Accessing SQL server residing on AWS through application on local machine - sql-server

I have SQL server 208 R2 hosted on AWS. Can I access that SQL server through my web application on local machine without VPN?
What connection string we need to give in web.config. So I no need to have SQL server on my local machine.
I can run and test my application without having SQL server on my local machine.

If your SQL Server is publicly accessible, then you can simply connect directly to it. It's a bad practice to expose database servers directly to the internet, however, so don't do this.
If your SQL Server is not publicly accessible, then you can connect to it via an SSH tunnel. You would launch a publicly-accessible EC2 instance, restrict its security groups to allowing SSH from your local IP address, and then use SSH on your local machine to port-forward to the SQL Server via the SSH tunnel. You can then connect your database client to the local port on your machine and that will be forwarded to the SQL server via the SSH tunnel. Here's an example.
The SQL Server will also have to allow inbound connections from your EC2 instance.

Assuming it's the default SQL Server instance listening on port 443, and your EC2 instance has a public IP address, you could do the following:
Enable access to your EC2 instance through port 443 from your local machine public IP.
Configure Windows firewall to allow access through port 443
Ensure TCP/IP protocol is enabled for your SQL Server Instance
Use data source=<the public ip address of your E2 instance> in the connection string.
To enable access to your EC2 instance through port 443 from your local machine public IP do the following:
Go to AWS mangement console.
Go to EC2 Service.
Click on Running Instances
Click on your EC2 instance running SQL Server
Click on one of the security groups listed on the Description tab.
Click on the Inbound tab.
Click on the Edit button
Click on Add Rule button
Select Custom TCP rule on the Type dropdown list.
Enter 443 on Port Range.
Select My IP on Source dropdown list.
Enter "SQL Server from My local IP" on Description text box.
Your public IP address might change over time, so you might need to update the source when this happens.
To configure Windows firewall to allow access through port 443 open an RDP session to your EC2 instance and use Windows Firewall with Advanced Security tool and add the the rule.
To ensure TCP/IP protocol is enabled for your SQL Server Instance do the following:
Open an Remote Desktop session to your EC2 instance.
Open SQL Server Configuration Manager.
Expand SQL Server Network Configuration
Click on Protocols for
Enable TCP/IP protocol if not enabled.
Hope it helps

Related

Access self-installed instance of SQL Server from Azure Virtual Machine

I have created the virtual machine on Azure and installed a free version of the SQL Server database. I have created a new login in the SQL Server to access the database. I also added the inbound rule to enable TCP port on the Azure portal of the virtual machine.
Now I am trying to access the SQL Server instance from my local computer over IP but it's not connecting. Is there anything I am missing? I am getting this error:
Use Configuration Manager to enable TCP/IP connections and listen on port 1433.
Add a Windows Firewall rule allowing inbound traffic on port 1433.
Configure the VM's Network Security Group to allow inbound traffic on port 1433.

AWS Lightsail Windows SQL Server Unable to connect via static IP

I created a new windows server + sql server in aws lightsail. I cant seem to connect remotely via ip address. I almost do everything but to no avail.
I tried the ff:
allow remote connection & windows/sql auth via connection properties
allow all tcp/udp ports (for testing)
enable tcp/ip sql config
add static ip address in tcp/ip sql config
disable firewall
Any help is very much appreciated.
Apparently when managing vps, some configurations such as networking are done via the providers interface, in my case its in AWS console. This means that the firewall rule for port 1433 which is used by SQL Server should be configured in the AWS site. There is a networking tab wherein you can add a custom rule to TCP 1433. Also don't forget to set the Server Properties Server Authentication to both windows and sql authentication (Right click the connection > Properties > Security) and then restart sql server service.
There are two version of Lightsail
Window + MS SQL
Window
When we talk about managing port of MSSQL from Networking tab this will work only when AWS setup MSSQL for you.
if you have just took window and then installed MS SQL from your side you need to do following setting:-
Server Server Configuration Manager, enabled TCP/IP from Networking section
and also open in detail and put port 1433 and remove dynamic ports
Create inbound Firewall in window.
Then it will work.

How to make a sql instance public from an EC2 VM?

I've got a brand new EC2 VM in AWS and installed SQL Server on it. I've then imported a database and now want to make that data externally accessible.
Can anyone guide me as to what I need to do?
Dont worry this isn't anything sensitive, its just test content at the moment.
Thus far I've turned off the Windows Firewall to ensure that wasn't blocking it, ensured TCP/IP is enabled in SQL but when I try and connect to it from an asp.net application for example (either locally or from an asp.net app running on a different ec2 instance), it just times out connecting (using the public DNS or the private IP adddress of the VM).
What are the steps that I realistically need to do to make this SQL instance available outside of the VM?
Every time you add services to your EC2 instance you need to make sure to allow inbound connections to the needed ports in the security group attached to your instance.
Did you open the port 1433 to allow inbound connections to Microsoft SQL Server?
Here are some basic steps to troubleshooting SQL Server Connectivity:
Is SQL Server running, and on TCP/IP
From the client can you PING
From the client can you TELNET 1433
Can you clarify the network setup, is it like this:
VM > VM HOST > CLIENT on LAN
VM > VM HOST > CLIENT on Internet
Try those troubleshooting steps at each stage.

Cannot connect to remote SQL Database with SQL Server Management Console (Error 53)

I have opened up port 1433 on my firewall, but every time I try and connect to my remote SQL Database with SQL Server Management Console I receive (Microsoft SQL Server, Error: 53)
https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx
http://blog.sqlauthority.com/2009/05/21/sql-server-fix-error-provider-named-pipes-provider-error-40-could-not-open-a-connection-to-sql-server-microsoft-sql-server-error/
http://blogs.msdn.com/b/walzenbach/archive/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008.aspx
Enable remote connections for SQL Server Express 2012
Short Answer
Check Firewall
Check Service is Running
Check TCP/IP is Enabled
Check SQL Server Properties "Allow Remote Connections"
Check if the SQL Server is on a restricted subnet
Then Run these if Those Do not Resolve
Right-click on TCP/IP and select Properties.
Verify that, under IP2, the IP Address is set to the computer's IP address on the local subnet.
Scroll down to IPAll.
Make sure that TCP Dynamic Ports is blank.
Make sure that TCP Port is set to 1433.
If you have a named instance then you must have the SQL Server Browser Service enabled
The browser service runs on port UDP 1434 and this must be allowed through your firewall
Hail Mary Pass if this is Still not Resolved
Go to the client machine, and run cliconfg.exe If named pipes is listed first, demote it, and promote TCP/IP.
check if the firewall is blocking the named pipes port, which usually is 445
What you need to do is go into SQL Server Configuration Manager where SQL Server is installed.
In the Start Menu, under the Microsoft SQL Server folder, open the Configuration Tools folder and select SQL Server Configuration Manager.
In the Config Manager, click the arrow next to SQL Server Network Configuration, then click on "Protocols for {Instance}". {Instance} will be your install, if it's the default instance it will be MSSQLSERVER.
On the right side, make sure that TCP/IP is "Enabled". Double click TCP/IP, in the window that opens, change the drop down to "Yes".
Here is the how to fix it and gain your connectivity back:
Click WindowsKey + R and enter services.msc
Once Services opens scroll down and locate service SQL Server
Highlight the service and click START
Wait for the service to start and retry to connect to your MSSQL instance
It should now work again and you will be able to connect to your MSSQL instance and run queries.
I have solved this problem. Please refer to this thread: http://social.technet.microsoft.com/Forums/forefront/en-US/d2624655-e6ff-4947-b1a8-a2edcffd8a21/denied-connection-netbios-session-protocol#68321990-4ac4-46fa-b7f8-9e0ded3234bb
In detail: I was receiving the following error from ISA when trying to connect from my SBS 2003 Server to my offsite MSSQL Database Provider via SQL Server Management Studio:
Denied Connection
Log type: Firewall service
Status: A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter.
Rule:
Source: Local Host ( 192.168.1.1:29859)
Destination: External (...:139)
Protocol: NetBios Session
I have figured this out. I had to add "Local Host" as one of the sources for the ISA Rule that I had initially created to allow SQL Server Management Console connections in the first place. That rule was allowing "Internal" sources but not the Local Host (127.0.01), which is needed for this scenario.
in SSMS while opening give the server name as your_Hostname\your_sqlservername (give both the names as applicable instead of local or just only servername) it works fine.
I could ping my Virtual Machine SQL server but couldn't connect to it.
I disabled my wired and wireless NICs and then it connected !

Use SQL Server Management Studio to connect remotely to an SQL Server Express instance hosted on an Azure Virtual Machine

Initial Attempt
I have an Azure VM with Windows Server 2012, on which I just installed SQL Server 2012 Express Database Engine component. Then, I followed the instructions here to connect remotely with SQL Server Management Studio.
Create a TCP endpoint for the virtual machine
Open TCP ports in the Windows firewall
Configure SQL Server to listen on the TCP protocol
Configure SQL Server for mixed mode authentication
Create SQL Server authentication logins
Determine the DNS name of the virtual machine
Connect to the Database Engine from another computer
After step seven I received the following error:
A network related or instance-specific error occurred while
establishing a connection to SQL Server. The server was not found or
was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: Named
Pipes Provider, error: 40 - Could not open a connection to SQL Server)
(Microsoft SQL Server, Error: 53)
What else do I need to configure before connecting remotely?
Troubleshooting
I have been following the troubleshooting instructions here. Each blockquote below is a step described that that link.
Confirm the instance of the SQL Server Database Engine is installed
and running.
Done. We installed SQL Server Express, and it is running as a named instance called SQLEXPRESS.
If you are attempting to connect to a named instance, make sure the
SQL Server Browser service is running.
Done. We followed the steps here to turn on the SQL Server Browser service.
Get the IP Address of the computer.
Done. We will use these later for testing connectivity and maybe for setting up a static port for SQLEXPRESS.
10.241.62.155
fe80::45c:8c29:e19f:f78b%15
Get the TCP port number used by SQL Server.
Done. The SQL Server Management Studio server logs showed that the server was listening on port 49169.
Enable Protocols
Done. We had already enabled TCP/IP in the configuration manager, but we restarted the SQL Server Service just in case.
Testing TCP/IP Connectivity
Done. We used tcping.exe to test connectivity (cmd ping doesn't work quickly with Azure.) We were able to connect to port 80.
tcping.exe buddha.cloudapp.net > successful
tcping.exe buddha.cloudapp.net 80 > successful
Testing a Local Connection
Done. We used sqlcmd.exe from the command prompt and were able to connect locally via TCP with a username and password.
sqlcmd -S Buddha\SQLEXPRESS (success via shared memory protocol)
sqlcmd -S tcp:Buddha\SQLEXPRESS (success via TCP)
sqlcmd -S tcp:Buddha\SQLEXPRESS -U sa -P (success via TCP with username)
sqlcmd -S tcp:10.241.62.155\SQLEXPRESS -U sa -P (success with internal IP)
Opening a Port in the Firewall
We opened the port on which we SQLEXPRESS listens. The server logs (above) showed that SQLEXPRESS was listening on port 49169, but this is just one of many dynamic ports, and we wanted to set up the static port 1435.
Use WF.msc to create an inbound TCP rule for port 1435.
Use Azure Management Portal to create a TCP endpoint for port 1435.
The troubleshooting instructions also say:
If you are connecting to a named instance or a port other than TCP
port 1433, you must also open the UDP port 1434 for the SQL Server
Browser service.
Since we are connecting SQLEXPRESS (a named instance), we needed to open port 1434 for UDP.
Use WF.msc to create an inbound UCP rule for port 1434.
Use Azure Management Portal to create a UDP endpoint for port 1434
Further research about connecting to named instances revealed dynamic port issues. The reason why we are using port 1435 (static) instead of port 49169 (one of many effective options.)
Instances of SQL Server Express, SQL Server Compact, and named
instances of the Database Engine use dynamic ports. To configure these
instances to use a specific port, see Configure a Server to Listen on
a Specific TCP Port (SQL Server Configuration Manager). and
here.
Done. We went to SQL Configuration Manager > SQL Server Network Configuration > Protocols for SQLEXPRESS > TCP/IP, we did the following.
Protocol Tab > Listen All > NO.
IP Addresses Tab > for each listed address
Enabled > Yes
TCP Dynamic Ports > Blank (delete the zero)
TCP Port > 1435 (or your choice)
After restarting the SQLEXPRESS service, we again looked in the SQL Server Management Studio logs, and found that the Server is Listening on port 1435!!! Hooray!
Testing the Connection
Done. We opened SQL Server Management Studio on our local (non-Azure) computer and connected.
buddha.cloudapp.net,1435 OR buddha.cloudapp.net\SQLEXPRESS
sa
password
Success.
Here are the three web pages on which we found the answer. The most difficult part was setting up static ports for SQLEXPRESS.
Provisioning a SQL Server Virtual Machine on Windows Azure. These initial instructions provided 25% of the answer.
How to Troubleshoot Connecting to the SQL Server Database Engine. Reading this carefully provided another 50% of the answer.
How to configure SQL server to listen on different ports on different IP addresses?. This enabled setting up static ports for named instances (eg SQLEXPRESS.) It took us the final 25% of the way to the answer.
The fact that you're getting an error from the Names Pipes Provider tells us that you're not using the TCP/IP protocol when you're trying to establish the connection. Try adding the "tcp" prefix and specifying the port number:
tcp:name.cloudapp.net,1433
I too struggled with something similar. My guess is your actual problem is connecting to a SQL Express instance running on a different machine. The steps to do this can be summarized as follows:
Ensure SQL Express is configured for SQL Authentication as well as Windows Authentication (the default). You do this via SQL Server Management Studio (SSMS) Server Properties/Security
In SSMS create a new login called "sqlUser", say, with a suitable password, "sql", say. Ensure this new login is set for SQL Authentication, not Windows Authentication. SSMS Server Security/Logins/Properties/General. Also ensure "Enforce password policy" is unchecked
Under Properties/Server Roles ensure this new user has the "sysadmin" role
In SQL Server Configuration Manager SSCM (search for SQLServerManagerxx.msc file in Windows\SysWOW64 if you can't find SSCM) under SQL Server Network Configuration/Protocols for SQLExpress make sure TCP/IP is enabled. You can disable Named Pipes if you want
Right-click protocol TCP/IP and on the IPAddresses tab, ensure every one of the IP addresses is set to Enabled Yes, and TCP Port 1433 (this is the default port for SQL Server)
In Windows Firewall (WF.msc) create two new Inbound Rules - one for SQL Server and another for SQL Browser Service. For SQL Server you need to open TCP Port 1433 (if you are using the default port for SQL Server) and very importantly for the SQL Browser Service you need to open UDP Port 1434. Name these two rules suitably in your firewall
Stop and restart the SQL Server Service using either SSCM or the Services.msc snap-in
In the Services.msc snap-in make sure SQL Browser Service Startup Type is Automatic and then start this service
At this point you should be able to connect remotely, using SQL Authentication, user "sqlUser" password "sql" to the SQL Express instance configured as above. A final tip and easy way to check this out is to create an empty text file with the .UDL extension, say "Test.UDL" on your desktop. Double-clicking to edit this file invokes the Microsoft Data Link Properties dialog with which you can quickly test your remote SQL connection

Resources