I have a server\client application written in C which requires me to open some ports and add applications to windows firewall on both ends. Currently i am doing it mannually in order that my program will run.
I would like to create an installer for my program that will automatically add the ports and application to the firewall.
So my question is, is there a C library or CMD commands which i can use in order to modify the firewall on installation?
Using the command line, it is possible to use something like this to open ports:
netsh advfirewall firewall add rule name="My Custom Rule In" dir=in action=allow protocol=TCP localport=9191
netsh advfirewall firewall add rule name="My Custom Rule Out" dir=out action=allow protocol=TCP localport=9191
And to add a rule to an application
netsh advfirewall firewall add rule name="SQL Server Windows NT" dir=inaction=allow program="C:\Program Files (x86)\Microsoft SQLServer\MSSQL.1\MSSQL\Binn\sqlservr.exe " enable=yes
Example taken from here
On windows, you can use the system() command to spawn a netsh process passing the arguments needed.
Related
I'm looking at doing a auto install for SQL Server 2017. I need the Named Pipes, TCP/IP and Shared Memory protocols to all be enabled.
I have not tried anything as I am not sure how to do this via cmd.
I am expecting the Shared Memory, Named Pipes and TCP/IP protocols to be enabled, not disabled after the auto install.
You can do this with a .ini file. In the .ini you specify
TCPENABLED="1"
NPENABLED="1"
Then in your bat file you add
"YourSQLSetupExeFile" /CONFIGURATIONFILE="YourIniFile" <plus any other parameters>
If every install uses the same parameters you can put them in the ini file. If those vary from one install to the next you can add the user entered values to the command line.
Install SQL Server using a configuration file
You may also want to use NETSH advfirewall to add firewall rules (requires 'Run as Admin').
If I start up a web server exactly how they do it in the BlinkyWebServer example, everything appears to work correctly while debugging (no errors), but I can't access the url on the port. I just get a timeout. I'm using the 14295 build of Windows IoT with a Raspberry Pi 3.
As of build 14295 Windows IoT added an internal firewall. To open up a port:
Connect to your device in powershell
Open up the firewall with:
netsh advfirewall firewall add rule name=[Any name to identify rule] dir=in action=allow protocol=TCP localport=[Port number]
I've created a network with the following rules:
I have two virtual machines, both running Windows Server 2012.
Computer 1 (192.168.0.2)
Computer 2 (192.168.0.3)
I can ping between the machines without any problems.
On Computer 1 I have SQL Server 2014 Express installed. These are the firewall rules added to the server:
I am unable to connect to the SQL Server instance from Computer 2. If I disable the firewall it works.
The rules added to the server work ok in Azure and on my Hyper V virtual machines. Do I need to add an other rules for it to work in Google Compute?
I only want to be able to access this SQL instance through machines on the same network.
There seems to be an issue with the way the windows firewall as been configured based on the fact that you can connect when the firewall is disabled. A couple of things to try out, to see if they resolve the issue for you.
Put 1-65535 in their allow internal firewall rule, not 0-65535
Add client internal IP to the firewall rule
For example:
netsh advfirewall firewall add rule name="SQL Access" dir=in action=allow program="%programfiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" remoteip=localsubnet,x.y.z.w
where x.y.z.w should be replaced by your client internal IP, and the program path should match your installation path to sqlservr.exe. It varies based on the version of SQL Server you have installed.
Let us know if you still face this issue and we can take another look.
I am using following command line statement to install SQL server.
start /wait E:\UnInstall\SQLSERVER\SQLEXPR32And64.EXE /qb username="EZITek" companyname="Ezitek Soft" addlocal=ALL disablenetworkprotocols="2" instancename="CBEServer" SECURITYMODE="SQL" SAPWD="cbeserver123"
I want to add something so that setup also creates Firewall exception for SQL server.
Can there be any possibility?
Thanks
That kind of stuff should be handled by the operating system / firewall. The server application shouldn't ask for exceptions in the firewall. Please, configure your firewall settings separately after you have installed your server.
Firewall exceptions can be added using the netsh command, or PowerShell.
http://technet.microsoft.com/en-us/library/cc776229(v=ws.10).aspx
I have multiple SQL Server 2005 instances on a box. From SSMS on my desktop I can connect to that box's named instances with no problem. After some recent network configuration changes, when I want to connect to the default instance from SSMS on my desktop, I have to specify the port number. Before the network changes, I did not have to specify the port number of the default instance.
If I remote to any other box (including the one in question), and use that box's SSMS to connect to that default instance, success. From my desktop, and only from my desktop, I have to specify the port number.
Is it a SQL Server configuration that I've missed? Is it possible something in my PC's configuration is getting in the way? Where would I look, or what could I pass on to the network folks to help them resolve this? Any help is appreciated.
Port 1434 is blocked somewhere along the line, which is used to resolve instance name to port number.
If you specifiy a port number, instance name is ignored...
SQL Server Browser service listens on port 1434
Upon startup, SQL Server Browser
starts and claims UDP port 1434. SQL
Server Browser reads the registry,
identifies all instances of SQL Server
on the computer, and notes the ports
and named pipes that they use. When a
server has two or more network cards,
SQL Server Browser returns the first
enabled port it encounters for SQL
Server. SQL Server Browser support [sic]
ipv6 and ipv4.
When SQL Server clients request SQL
Server resources, the client network
library sends a UDP message to the
server using port 1434. SQL Server
Browser responds with the TCP/IP port
or named pipe of the requested
instance. The network library on the
client application then completes the
connection by sending a request to the
server using the port or named pipe of
the desired instance.
Edit, after comment:
What is the local client setting default? It should be 1433 of course, but if not then just servername will not work.
Launch "SQL Server Configuration Manager".. "SQL native client configuration".. "client protocols".. double click tcp/ip, the default port used by your local PC is there.
I've seen this happen on Windows 2008/7/Vista boxes that have the firewall turned on. Using the named instance does not work but specifying the port does. The fix for me was to set up a firewall rules for SSMS and DTExec in order to allow for normal connections. The script to do so is below but you may have to change the patch to SSMS and DTExec.
rem SSMS
netsh advfirewall firewall add rule name=SQL-SSMS dir=in action=allow program="D:\Apps\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe" enable=yes profile=domain
netsh advfirewall firewall add rule name=SQL-SSMS dir=out action=allow program="D:\Apps\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe" enable=yes profile=domain
rem DTExec
netsh advfirewall firewall add rule name=SQL-DTExec dir=in action=allow program="D:\Apps\Program Files\Microsoft SQL Server\100\DTS\Binn\DTExec.exe" enable=yes profile=domain
netsh advfirewall firewall add rule name=SQL-DTExec dir=out action=allow program="D:\Apps\Program Files\Microsoft SQL Server\100\DTS\Binn\DTExec.exe" enable=yes profile=domain
rem DTExec32
netsh advfirewall firewall add rule name=SQL-DTExec32 dir=in action=allow program="D:\Apps\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\DTExec.exe" enable=yes profile=domain
netsh advfirewall firewall add rule name=SQL-DTExec32 dir=out action=allow program="D:\Apps\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\DTExec.exe" enable=yes profile=domain