AWS Lightsail Windows SQL Server Unable to connect via static IP - sql-server

I created a new windows server + sql server in aws lightsail. I cant seem to connect remotely via ip address. I almost do everything but to no avail.
I tried the ff:
allow remote connection & windows/sql auth via connection properties
allow all tcp/udp ports (for testing)
enable tcp/ip sql config
add static ip address in tcp/ip sql config
disable firewall
Any help is very much appreciated.

Apparently when managing vps, some configurations such as networking are done via the providers interface, in my case its in AWS console. This means that the firewall rule for port 1433 which is used by SQL Server should be configured in the AWS site. There is a networking tab wherein you can add a custom rule to TCP 1433. Also don't forget to set the Server Properties Server Authentication to both windows and sql authentication (Right click the connection > Properties > Security) and then restart sql server service.

There are two version of Lightsail
Window + MS SQL
Window
When we talk about managing port of MSSQL from Networking tab this will work only when AWS setup MSSQL for you.
if you have just took window and then installed MS SQL from your side you need to do following setting:-
Server Server Configuration Manager, enabled TCP/IP from Networking section
and also open in detail and put port 1433 and remove dynamic ports
Create inbound Firewall in window.
Then it will work.

Related

Accessing SQL server residing on AWS through application on local machine

I have SQL server 208 R2 hosted on AWS. Can I access that SQL server through my web application on local machine without VPN?
What connection string we need to give in web.config. So I no need to have SQL server on my local machine.
I can run and test my application without having SQL server on my local machine.
If your SQL Server is publicly accessible, then you can simply connect directly to it. It's a bad practice to expose database servers directly to the internet, however, so don't do this.
If your SQL Server is not publicly accessible, then you can connect to it via an SSH tunnel. You would launch a publicly-accessible EC2 instance, restrict its security groups to allowing SSH from your local IP address, and then use SSH on your local machine to port-forward to the SQL Server via the SSH tunnel. You can then connect your database client to the local port on your machine and that will be forwarded to the SQL server via the SSH tunnel. Here's an example.
The SQL Server will also have to allow inbound connections from your EC2 instance.
Assuming it's the default SQL Server instance listening on port 443, and your EC2 instance has a public IP address, you could do the following:
Enable access to your EC2 instance through port 443 from your local machine public IP.
Configure Windows firewall to allow access through port 443
Ensure TCP/IP protocol is enabled for your SQL Server Instance
Use data source=<the public ip address of your E2 instance> in the connection string.
To enable access to your EC2 instance through port 443 from your local machine public IP do the following:
Go to AWS mangement console.
Go to EC2 Service.
Click on Running Instances
Click on your EC2 instance running SQL Server
Click on one of the security groups listed on the Description tab.
Click on the Inbound tab.
Click on the Edit button
Click on Add Rule button
Select Custom TCP rule on the Type dropdown list.
Enter 443 on Port Range.
Select My IP on Source dropdown list.
Enter "SQL Server from My local IP" on Description text box.
Your public IP address might change over time, so you might need to update the source when this happens.
To configure Windows firewall to allow access through port 443 open an RDP session to your EC2 instance and use Windows Firewall with Advanced Security tool and add the the rule.
To ensure TCP/IP protocol is enabled for your SQL Server Instance do the following:
Open an Remote Desktop session to your EC2 instance.
Open SQL Server Configuration Manager.
Expand SQL Server Network Configuration
Click on Protocols for
Enable TCP/IP protocol if not enabled.
Hope it helps

How to make a sql instance public from an EC2 VM?

I've got a brand new EC2 VM in AWS and installed SQL Server on it. I've then imported a database and now want to make that data externally accessible.
Can anyone guide me as to what I need to do?
Dont worry this isn't anything sensitive, its just test content at the moment.
Thus far I've turned off the Windows Firewall to ensure that wasn't blocking it, ensured TCP/IP is enabled in SQL but when I try and connect to it from an asp.net application for example (either locally or from an asp.net app running on a different ec2 instance), it just times out connecting (using the public DNS or the private IP adddress of the VM).
What are the steps that I realistically need to do to make this SQL instance available outside of the VM?
Every time you add services to your EC2 instance you need to make sure to allow inbound connections to the needed ports in the security group attached to your instance.
Did you open the port 1433 to allow inbound connections to Microsoft SQL Server?
Here are some basic steps to troubleshooting SQL Server Connectivity:
Is SQL Server running, and on TCP/IP
From the client can you PING
From the client can you TELNET 1433
Can you clarify the network setup, is it like this:
VM > VM HOST > CLIENT on LAN
VM > VM HOST > CLIENT on Internet
Try those troubleshooting steps at each stage.

Use SQL Server Management Studio to connect remotely to an SQL Server Express instance hosted on an Azure Virtual Machine

Initial Attempt
I have an Azure VM with Windows Server 2012, on which I just installed SQL Server 2012 Express Database Engine component. Then, I followed the instructions here to connect remotely with SQL Server Management Studio.
Create a TCP endpoint for the virtual machine
Open TCP ports in the Windows firewall
Configure SQL Server to listen on the TCP protocol
Configure SQL Server for mixed mode authentication
Create SQL Server authentication logins
Determine the DNS name of the virtual machine
Connect to the Database Engine from another computer
After step seven I received the following error:
A network related or instance-specific error occurred while
establishing a connection to SQL Server. The server was not found or
was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: Named
Pipes Provider, error: 40 - Could not open a connection to SQL Server)
(Microsoft SQL Server, Error: 53)
What else do I need to configure before connecting remotely?
Troubleshooting
I have been following the troubleshooting instructions here. Each blockquote below is a step described that that link.
Confirm the instance of the SQL Server Database Engine is installed
and running.
Done. We installed SQL Server Express, and it is running as a named instance called SQLEXPRESS.
If you are attempting to connect to a named instance, make sure the
SQL Server Browser service is running.
Done. We followed the steps here to turn on the SQL Server Browser service.
Get the IP Address of the computer.
Done. We will use these later for testing connectivity and maybe for setting up a static port for SQLEXPRESS.
10.241.62.155
fe80::45c:8c29:e19f:f78b%15
Get the TCP port number used by SQL Server.
Done. The SQL Server Management Studio server logs showed that the server was listening on port 49169.
Enable Protocols
Done. We had already enabled TCP/IP in the configuration manager, but we restarted the SQL Server Service just in case.
Testing TCP/IP Connectivity
Done. We used tcping.exe to test connectivity (cmd ping doesn't work quickly with Azure.) We were able to connect to port 80.
tcping.exe buddha.cloudapp.net > successful
tcping.exe buddha.cloudapp.net 80 > successful
Testing a Local Connection
Done. We used sqlcmd.exe from the command prompt and were able to connect locally via TCP with a username and password.
sqlcmd -S Buddha\SQLEXPRESS (success via shared memory protocol)
sqlcmd -S tcp:Buddha\SQLEXPRESS (success via TCP)
sqlcmd -S tcp:Buddha\SQLEXPRESS -U sa -P (success via TCP with username)
sqlcmd -S tcp:10.241.62.155\SQLEXPRESS -U sa -P (success with internal IP)
Opening a Port in the Firewall
We opened the port on which we SQLEXPRESS listens. The server logs (above) showed that SQLEXPRESS was listening on port 49169, but this is just one of many dynamic ports, and we wanted to set up the static port 1435.
Use WF.msc to create an inbound TCP rule for port 1435.
Use Azure Management Portal to create a TCP endpoint for port 1435.
The troubleshooting instructions also say:
If you are connecting to a named instance or a port other than TCP
port 1433, you must also open the UDP port 1434 for the SQL Server
Browser service.
Since we are connecting SQLEXPRESS (a named instance), we needed to open port 1434 for UDP.
Use WF.msc to create an inbound UCP rule for port 1434.
Use Azure Management Portal to create a UDP endpoint for port 1434
Further research about connecting to named instances revealed dynamic port issues. The reason why we are using port 1435 (static) instead of port 49169 (one of many effective options.)
Instances of SQL Server Express, SQL Server Compact, and named
instances of the Database Engine use dynamic ports. To configure these
instances to use a specific port, see Configure a Server to Listen on
a Specific TCP Port (SQL Server Configuration Manager). and
here.
Done. We went to SQL Configuration Manager > SQL Server Network Configuration > Protocols for SQLEXPRESS > TCP/IP, we did the following.
Protocol Tab > Listen All > NO.
IP Addresses Tab > for each listed address
Enabled > Yes
TCP Dynamic Ports > Blank (delete the zero)
TCP Port > 1435 (or your choice)
After restarting the SQLEXPRESS service, we again looked in the SQL Server Management Studio logs, and found that the Server is Listening on port 1435!!! Hooray!
Testing the Connection
Done. We opened SQL Server Management Studio on our local (non-Azure) computer and connected.
buddha.cloudapp.net,1435 OR buddha.cloudapp.net\SQLEXPRESS
sa
password
Success.
Here are the three web pages on which we found the answer. The most difficult part was setting up static ports for SQLEXPRESS.
Provisioning a SQL Server Virtual Machine on Windows Azure. These initial instructions provided 25% of the answer.
How to Troubleshoot Connecting to the SQL Server Database Engine. Reading this carefully provided another 50% of the answer.
How to configure SQL server to listen on different ports on different IP addresses?. This enabled setting up static ports for named instances (eg SQLEXPRESS.) It took us the final 25% of the way to the answer.
The fact that you're getting an error from the Names Pipes Provider tells us that you're not using the TCP/IP protocol when you're trying to establish the connection. Try adding the "tcp" prefix and specifying the port number:
tcp:name.cloudapp.net,1433
I too struggled with something similar. My guess is your actual problem is connecting to a SQL Express instance running on a different machine. The steps to do this can be summarized as follows:
Ensure SQL Express is configured for SQL Authentication as well as Windows Authentication (the default). You do this via SQL Server Management Studio (SSMS) Server Properties/Security
In SSMS create a new login called "sqlUser", say, with a suitable password, "sql", say. Ensure this new login is set for SQL Authentication, not Windows Authentication. SSMS Server Security/Logins/Properties/General. Also ensure "Enforce password policy" is unchecked
Under Properties/Server Roles ensure this new user has the "sysadmin" role
In SQL Server Configuration Manager SSCM (search for SQLServerManagerxx.msc file in Windows\SysWOW64 if you can't find SSCM) under SQL Server Network Configuration/Protocols for SQLExpress make sure TCP/IP is enabled. You can disable Named Pipes if you want
Right-click protocol TCP/IP and on the IPAddresses tab, ensure every one of the IP addresses is set to Enabled Yes, and TCP Port 1433 (this is the default port for SQL Server)
In Windows Firewall (WF.msc) create two new Inbound Rules - one for SQL Server and another for SQL Browser Service. For SQL Server you need to open TCP Port 1433 (if you are using the default port for SQL Server) and very importantly for the SQL Browser Service you need to open UDP Port 1434. Name these two rules suitably in your firewall
Stop and restart the SQL Server Service using either SSCM or the Services.msc snap-in
In the Services.msc snap-in make sure SQL Browser Service Startup Type is Automatic and then start this service
At this point you should be able to connect remotely, using SQL Authentication, user "sqlUser" password "sql" to the SQL Express instance configured as above. A final tip and easy way to check this out is to create an empty text file with the .UDL extension, say "Test.UDL" on your desktop. Double-clicking to edit this file invokes the Microsoft Data Link Properties dialog with which you can quickly test your remote SQL connection

Firewall Port 1433 not opening

I am using MS Server 2008 with MSSQL 2008-R2 as database server.
Each time for some work i have to login to server via Remote connection.I tried to configure
the SQL Server remote connection on, followed the following steps....
1.Created Inbound and outbound rules for tcp port 1433.
2.In sqlserver configuration manager ,all is set for IP address and POrt no properties.
3.Set the SqlServer instance for remote connections.
But still its not working.
Also when i checked port 1433 for tcp on local computer it is shown closed.
thanks in advance.......
Probably port 1433 is disabled, so enable it using MS WIndows firewall.
or just use
netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT
Probably MS SQL Server Browser Service is not running. So go to Services and start it.
or just execute under Run menu
%windir%\system32\services.msc
Probably TCP/IP channel is disabled under SQL Server 2008/2014 Configuration Manager. SO go there and enable all TCP/IP options.
Just in case at the same place (SQL Server 2008/2014 Configuration Manager) make sure you have 1433 port.
Make sure that SQL server is configured to allow remote connections. Use MS SQL Management Studio and right click on the top node which server itself.
In the SQL Server Configuration Manager->SQL Server Network Configuration->Protocols, check that named pipes and tcp/ip are enabled.
If that doesn't work then it may be your firewall blocking it, try this link: http://msdn.microsoft.com/en-us/library/cc646023.aspx
This may be useful too:
http://support.microsoft.com/kb/287932
If named pipes and TCP/IP access are already enabled in SQL Server Configuration Manager, then you need to either add a rule for UDP port 1434, or a rule for sqlbrowser.exe so that the SSMS client can talk to the SQL Server Browser service.
I actually see people having this problem surprisingly often so I wrote up an explanation here: http://blog.dereenigne.com/microsoft-sql-server-dynamic-ports-windows-firewall-and-you/
If you're trying to connect to an SQL Server Express instance as is my case right now... it doesn't use port 1433 by default. One must check the IpAll => TCP Dynamic Ports in Sql Server Configuration Manager. Mine is 52848.
After entering the correct port 52848 in DbSchema app (the one I'm trying to use), it connected successfully.
Check the following screenshot:
This is the way to go:
The default SQL Server express installation does not enable TCP
network protocols, so here are some steps to take to be able to
communicate with SQL Server Express. These steps should be similar for
MS SQL Server Express 2017, 2016, 2014, 2012, 2008, and 2005.
Launch the SQL Server Configuration Manager. It should be in the Start -> Programs -> Microsoft SQL Server 2005 -> Configuration Tools start menu option.
Select the SQL Server 2005 Network Configuration tab. There should be a Protocols for SQLExpress option, and one of the protocols should be TCP IP.
Enable the TCP IP protocol if it is not enabled.
The default port for SQL Express may not be 1433. To find the port it is listening on, right-click on the TCP IP protocol and scroll all the way down to the IP All heading. There should be a section called TCP Dynamic Ports. This should list the port SQL Express is listening on. You can then put this value into the port field when adding the connection profile via RazorSQL.
Make sure to restart SQL Express before trying to connect.
Text kindly reproduced from:
https://razorsql.com/docs/support_sqlserver_express.html
I had multiple NICs in my server. When I went to SQL Server Network Configuration -> TCP/IP and right clicked for properties there was a list of the NICs and at the bottom was the open port for my SQLEXPRESS. It was not 1433..... I do not know if there is a default but mine was in the 49,000 s.

Access SQL Server on Azure VM via SQL Server Management Studio on my local Machine

I'm sure this is out there somewhere but I can't find it and my brain hurts.
I have a VM on Azure. It has SQL Server running on it. I can access it locally on the VM no problem but I would like to manage it from my dev computer via SQL Server Management Studio.
Is this possible and what creds would I use? the VM Login?
Thanks,
R
You need to complete all of the following to achieve what you want:
Add a TCP endpoint for that VM on port 1433 - public & private (you can change the public port if you will).
Configure the SQL Server Instance to listen to TCP.
Enable the incomping TCP port 1433 in the local FireWall rules of the VM.
Enable mixed mode authentication on the SQL Server
Make sure your ISP does not block outgoing port 1433 (a common practice for most of ISVs since 2003' SQL Slammer) - this is overridable with custom Public port for your TCP endpoint.
Than you will be able to connect to the SQL Server in the Azure VM using your local SSMS.
Faced this issue with Azure VM, I can't connect to SQL server.
Completed all steps described in answer above but didn't get success..
It started to work when I set specific port for TCP/IP protocol.
So open SQL Server Configuration Manager, find TCP/IP protocol for your instance, open Properties and set port to 1433 in IPAll section.
I had the same problem, what I should change was:
click on the VM in AzurePortal --> SQL Server configuration --> Change SQL Connectivity to public
then it works for me!
Instead of SSMS you can also use Powershell to check connectivity with SQL server on Azure VM. The detailed powershell script is at the following link -
http://sanganakauthority.blogspot.in/2014/02/connecting-to-sql-server-virtual.html
This saves you from the installation of SSMS on the machine from which you wih to connect to SQL server virtual machine.

Resources