First of all this does not contain my answer.
I want to find which firewall rule allows specific port 1433
In my server, Plesk has been installed and "MS SQL over TCP protocol" firewall rule is disabled. Somehow I can connect to the SQL Server from remote connection. There is one firewall rule allows 1433 TCP Connection but which one? Is there any command to find which firewall rule allows 1433.
Source
Run as administrator
cls
Get-NetFirewallPortFilter | Where-Object { $_.LocalPort -Eq "1433" } | Get-NetFirewallRule |
Format-Table -Autosize -Property DisplayName,
#{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},
#{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}},
#{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}},
#{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}},
Enabled, Profile, Direction, Action
Easiest way to figure this out is through netevents.
Start command line as administrator.
Run netsh wfp cap start keywords=19
Let the traffic flow through port 1433
Run netsh wfp cap stop
Open Wfpdiag.xml in Wfpdaig.cab generated by above step.
Search for all NetEvents with <localPort>1433</localPort> and get filterId from <classifyAllow>
Search for the filterId and the <displayData> should tell you which rule allowed the packet.
Related
There is a issue with xrdp that is not able to paste a password https://github.com/neutrinolabs/xrdp/issues/816 so I gave my ubuntu hyper-v image a fixed ip so I can connect using regular remote desktop so the password can saved and passed in. But when I try to connect to my ubuntu hyper-v image already running xrdp, I am not able to. Connection denied. I log in using the Hyper-V manager to go check if it is listening on port 3389.
netstat -an | grep "LISTEN " | grep ":3389"
The above returns nothing.
It turns out that Hyper-V Quick start overrides the port to use a vsock which makes it work with Hyper-V Manager but it is not compatible with regular RDP.
/etc/xrdp/xrdp.ini
port=3389
; 'port' above should be connected to with vsock instead of tcp
use_vsock=true
Save a checkpoint on the HyperV manager just in case you lose connectivity. Change the above from true to false, save then restart VM. (I tried just restaring the xrdp agen sudo /etc/init.d/xrdp restart but this left me with a black screen on the new session so I had to restart anyway)
The downside to this is that you will no longer be able to connect from the Hyper-V manager. The upside is that you will not have to type in your password every time.
How can I check whether port 1433 is open for Sql Server or not? I have set in bound and out bound rules, checked in SQL config manager but not sure whether it is working.
If TELNET is installed, you could use TELNET 1433 to verify port connectivity. Otherwise, the PowerShell command below can do the job using a .NET TcpClient:
$server="yourserver"; $port=1433; echo ((new-object Net.Sockets.TcpClient).Connect($server,$port)) "$server is listening on TCP port $port";
Newer versions of PowerShell include a Test-NetConnection cmdlet (alias tnc) to facilitate testing ICMP and port connectivity. Example invocations from a Windows command prompt:
powershell -Command "Test-NetConnection -ComputerName 'yourserver' -Port 1433"
powershell -Command "tnc -ComputerName 'yourserver' -Port 1433"
powershell -Command "tnc 'yourserver' -Port 1433"
If the server is using TCP/IP, then the simple way is to just telnet to the SQL Server port and see if it connects. By default, that's port 1433, so this should work:
telnet servername 1433
That will probably be appropriate in most cases.
If it's using a different port, or dynamic ports (common with a named instance), then you'll need to determine which port it's currently listening on. Check SQL Server configuration manager to see if it's a specific port, or dynamic ports. If it's using dynamic ports, then as long as you don't have multiple instances on the server, netstat -abnis probably the simplest way to find what it's using. Otherwise, dig through the Windows event log or the SQL Server error log for a message indicating which port is in use by the instance.
If SQL Server is using Named Pipes, then I believe if you're able to access shares on the machine, you have adequate network connectivity. This article says you can go further and try connecting to the IPC$ share:
net use \\servername\IPC$
That's written for SQL Server 2000, but I don't imagine this aspect has changed much, if at all.
You probaly want it open, since You are asking. The single most time-saving image I have found for this is here:
This is an inferred answer to the question, somewhat meta, but in my opinion the one that counts.
You could install Netstat or alternatively use the command prompt
netstat -abn
to see the ports in use.
You could also use this method from rackspace to remotely connect to your server.
In our enterprise I don't have access to MSSQL Server, so I can'r access the system tables.
What works for me is:
capture the network traffic Wireshark (run as Administrator, select Network Interface),while opening connection to server.
Find the ip address with ping
filter with ip.dst == x.x.x.x
The port is shown in the column info in the format src.port -> dst.port
If you have elevated rights to SQL but not the OS, you can query the log.
If you don't have access to the OS but can run queries, perhaps try:
USE master
GO
xp_readerrorlog 0, 1, N'Server is listening on'
GO
If you don't have elevated rights to SQL, from the client-side windows machine with an active connection, you could run a netstat command and see on which ports you are connected to the target. Filter on IP address of the host.
netstat -an | find "10.1.10.xxx"
You'll see that I have connections to the host on 3389 and 1433. Maybe this helps narrow it down.
I am not able to connect to a remote SQL Server.
I have done the following:
Enable TCP/IP protocol
turned Off the firewall
Start SQL Server Browser service.
But I'm still not able to connect to the server
Server Name:--ip\SQLSERVER
User--UserName
Pwd--PWd
I would do the following checks.
Enable TCP/IP protocol
Turn off the firewall on the server (don't know whether you turned off your client firewall or server firewall here)
Remote server is up and running
Remote server SQL server services are started and running
a) SQL Server agent
b) SQL Server (SQLSERVER)
Client machine is able to ping remote server (This is not mandatory. If ping is not working still it is possible to access server. If ping is working then one less thing to worry)
Finally post your error message if you get any, that will help us understand more clearly what could be wrong.
If you haven't already, try the following:
In Management Studio, right-click your server, and click Properties
Go to the Connections page and make sure Allow remote connections to this server is checked
Click on the Security page and, under Server authentication make sure that SQL Server and Windows Authentication mode is selected.
Also, make sure that both the server and client are using the same IP version (IPv4 or IPv6)
Did you check if your user has the right to connect to the server?
Look at the output of:
select host, user from mysql.user;
it should look like this:
+--------------+------------------+
| host | user |
+--------------+------------------+
| % | MyUserName |
| 12.12.12.123 | MyUserName |
| localhost | debian-sys-maint |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+--------------+------------------+
Let's look at the first 2 rows, the "%" under host means that you can connect from any IP.
The second row specifies the host (Just pick one of those options).
Hopefully, that helped.
i have set up a Microsoft SQL Server 2008 R2 Express on my home computer. My home computer has Windows 7 and is behind a router. I configured it i think ok, because i can connect to him from work through management studio. Means - i opened all necessary ports, i configured SQL to accept connections on TCP. I have also on my router set up DynDNS and i connect through my DNS name and it works.
I use also Microsoft PortQueryUI [ http://www.microsoft.com/download/en/details.aspx?id=24009 ] to test if the server is visible and from my work computer and it is visible. My PortQueryUI output at work is ok (attached bloew) but people from other networks cannot connect to my server.They have in the test to port 1434 UDP (big bold) an error code 0x00000002 where i have it correct - 0x00000000.
What is the reason, is there something that needs to be done on their computers? Maybe their network is blocking something?
My PortQueryUI output from work:
=============================================
Starting portqry.exe -n myhome.dyndns.net -e 1434 -p UDP ...
Querying target system called:
myhome.dyndns.net
Attempting to resolve name to IP address...
Name resolved to 83.xxx.xxx.xxx
querying...
UDP port 1434 (ms-sql-m service): LISTENING or FILTERED
Sending SQL Server query to UDP port 1434...
Server's response:
ServerName ROBERT-KOMPUTER
InstanceName SQL2008R2
IsClustered No
Version 10.50.1600.1
tcp 1433
np \\ROBERT-KOMPUTER\pipe\MSSQL$SQL2008R2\sql\query
==== End of SQL Server query response ====
UDP port 1434 is LISTENING
portqry.exe -n myhome.dyndns.net -e 1434 -p UDP exits with return code 0x00000000.
=============================================
Starting portqry.exe -n myhome.dyndns.net -e 1433 -p TCP ...
Querying target system called:
myhome.dyndns.net
Attempting to resolve name to IP address...
Name resolved to 83.xxx.xxx.xxx
querying...
TCP port 1433 (ms-sql-s service): LISTENING
portqry.exe -n myhome.dyndns.net -e 1433 -p TCP exits with return code 0x00000000.
Make sure port 1433 is open on your firewall where SQL is, you should probably put some sort of IP range/scope on that too for security.
You need to set your database to Accept Remote Connections in the DB properties.
You need to setup a username and password and give it access to the database so your remote connection recognizes it.
Here's an example of allowing the connection:
http://blogs.msdn.com/b/walzenbach/archive/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008.aspx
Here's an example of connecting:
http://www.youtube.com/watch?v=hT9p_FPt720
I had the same problem but I had already setup open ports on 1433 on the firewall. The solution for me was simple on SQL 2012:
Goto "Sql Server Connection Manager"
Drop down SQL server network configuration
Protocols for MSSQLSERVER > Right click TCIP/IP
on every "TCP Port" entered 1433 or whatever port you wish
done
I have a non-default named instance. So I`ve had to enable and start the SQL Server Browser service on services.msc
Make sure to check Microsoft's troubleshooting below:
https://learn.microsoft.com/en-us/archive/blogs/sql_protocols/steps-to-troubleshoot-sql-connectivity-issues