We have Azure SQL database (PAS) and planning to disable public deny access,so that we can't access the database from out side the virtual network. In order to access the database we created jumpserver (linux machine).
Currently we are executing the sql queries from Linux Jumphost, howerver Dev team wanted to access the database using DBeaver tool (onpremise env), so I am trying to enable SSH Tunnelling between Onpremise env and Azure database (Through Jump Server)
So i used following command to for port forwarding
ssh -A -L 8000:test.database.windows.net:1433 -i jumpprivatekey jumpuser#publicIp
Then opened DBeaver tool and provided SQL credentials . I am getting following exeception
The TCP/IP connection to the host 127.0.0.1, port 43753 has failed. Error: 'The driver received an unexpected pre-login response. Verify the connection properties and check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. This driver can be used only with SQL Server 2005 or later.'. ClientConnectionId:8147d2a0-a0d7-42e0-a4d2-948a4c1338bb
Can you please let me know is it possbile to Tunnel the Azure SQL database from onpremise environemnt without any point to site VPN. Or what is the best approach to accessing the Azure SQL database
Related
I have an asp net core web app and SQL Server database hosted in Plesk via a hosting company.
I have deployed a copy of the web app to an Azure Linux App Service. It uses the Plesk hosted SQL Server database. When i use the Azure App Service I get a connection error when accessing the Plesk hosted database.
SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server)
If I use the Plesk hosted web app it connects to sql server correctly as expected. If I then immediately use the Azure Linux web app it manages to get a SQL connection! In all cases the connection string is identical. Its like it needs waking up!
How can this be the case. I am at a loss as to why this is happens. Any ideas folks?
Properly, you need to add the outbound IP addresses in Azure App Service into the firewall of SQL Server which your SQL Server database existed.
edit
You could check the following aspects on your side refer to this.
Make sure SQL Server Service is running
If a named instance, make sure SQL Server browser service is running
Make sure SQL Server is configured to allow remote connections
Examine the SQL Server error log for messages confirming that SQL is listening on the expected network interfaces and ports
Test server connectivity with PING from the client machine
Test port connectivity using TELNET or PowerShell to the server and port (from step 4) from the client machine. For example a. TELNET
1433 b. PowerShell: 1433 | % { echo ((new-object
Net.Sockets.TcpClient).Connect("YourServerName",$)) "server listening
on TCP port $" }
Check firewall settings if step 5 or 6 connectivity test fails
For more information:
Troubleshoot connecting to the SQL Server Database Engine
Networking Related Commands for Azure App Services
I have a local installed SQL Server 2016 (Developer edition) installation on Windows 10 Pro. There is one named instance. I am a developer using MS SQL Management Studio and JetBrains DataGrip.
I just want my connections within my local machine to work with SQL Server over TCPIP using a SQL Server user account..! At the moment this only works using my Windows Authentication mapped to ServerAdmin
Named instance
RAXLENOVOT560\MSSQL2016MAIN
(authentication is mixed mode)
There are 3 issues that maybe linked:
TCP Port number does not appear to take effect within the Sql Server Configuration Manager.
The Sql Server Configuration Manager only shows limited properties on the Client Protocols/TCPIP settings. (please see screen shots)
Sql Server login user account does not connect via TCP due to an error. Login within local machine, local development from DataGrip to SQL Server.
1. TCP Port number
I have set this to 65321. However when I try and connect using this port no connection is made.
When I checked using the following SQL query I see the port number is actually 65514
SELECT DISTINCT
local_tcp_port
FROM sys.dm_exec_connections
WHERE local_tcp_port IS NOT NULL
results
local_tcp_port
--------------
65514
I change the port number in the config tool, restart ALL SQL Server services, reboot and still nothing works. Still listening on port 65514
Note I did not choose 65514, this seems to be a default from SQL Server.
2. The Sql Server Configuration Manager Properties Missing
Note the properties screen is limited only to a few options, there are usually lots more why is is? Perhaps due to running on Windows 10 Pro vs Windows Server?
3. Connection Login failure
Login from the local machine only.
I have opened the firewall for all the relevant SQL Server ports
TCP 1433
TCP 65514 (the forced sql server port)
TCP 65123 (what I would like to use)
UDP 1434 Sql Server Browser
I attempted login via a number of means
Sql Server Management Studio
Udl File
Java connection via DataGrip
Since opening the firewall, all the connections work but only if the hostname is 127.0.0.1, why can't I use the computer name? The connections also work if I use my Windows Login but NOT a SQL Server login
The login fails due to the error shown below from the SQL Server Log (which proves the TCPIP connection is reaching SQL Server).
Login-based server access validation failed with an infrastructure error. Login lacks connect endpoint permission
Date 24/04/2018 11:25:05
Log SQL Server (Current - 24/04/2018 11:20:00)
Source Logon
Message
Login failed for user 'SvrDeveloper'. Reason: Login-based server access validation failed with an infrastructure error. Login lacks connect endpoint permission. [CLIENT: 127.0.0.1]
The Sql Server User has the following permissions and settings (please see screenshot)
Name = SvrDeveloper
Server Roles = public
Securables = RAXLENOVOT560\MSSQL2016MAIN Type=Server
Securables = TSQL Default TCP Type=EndPoint
Connections
Udl Connection
[oledb]
; Everything after this line is an OLE DB initstring
Provider=SQLNCLI11.1;Integrated Security=SSPI;Persist Security Info=True;User ID="SvrAdmin";Password="Password123";Initial Catalog="";Data Source=TCP:127.0.01\MSSQL2016MAIN,65514;Network Library=DBMSSOCN;Initial File Name="";Server SPN=""
Java connection:
jdbc:sqlserver://127.0.0.1:65514;databaseName=CcTools;user=SvrDeveloper; password=Password123
Some additional information:
Version
i moved my website on a server, it have installed web application and SQL server instance (this site is only for private network), if i try to access sql instance from SSMS it connect without problem, but when i try to access data from my website or SSMS installed on another pc connected to the same network it's says me that instance name is not correct or firewall block sql server ports. Sql connection string is correct, both SQL Server and SQL Browser services are active, named pipes and TCP are enabled, and i've added rules to firewall to allow connection from port 1433 and 1434(this one is for UDP) but i've the same problem, any help?
Initial Attempt
I have an Azure VM with Windows Server 2012, on which I just installed SQL Server 2012 Express Database Engine component. Then, I followed the instructions here to connect remotely with SQL Server Management Studio.
Create a TCP endpoint for the virtual machine
Open TCP ports in the Windows firewall
Configure SQL Server to listen on the TCP protocol
Configure SQL Server for mixed mode authentication
Create SQL Server authentication logins
Determine the DNS name of the virtual machine
Connect to the Database Engine from another computer
After step seven I received the following error:
A network related or instance-specific error occurred while
establishing a connection to SQL Server. The server was not found or
was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: Named
Pipes Provider, error: 40 - Could not open a connection to SQL Server)
(Microsoft SQL Server, Error: 53)
What else do I need to configure before connecting remotely?
Troubleshooting
I have been following the troubleshooting instructions here. Each blockquote below is a step described that that link.
Confirm the instance of the SQL Server Database Engine is installed
and running.
Done. We installed SQL Server Express, and it is running as a named instance called SQLEXPRESS.
If you are attempting to connect to a named instance, make sure the
SQL Server Browser service is running.
Done. We followed the steps here to turn on the SQL Server Browser service.
Get the IP Address of the computer.
Done. We will use these later for testing connectivity and maybe for setting up a static port for SQLEXPRESS.
10.241.62.155
fe80::45c:8c29:e19f:f78b%15
Get the TCP port number used by SQL Server.
Done. The SQL Server Management Studio server logs showed that the server was listening on port 49169.
Enable Protocols
Done. We had already enabled TCP/IP in the configuration manager, but we restarted the SQL Server Service just in case.
Testing TCP/IP Connectivity
Done. We used tcping.exe to test connectivity (cmd ping doesn't work quickly with Azure.) We were able to connect to port 80.
tcping.exe buddha.cloudapp.net > successful
tcping.exe buddha.cloudapp.net 80 > successful
Testing a Local Connection
Done. We used sqlcmd.exe from the command prompt and were able to connect locally via TCP with a username and password.
sqlcmd -S Buddha\SQLEXPRESS (success via shared memory protocol)
sqlcmd -S tcp:Buddha\SQLEXPRESS (success via TCP)
sqlcmd -S tcp:Buddha\SQLEXPRESS -U sa -P (success via TCP with username)
sqlcmd -S tcp:10.241.62.155\SQLEXPRESS -U sa -P (success with internal IP)
Opening a Port in the Firewall
We opened the port on which we SQLEXPRESS listens. The server logs (above) showed that SQLEXPRESS was listening on port 49169, but this is just one of many dynamic ports, and we wanted to set up the static port 1435.
Use WF.msc to create an inbound TCP rule for port 1435.
Use Azure Management Portal to create a TCP endpoint for port 1435.
The troubleshooting instructions also say:
If you are connecting to a named instance or a port other than TCP
port 1433, you must also open the UDP port 1434 for the SQL Server
Browser service.
Since we are connecting SQLEXPRESS (a named instance), we needed to open port 1434 for UDP.
Use WF.msc to create an inbound UCP rule for port 1434.
Use Azure Management Portal to create a UDP endpoint for port 1434
Further research about connecting to named instances revealed dynamic port issues. The reason why we are using port 1435 (static) instead of port 49169 (one of many effective options.)
Instances of SQL Server Express, SQL Server Compact, and named
instances of the Database Engine use dynamic ports. To configure these
instances to use a specific port, see Configure a Server to Listen on
a Specific TCP Port (SQL Server Configuration Manager). and
here.
Done. We went to SQL Configuration Manager > SQL Server Network Configuration > Protocols for SQLEXPRESS > TCP/IP, we did the following.
Protocol Tab > Listen All > NO.
IP Addresses Tab > for each listed address
Enabled > Yes
TCP Dynamic Ports > Blank (delete the zero)
TCP Port > 1435 (or your choice)
After restarting the SQLEXPRESS service, we again looked in the SQL Server Management Studio logs, and found that the Server is Listening on port 1435!!! Hooray!
Testing the Connection
Done. We opened SQL Server Management Studio on our local (non-Azure) computer and connected.
buddha.cloudapp.net,1435 OR buddha.cloudapp.net\SQLEXPRESS
sa
password
Success.
Here are the three web pages on which we found the answer. The most difficult part was setting up static ports for SQLEXPRESS.
Provisioning a SQL Server Virtual Machine on Windows Azure. These initial instructions provided 25% of the answer.
How to Troubleshoot Connecting to the SQL Server Database Engine. Reading this carefully provided another 50% of the answer.
How to configure SQL server to listen on different ports on different IP addresses?. This enabled setting up static ports for named instances (eg SQLEXPRESS.) It took us the final 25% of the way to the answer.
The fact that you're getting an error from the Names Pipes Provider tells us that you're not using the TCP/IP protocol when you're trying to establish the connection. Try adding the "tcp" prefix and specifying the port number:
tcp:name.cloudapp.net,1433
I too struggled with something similar. My guess is your actual problem is connecting to a SQL Express instance running on a different machine. The steps to do this can be summarized as follows:
Ensure SQL Express is configured for SQL Authentication as well as Windows Authentication (the default). You do this via SQL Server Management Studio (SSMS) Server Properties/Security
In SSMS create a new login called "sqlUser", say, with a suitable password, "sql", say. Ensure this new login is set for SQL Authentication, not Windows Authentication. SSMS Server Security/Logins/Properties/General. Also ensure "Enforce password policy" is unchecked
Under Properties/Server Roles ensure this new user has the "sysadmin" role
In SQL Server Configuration Manager SSCM (search for SQLServerManagerxx.msc file in Windows\SysWOW64 if you can't find SSCM) under SQL Server Network Configuration/Protocols for SQLExpress make sure TCP/IP is enabled. You can disable Named Pipes if you want
Right-click protocol TCP/IP and on the IPAddresses tab, ensure every one of the IP addresses is set to Enabled Yes, and TCP Port 1433 (this is the default port for SQL Server)
In Windows Firewall (WF.msc) create two new Inbound Rules - one for SQL Server and another for SQL Browser Service. For SQL Server you need to open TCP Port 1433 (if you are using the default port for SQL Server) and very importantly for the SQL Browser Service you need to open UDP Port 1434. Name these two rules suitably in your firewall
Stop and restart the SQL Server Service using either SSCM or the Services.msc snap-in
In the Services.msc snap-in make sure SQL Browser Service Startup Type is Automatic and then start this service
At this point you should be able to connect remotely, using SQL Authentication, user "sqlUser" password "sql" to the SQL Express instance configured as above. A final tip and easy way to check this out is to create an empty text file with the .UDL extension, say "Test.UDL" on your desktop. Double-clicking to edit this file invokes the Microsoft Data Link Properties dialog with which you can quickly test your remote SQL connection
I am trying to connect to MS SQL Server hosted on a network. Windows authentication and SQL Server mode is enabled (both). I cannot connect
[DBNETLIB]SQL Server does not exist or access denied.
[DBNETLIB]ConnectionOpen (Connect()).
Can anybody suggest how to provide the server name when there exists a domain and please be explicit with slashes if any.
Assuming your client is on the same network and all of the DNS records are working correctly (try pinging the server to see if it's available).
You could try connecting using the IP address
If you are trying to connect to a named instance use server\instance
Check that you are not being blocked by the Windows Firewall on either your machine or the server (at the very least port 1433 will need to be open for a default SQL instance)
make sure you enabled the following in Configuration Manager :
SQL Server Network Configuration
- Protocols
--- TCP/IP - Enabled
SQL Server Network Configuration (32bit and 64bit)
- TCP/IP - Enabled
- Name Pipes - Enabled
and make sure SQL Server Instance is logged on as a domain account for you to be able to execute network backup.
try opening sql thru SSMS if named instance use IP/name of instance
else just the IP
and log in as "sa"