10 Pro
Product Windows(R) Operating System, OEM_DM channel
Status License Status = 1
Action Checking connected networks
Info Connected adapter ETHERNET 2
Action Checking firewall profiles
Info Domain is Disabled
Info Private is Disabled
Info Public is Disabled
Action Checking registry settings
Info fDenyTSConnections = 0 RDP is enabled
Info RDGClientTransport is not present
Info RDP Network Level Authentication is Disabled
Info SMB1 protocol is Enabled
Action Checking RDP services
Info Remote Desktop Services is Running
Info RDP UserMode Port Redirector is Running
Info DCOM Server Process Launcher is Running
Info RPC Endpoint Mapper is Running
Info Remote Procedure Call (RPC) is Running
Action Checking listening ports
Info RDP port 3389 is PID=5432 in process 'svchost'
Info RDP port 3389 state is Listening
Action Checking Trusted Hosts
Info Trusted Hosts value is '*'
There were two separate problems working here.
#1 - Win10 host does not like the Server 2003 5.x RDP client.
Version 6.0 is the last client for Server 2003, and this is acceptable to Win10.
RDP now connects to Win10 using the v6 client.
#2 - Xfinity has a security nanny operating by default.
When they determine a threat exists, they block all incoming traffic.
So far, their automated process refuses to unblock traffic, or disable the nanny.
Related
I had setup a WSL2 Ubuntu. Now I am running a local SQL Server instance on the 1401 port using Docker.
Container port:
0.0.0.0:1401->1433/tcp
I would like to connect this instance from SSMS but I am getting following error:
Server name: localhost, 1401
Error:
Cannot connect to localhost,1401.
A network-related or instance-specific error occurred while
establishing a connection to SQL Server.
The server was not found or was not accessible. Verify that the
instance name is correct and that SQL Server is configured to allow
remote connections.
(provider: TCP Provider, error: 0 - The wait operation timed out.)
(Microsoft SQL Server, Error: 258)
[Solution]
I am able to connect it via the WSL2 IP. I run "hostname -I" command in WSL2 and use the same IP in SSMS. And, I am able to make a connection
First question -- Is there a VPN running/connected in Windows? If so, ignore the rest of this and suspect that first. Make sure the VPN is not running, stop Docker, issue a wsl --shutdown, restart and try again.
Assuming that's not the problem ...
Normally, WSL2 provides a feature known as "localhost forwarding" which allows services/apps on Windows to communicate with the virtualized WSL2 IP using localhost. It essentially takes any localhost traffic that isn't directed to a port bound under Windows and forwards it to the Hyper-V virtual network for WSL2.
All WSL2 instances (including the Docker instance) share the same WSL2 network interface as they are all running in the same virtual machine/kernel.
So you seem to be doing the right thing in attempting to connect to localhost from SSMS.
But ... sometimes that localhost forwarding breaks. There are two common (related) scenarios that can cause this (and perhaps others):
Hibernation of the Windows host
Having Windows Fast Startup enabled in Power Manager
First check to make sure you can access 1401 from within WSL2:
nc -zv localhost 1401
^^^ assumes netcat is installed, which it is by default in the WSL2 Ubuntu distribution. For other distributions, install it or check connectivity via other methods.
If that doesn't succeed, then I'd suspect some configuration issue in SQL Server.
If that does succeed, then run the same test from the Windows host in PowerShell:
Test-NetConnection -ComputerName "localhost" -Port 1401
If that doesn't succeed, then I'd suspect a localhost forwarding issue.
Side note: I'm assuming you are running Docker Desktop, but if you are just running Docker Engine in a WSL2 instance, that's no problem. Just ignore the Docker Desktop instructions below.
First, check if you have a /etc/wsl.conf in any of your running WSL2 instances that mention disabling localhostForwarding. I'm assuming no, since that is not the default. However, if you happen to, make sure you set these to true.
Stop all WSL2 services, instances, shells, apps, etc. (including Docker Desktop)
From PowerShell:
wsl --shutdown
Then restart Docker Desktop and/or your container and try again
If localhost doesn’t work, try use [::1] in the server name. In WSL2, port 1433 is using IP/TCPv6, SSMS some times is not able to resolve localhost to loopback IP [::1].
Source: https://jayfuconsulting.wordpress.com/2020/11/14/sql-server-2019-docker-wsl-2/
One last thing which you could try is to modify the windows host file. I almost tried all the steps mentioned over different link, but all goes in vain. Then I opened the host file which could be accessed using
C:\Windows\System32\Drivers\Etc
Open the host file and uncomment(remove # sign) from the localhost name resolution section
The gist of the issue is that I am trying to connect to a MSSQL Express Docker container, living on a RHEL 7 server from my local Windows 10 machine using Microsoft SQL Server Management Studio. It is successfully connecting to the RHEL 7 server IP address and port (1433), using the username/password that was created for the container. However, it is throwing out an error that, after countless hours scouring Google, people have referenced back to needing to enable TCP/IP. This is easy in the Windows GUI. Not so much in a Linux environment.
The error message from SSMS:
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 0 - The specified network name is no longer available.) (Microsoft SQL Server, Error: 64) -> The specified network name is no longer available
I know how to do this in the Windows environment:
Run SQL Server Configuration Manager
Expand SQL Server Network Configuration
Select Properties for Protocols for MSSQLSERVER
Enable TCP/IP
I have also figured out how to use mssql-conf to modify various attributes in mssql.conf, which is where this change will take place. The issue is that I want to enable TCP/IP, but I am not seeing that option under the /opt/mssql/bin/mssql-conf list | more.
Any suggestions?
For reference, these are the parameters you can use with mssql-conf (the equivalent of SQL Server Configuration Manager on Linux).
control.alternatewritethrough Enable optimized write through flush for O_DSYN
C requests
control.hestacksize Host extension stack size in KB
control.stoponguestprocessfault Stops the process if any guest process reports
unhandled exception
control.writethrough Use O_DSYNC for file flag write through request
s
coredump.captureminiandfull Capture both mini and full core dumps
coredump.coredumptype Core dump type to capture: mini, miniplus, filt
ered, full
distributedtransaction.allowonlysecurerpccalls Configure secure only rpc calls for distributed
transactions
distributedtransaction.fallbacktounsecurerpcifnecessary Configure security only rpc calls for distribut
ed transactions
distributedtransaction.maxlogsize DTC log file size in MB. Default is 64MB
distributedtransaction.memorybuffersize Circular buffer size in which traces are stored
. This size is in MB and default is 10MB
distributedtransaction.servertcpport MSDTC rpc server port
distributedtransaction.trace_cm Traces in the connection manager
distributedtransaction.trace_contact Traces the contact pool and contacts
distributedtransaction.trace_gateway Traces Gateway source
distributedtransaction.trace_log Log tracing
distributedtransaction.trace_misc Traces that cannot be categorized into the othe
r categories
distributedtransaction.trace_proxy Traces that are generated in the MSDTC proxy
distributedtransaction.trace_svc Traces service and .exe file startup
distributedtransaction.trace_trace The trace infrastructure itself
distributedtransaction.trace_util Traces utility routines that are called from mu
ltiple locations
distributedtransaction.trace_xa XA Transaction Manager (XATM) tracing source
distributedtransaction.tracefilepath Folder in which trace files should be stored
distributedtransaction.turnoffrpcsecurity Enable or disable RPC security for distributed
transactions
filelocation.defaultbackupdir Default directory for backup files
filelocation.defaultdatadir Default directory for data files
filelocation.defaultdumpdir Default directory for crash dump files
filelocation.defaultlogdir Default directory for log files
filelocation.errorlogfile Error log file location
filelocation.masterdatafile Master database data file location
filelocation.masterlogfile Master database log file location
hadr.hadrenabled Allow SQL Server to use availability groups for
high availability and disaster recovery
language.lcid Locale identifier for SQL Server to use (e.g. 1
033 for US - English)
memory.memorylimitmb SQL Server memory limit (megabytes)
network.disablesssd Disable querying SSSD for AD account informatio
n and default to LDAP calls
network.enablekdcfromkrb5conf Enable looking up KDC information from krb5.con
f
network.forceencryption Force encryption of incoming client connections
network.forcesecureldap Force using LDAPS to contact domain controller
network.ipaddress IP address for incoming connections
network.kerberoskeytabfile Kerberos keytab file location
network.privilegedadaccount Privileged AD user to use for AD authentication
network.rpcport TCP port for Rpc endpoint mapper
network.tcpport TCP port for incoming connections
network.tlscert Path to certificate file for encrypting incomin
g client connections
network.tlsciphers TLS ciphers allowed for encrypted incoming clie
nt connections
network.tlskey Path to private key file for encrypting incomin
g client connections
network.tlsprotocols TLS protocol versions allowed for encrypted inc
oming client connections
sqlagent.databasemailprofile SQL Agent Database Mail profile name
sqlagent.enabled Enable or disable SQLAgent
sqlagent.errorlogfile SQL Agent log file path
sqlagent.errorlogginglevel SQL Agent logging level bitmask - 1=Errors, 2=W
arnings, 4=Info
telemetry.customerfeedback Telemetry status
telemetry.userrequestedlocalauditdirectory Directory for telemetry local audit cache
Also for reference, this is the only thing in the mssql.conf file. If something is there be default, I have no way of knowing it, because all I have to go off of is what's listed in this file:
[sqlagent] enabled = true
I am trying to setup SQL Server DACPAC project deploying to SQL Server on a VM through Visual Studio Team Services Continuous Integration scripts.
Here is my build definition
For server name I entered public IP of the VM, for Admin Login I entered Admin Account user name on that VM,
Then I got the following error in build
[error]Microsoft.PowerShell.Commands.WriteErrorException: Deployment
on one or more machines failed.
System.Management.Automation.Remoting.PSRemotingTransportException:
Connecting to remote server xx.xxx.xx.xx failed with the following
error message : WinRM cannot complete the operation. Verify that the
specified computer name is valid, that the computer is accessible over
the network, and that a firewall exception for the WinRM service is
enabled and allows access from this computer. By default, the WinRM
firewall exception for public profiles limits access to remote
computers within the same local subnet. For more information, see the
about_Remote_Troubleshooting Help topic.
Then I tried the following powershell commands on SQL VM
Enable-PSRemoting -Force
winrm quickconfig -transport:http
Second command hang up with the following message
Configure LocalAccountTokenFilterPolicy to grant administrative rights
remotely to local users.
Then I tried the following
Inbound ports
netstat -ant|findstr 5985
Firstly, you should ensure winrm service is listening.
netstat -ant|findstr 5985
By default, the port is listening on 5985. If the service is not listening, please execute
winrm quickconfig
Secondly, you should open port on VM Windows Firewall and Azure NSG(Inbound rules).
For test, you should ensure you could winrm your SQL VM on your local PC.
I want to connect my Windows 7 pc (Workgroup) to Server 2008R2 (domain) using hyper V.In server active directory is installed. I tried steps explained in http://community.spiceworks.com/how_to/show/30571-configuring-remote-administration-of-hyper-v-on-a-windows-7-pc .It didn't work for me.
EDIT
I am getting following error message when I tried to connect to server:
"Check that the Virtual Machine Management service is running and that you are authorized to connect to the server."
It is quite difficult to understand what is exactly your issue as you even don't mention any error messages which, I believe, you should get upon connection attempt. But generic answer will be following:
1. Disable firewall on machine you want to manage and ensure that you have network connectivity between management workstation and managed server.
2. After connectivity is confirmed run Hyper-V management console under account with appropriate rights on target server and try to connect to your server.
As for your spcecified error message and especially for scenarious when management workstation and Hyper-V server are not in the same domain or not in trusted domains (i.e. one or both of them in workgroup) this most likely requires extra configuration step on the management workstation: you should allow ANONYMUS LOGON to DCOM on the management workstation. This is required because WMI makes calls back from the server to the client. This is entirely expected (and is not Hyper-V specific). When a server is in a workgroup, the DCOM connection from the server back to the client is "anonymous".
To acomplish this do the following on the management workstation: Run (Win+R) > dcomconfig + Enter then in opened component services window expand the tree down through Component Services > Computers > My Computer, slect My Computer, right-click, choose properties and select the COM Security tab. Click Edit Limits in the Access Permissions area. Select “ANONYMOUS LOGON” from the list of users, and make sure Remote Access/Allow is checked in the permissions area.
You also should add user account you using to manage server into "Distributed COM Users" group on Hyper-V server.
For more detailed instructions with screen shots and overview of all prerequisites for Hyper-V remote management you may refer to the series of blog posts on Hyper-V remote management by John Howard: link to part 1 of this blog posts series.
I'm running a Windows 7 VM via Parallels on OSX. There's an instance of SQL Server running on that VM. I would very much like to be able to connect to that instance from my host (OSX). I want to be able to leverage my local RoR environment with SQLServer as a backend.
I can't get the VM to respond to any requests from my Mac and I haven't a clue where to begin the troubleshooting process.
Can anyone provide any insights or helpful resources?
TIA!
Bobby, if you want to connect from your mac osx to a sql server installed on a parallels vm you need to do 3 things:
1) Enable remote connections on your sql server.
Microsoft SQL Server 2005 -> Configuration Tools -> SQL Server Surface Area Configuration -> Surface Area Configuration for Services and Connections -> Database Engine -> Remote Connections -> Local and remote connections -> Enable TCP/IP -> Apply
2) Turn on the SQL Server Browser service (sql server express and dev edition turn this off by default)
Microsoft SQL Server 2005 -> Configuration Tools -> SQL Server Configuration Manager -> Start SQL Server Browser service
3) Configure the firewall to allow network traffic
You can configure it per program or I just opened a port in firewall exceptions (1433 by default for SQL Server 2005)
For instance my jTDS connection string looks like that:
jdbc:jtds:sqlserver://10.211.55.7:1433;DatabaseName=master
(where the host is your vm's ip of course)
Posting a new answer since I cannot comment, yet.
For me, in addition to the helpful advice from Pavel and Ed that is all required, I had to setup an additional adapter in Parallels on the Windows VM as a Host-only adapter. Then, I assigned that adapter a static IP in the VM and used that IP in my connection string.
More details are available here which helped me get my configuration working.
This is the most relevant section:
First, define another network adapter in Parallels. This network adapter will have a static IP and will only allow connections from the host, that is OS X. Parallels cannot be running for this part.
Choose Configure… in the Virtual Machine menu of Parallels
Choose the Hardware tab
Add a new network adapter to the list on the left
Choose Host-Only Networking from the Type dropdown and be sure Connected is checked
Make a note of the MAC Address
Press OK
Next, we need to set a static IP for the new network adapter.
Start Parallels and, in my case, Windows XP (other versions of Windows should be similar)
Go to Network Connections in the Control Panel
The new LAN connection will be in the list, if you are unsure as to which one is the new one (it should have the highest number) you can compare the MAC address by checking the status
Bring up the properties panel for the correct LAN connection and go to the Internet Protocol (TCP/IP) properties
Enter a static IP of 10.37.129.10 (which is in a range that Parallels reserves for Host-Only Networking) and set the subnet mask to 255.255.255.0. Leave the gateway blank.
Save the changes by pressing OK
You need to make sure remote connections are enabled in SQL server and open the relevant ports on the Windows firewall.
All the relevant steps are listed in this MSDN page (documentation for "Quadrant", but relvant to any installation).