From here:
When SQL Server clients request SQL Server resources, the client network library sends a UDP message to the server using port 1434. SQL Server Browser responds with the TCP/IP port or named pipe of the requested instance.
Apparently when UDL or SSMS used for connecting remotely to SQL Server instance name, the query for resolving the instance name's port number store's somewhere in client machine.
I tested this by two client machines. When the 1434 UDP port was open first machine could connect to SQL Server instance name. Then I closed the port and tried again with that machine. The first client still could connect without the port being open. Then I tried with second machine but it couldn't connect.
I just wondering how and where this caching takes place?
Client APIs like SqlClient use connection pooling by default to avoid the overhead of name resolution, physical network connection, and authentication every time a connection is opened. When the initial connection is closed, the connection is added to a connection pool where it can be reused the next time another connection with the same attributes is opened. The client API in that case simply retrieves and unused connection from the pool avoiding the significant overhead of establishing the physical connection.
With a named instance, connection pooling also avoids the need to query the SQL Server Browser service every time a connection is opened so this explains your observations. I suspect if you exit and re-launch the application after blocking UDP port 1434, the SQL connection for the named instance will fail due to the failed SQL Server Browser data gram query during the initial connection open.
Related
The installation on both Azure and Sql Server side is done exactly according to Microsoft specifications in
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections.
The endpoint host is the SQL Server machine name using fixed port 1433.
The SQL Server is a named instance of SQL Server Express in a Windows 2012 Server.
The connection is also shown as Connected both on Azure and Server HCM sides.
I have done several similar installations before without any problems in more open networks, but in this case the
SQL Server is installed on a "security network" and the only TCP/IP connection opened from the server is to
the Service Bus relay on port 443. But this should be possible according to the specs.
When my Azure Web App tries to open the SQL connection it responds with the error:
"Connection Timeout Expired. The timeout period elapsed while attempting to consume
the pre-login handshake acknowledgement. This could be because the pre-login handshake
failed or the server was unable to respond back in time. The duration spent while attempting
to connect to this server was - [Pre-Login] initialization=0; handshake=15028; "
In Azure diagnostics tool tcpping also works fine to machinename:1433.
What could be the reason for this behaviour?
Are there still some more ports to open or some other settings to change?
EDIT: The solution which finally solved this problem was a quite obvious one. The original settings had the firewall for the on Premise server open only for the Service Bus relay on port 443, just as the specs said would be enough. By opening port 443 for all outbound TCP/IP addresses the connection started immediately to work from my Azure Web App. So there are obviously more addresses used by Hybrid Connection, but I haven't found which ones.
I have an ASP.NET Core 1.1 Web API which runs in a Docker container on Ubuntu and connects out to a SQL Server database (SQL Server 2012 SP3) on a Windows server. This works in 3 out of 4 of out environments, but in one environment it cannot connect to the SQL Server and I am trying to troubleshoot it.
The error is:
Unhandled Exception: System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 25 - Connection string is not valid)
The SQL Server has an instance name: SQLSERVER1\APPS. From the Linux server I can ping the server SQLSERVER1 and telnet to SQLSERVER1 1372 (1372 is the port for the APPS instance: so network connectivity is there.
The only space I can see for the problem to occur is how .NET Core translates the instance name to a port number. Does anyone know how this is done and whether it is configurable on the client machine?
Remote named instance listening port discovery relies SQL Server Browser Service and protocol. As you cannot leverage this for your Linux docker image, I suggest you connect by explicitly specifying the port and omitting the instance name: "server=tcp:SQLSERVER1,1372;database=...;...":
The name or network address of the instance of SQL Server to which to connect. The port number can be specified after the server name: server=tcp:servername, portnumber
BTW if you live the instance name it should make no difference whatsoever after you explicitly specify the port.
PS. After reading again the question, the issue is related but different cause. Normally the Linux container can discover the Windows SQL Server, as the Browser service is probably up and running (proof that 3 envs. it works). In the 4th environment it means something blocks the discovery. Either the Browser service is stopped, or the browser discovery protocol listening port is blocked in the FW (UDP 1433), or perhaps the UDP packet (or the response!) is lost somewhere between the container and the server. You can investigate and find the root cause, but, you can also just ignore the problem and work around the issue by... specifying the port explicitly, just as I showed.
We have a client that connects to SQL Server using Windows authentication. They connect using the server name and port number (not 1433).
All our software installations thus far connect to SQL Server using SQL Server authentication, connecting with server name, user name and password.
I am trying to setup a test on my computer to see whether I can connect with our software using the setup used by this client, in other words Windows authentication, with server name and port number. The port number is what is new to me here.
The problem I am having is that I can connect successfully regardless of the port number of the SQL Server installation, and what I pass in as a port number from our software. So I am obviously doing something wrong, or misunderstanding how this works. Any help would be appreciated.
My first step was to open SQL Server Configuration Manager > Network configuration > Protocols for my instance > TCP/IP > Properties. I then opened the IP addresses tab, and changed the TCP port to 41000 (I sucked this number out my thumb) on all the IP1 - IPAll sections. The TCP dynamic port setting is blank for all these. I applied, saved and restarted the server.
In the DbExpress TSQLConnection connection parameters, I pass in:
TSQL1connection.Params.Add('OSAuthentication=True');
TSQL1connection.Params.Add('HostName='+SQL_server_name);
TSQL1connection.Params.Add('Port=123');
It doesn't seem to matter what I put in the port number, or whether I leave the port setting out altogether; I always manage to successfully connect.
I want to have it successfully connect only to the port number specified.
I am using SQL Server 2014 and Delphi XE8.
I don't know TSQLConnection, but I do know a bit about TCP/IP, and I suspect that the issue here is just a misunderstanding about ports. There are always two ports involved in a connection, in this case the server port and the client port. They are not the same. The 41000 is the server port in this case, and I assume that 123 is the client port. That is perfectly fine to establish a connection, and that is why it doesn't matter what port number you put in.
In terms of solving your problem, you need to reject the connection at the SQL Server end. The server will know the client port after the connection, but whether you can access that data and force a rejection, I am afraid I do not know.
Check out this pic of my SQL 2008 Management Configuration screen for TCP:
I need to know what port I am running on. Based on this previous post, I don't believe that it is 1433, which I guess is the default.
When I check my port number in SQL Config Mgr., it is blank. Does this suggest a default port? Note that I have multiple SQL Server instances on the db server. One 2000 instance and two 2008 instances. I want to know the port of the 2008b instance.
The first display is for TCP. I'm not sure what VIA is, but check it out:
Can you help?
Update
I restarted my sql2008b instance and checked the log to look for a msg that indicated the port that it was using. It showed this:
2010-05-22 20:06:29.27 Server A self-generated certificate was successfully loaded for encryption.
2010-05-22 20:06:29.27 Server Server local connection provider is ready to accept connection on [ \\.\pipe\SQLLocal\SQL2008B ].
2010-05-22 20:06:29.27 Server Server local connection provider is ready to accept connection on [ \\.\pipe\MSSQL$SQL2008B\sql\query ].
2010-05-22 20:06:29.32 Server Server is listening on [ 127.0.0.1 <ipv4> 5786].
2010-05-22 20:06:29.32 Server Dedicated admin connection support was established for listening locally on port 5786.
Yet, when I tried to log on using the following as the server name:
(local)\sql2008b,5786
I still was unable to connect, while logged onto the remote box (hence using "local".)
A suggstion was made below to set the port myself. This occurred to me to try but there are a couple of things that are botehring me:
1) Why can I connect to my SQL 2000 instance without monkeying with anything to get it to work (but not my 2008 instance)?
2) The IP addresses shown in TCP1 and 2 don't appear correct. The one I blacnked out, presumably theIP address of my router and the one needed to make my server visible on the Internet, was not correct. Also , the local 192.168.1.100 was not correct. The db server server's IP adress end in a different number. perhaps I sh
TCP/IP is disabled in your screenshot so it isn't listening on any port. On start up when enabled it will write an entry to the SQL Server logs telling you what port it is listening to. (Accessible through Management Studio tree view Management -> Sql Server Logs nodes)
You might find this link useful How to configure an instance of SQL Server to listen on a specific TCP port or dynamic port
Also do you have the SQL Server Browser service running on that machine (it might help you connecting to the right instance)?
If TCP/IP is disabled, the service can still listen via Named Pipes (for network connections) or Shared Memory (for local connections), so it will work with TCP/IP disabled if you choose to got that route.
On startup, there will be an event log entry to tell you what connection methods it's listening for, or you can do a "NETSTAT -A" from the command line to see which ports the server is listening on in general.
If I can ping my DB server, is my SQL Server connection guaranteed to work?
I am using a default connection string in my code.
My program runs fine locally but overseas sites are having issues and I am wondering if SQL might be using a TCP or UDP port that is still blocked.
Here is the connection string "Data Source=xxxx.xxxx.com; Initial Catalog = xxxxx; User ID=xxxxx;password=xxxxx"
As far as I understand your question you are asking whether ICMP "ping" packet which returns guarantees you can open a connection on a particular TCP port? The answer is NO. It is also not the other way around - "ping" packets might be blocked by a firewall.
telnet xxxx.xxxx.com 1433 might be a better indicator.
No. The SQL Server Service must at least be running on the server for any mssql connections to work. The server itself can be up - running and pingable without the SQL Server Serice running.
You might also need to check whether the TCP/IP protocol is enabled using SQL Server Configuration Manager. Even when MSSQLSvc is running, it might not respond to remote requests.