Hi all, I have some DTS packages that are used to import /export data to a
SQL box located outside in a DMZ behind a firewall.
We need to open up a port in the firewall so that the Internal Server can
communicate (Execute DTS packages against) with the SQL box located outside
the DMZ.
How do I find out what Port we need to open so that the Internal SQL box can
communicate with the external SQL box?
I'm a bit new to all this, so please bear with me! :)
I've got a webserver in our DMZ and I'm trying to create an ODBC connection from that server to a db server within our firewall. When I try and connect, the following message appears:
Connection failed: SQLState: '01000' SQL Server Error: 10060 [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]ConnectionOpen (Connect()), Connection failed: SQL State: '08001' SQL Server Error: 17 [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]SQL Server does not exist or access denied
I'm at a bit of a loss as to what's going on, as we have an application on the webserver that connects to another SQL DB server within our firewall with no problem!
webserver: OS - win2000 standard server sp4
db server: OS - WinNT 4.0 SQL - 7.0
If anyone can help, it would be much appreciated!!
My ISP recently had me reset my TCP/IP stack. After that, Norton PersonalFirewall prompted me twice that SQL Server was trying to access theInternet. Both times I responded to allow it to and to always use thataction. Now I am not able to use SQL Server with NPF enabled. If I disableNPF, SQL Server works fine.I am using the desktop edition of SQL Server 7, on a standalone PC, notconnected to a server. I have been using SQL Server and NPF together forover a year. Now, since my TCP/IP stack was reset, NPF interferes with SQLServer.Anyone have any experience with this?Thanks,Neil
I have created a new dtsx package with a FTP Task inside. On this task I am able to configure the user, password server address etc... Everything is working correctly until I try to connect to a FTP in DMZ. Of course I have a firewall to access to it...So my question is how to bypass proxy settings in the FTP task component. I do it in FileZilla so how can I do the same thing in ftp task?
Hello, I am trying to connect a web app to a SQL 2005 that is behind a firewall. The challenge is this, the SQL is behind a firewall and the webserver is at a different location. From my desktop development environment, I connect through a VPN first and then can point to the internal IP of the DB server. This works fine as long as the VPN is connected. But how do I do this from a hosted web application that is not on my local machine or using my VPN? Is there some sort of tunneling Connection that I can use within code? thanks
When I changed to software Firewall, I got lots of problems running asp.net and Dnn. Unfortunatly zonelabs does not support me, cause ZA pro don't "officially" support servers. But speaking to their support, and via email, I am told several of their customers run ZA pro under winXP, with IIS and SQL running.(ZA pro 5.1.033.000)
Unfortunatly I have not been able to get them to read my thead on Zonelabs support forum.
I bought ZA pro after talking on with a salesrep, and was told IIS and SQL is a breeze to config, and if I run into problems their forum or support would help me. Yeah right. So at the time beeing I am stucked.
I first started out installing, and making the most obvious changes, and got everthing working I thought. But when trying to log into a dnn project in my root, nothing happend. So, I knew the firewall didn't play along. Then I gave SQL server rights, 4 green checkmarks in config. Now I could log in. But installing new modules was still a problem. I tried to add "formcreator for dnn" by Snow to a tab. But I got a msg saying a critical error accourd. "SQL server doed not excist or access denied". This is what I have done so far:
1. In Privacy Settings Cookie Control, Ad Blocking and Mobile Code Control are all set to Off 2. Added localhost: Clicked Firewall >> Zones >> Add >> Host/Site name OR IP Address: 127.0.0.1 3. Made sure IIS, and SQL Server have full access: Click Program Control >> Programs.
So as you see, the firewall is still not allowing the application (dnn application) to connect to the SQL server. Surely their must be a way to fix this?
Anyone that has managed to get ZAP to work correct along with IIS and SQL?
We have an external webserver(server1 on domain1) is a DMZ, and sql server7(server2 on domain2) inside the firewall.
Domain1 trusts domain2 but domain2 does not trust domain1.
Our firewall hosting by outside vendor and they told me they already opened up the port 1433 for server2.
I put a small asp.net application on server1(this application works fine in intranet. 2000 server,iis5,virtue directory, and .net frameword were well installed and configured), and I got S'QL server does not exist or login fail error'.
Any idea about that? And how to test the port was opened?
OK, here's the situation. I have set up my two server to use MultiProtocol as their net-lib and locked it down to use only port 1433 instead of "port hopping". I have set up my firewall to allow the traffic on port 1433 between the 2 machines and I added a hosts entry at each machine for the partner machine. With this set up I can do everything that I need to and have not found any limitations until now.
THE PROBLEM: I publish a db (on either machine) and enable immediate updating subscriptions. I then push this db to the other machine. Everything works fine and updates on the publishing db are replicated to the subscribing databases without any problems. However, when I try to do an update on the subscribing database I get an error that "transaction error, ODBC driver [SQLOLEDB] does not support distributed transactions..." No matter which machine I configure as the publisher or the subscriber this error always occurs when trying to update the subscriber. Also, as soon as I disable the firewall the error goes away and updates go back and forth like normal. I've double checked and all packets go through the firewall on port 1433 and none are refused. Not sure where to go from here and any help would be appreciated....
Need to set up replication between a server in our corporate network and another outside our network. Both are NT 4 servers running SQL7 and I am instructed to configure merge replication on both ends. My questions are: Is it possible to achieve this by running tcpip(read somewhere that I would need to run MPR to load the net libraries) and configuring the firewall to allow tcp/ip on the ports we are running SQL on between the two servers?
I am trying to connect to SQL Server 7.0 from a web server. The web server is outside our firewall, SQL Server is inside the firewall. I want to use a multiprotocol connection so I can encrypt it. We have port 1433 open on our firewall for TCP/IP from SQL Server. When I connect with just TCP/IP it works. When I switch to multiprotocol it fails with error code 1701. I can connect to the SQL Server box from inside the firewall using multiprotocol. My theory is that when you use multiprotocol you are using another port than 1433. Is this the answer?
I have a simple asp page that queries a database inside our firewall. It works fine from the inside, and only uses port 1433. But if i put it out on our web server it won't connect and tries to use ports 139 and 445. Has anybody ran across this before?
Hello,We use Informix and MySQL on linux/unix to drive our web application.SQL*Server is used only for backend enterprise applications within thefirewall. I am trying to get the management to use SQL*Server outside thefirewall. They tell me there are security issues with Microsoft products,including SQL*Server, that make it vulnerable to attacks outside thefirewall. Can someone please point me to white papers/documentation thatsuggests how SQL*Server can be used securely outside the firewall? I thinkif I put SQL*server on it's own box and open it up only to the applicationson our web servers, we should be secure. However, I need hard evidence.Thanks.- Rajesh
HelloI have a project where I need to update a few tables in a SQL Server 2000database which resides behind a firewall, ie port 1433 is blocked. I alsoneed to verify the updates were successful.I am a C# developer. What are my options in doing this.. web services?John Dalberg
In this situation do I need a proxy or forwarder at both ends to prevent connection issues? Are there plans to handle this in future SSSB upgrades. Thanks.
I'm trying to adminster a remote MS SQL server from inside my company's firewall. I have the correct permissions to pass traffic through the firewall, but I need to authenticate to it first. When I try to register this remote SQL server through Enterpise Manager, it of course does not let me because of the firewall. Is there any way I can pass the firewall ID and password during the server registration process, and then pass the SQL server ID and password? I'm no SQL server expert by any means, but it doesn't look like it's possible. Are there any third party utilities that may accomplish this?
I am connecting to several SQL 2000 servers on another LAN from my workstation and I have to go through a firewall.
I got the firewall people to open port 1433 and was then able to connect any server with a default instance using Query Anlyzer and the IP address of the Server.
When I try to connect from my workstation to a server with a named instance I am being blocked by the firewall before it gets to the server.
I went into Client Network Utility on my workstation and removed named pipes which only left Tcpip using port 1433.
Fire wall is now blocking “nbname UDP 137”.
Is there a setting somewhere on my workstation that I can force the traffic to the named instance to use Tcpip through port 1433.
I am running a package in the catalog. The package contains a c# script that uses FTP webrequest. It runs fine in SSDT. Trying to execute from the catalog the ftp list directory is timing out.
This seems to be a firewall issue. We have tried adding an exception for dtexec, but that did not . I am thinking another program runs the package, maybe ISServer.exe?
Any program that would need the firewall exception to run the package in the catalog?
We have SSIS packages deployed and scheduled on SQL_Server_A. The packages have to access databases on SQL_Server_B, which is behind a firewall.
Question: would opening only SQL port between these two servers be enough or some other ports have to be open as well? (The packages only select and bring data back to Server_A or transfer data from Server_A to the databases and do inserts. Nothing else.)
Is there any concerns or problems with forward a port to SQL server from our internet firewall so that you can access the databases over the internet? Is it a standard practice to do this in order to remotely access the SQL server. Or is there a better way to do this? Also, if it is ok to do this are any things you need to do to enhance your security from vulnerabilities being open to the internet.
Any suggestions or comments would be appreciated on this subject.
I am running SqlExpress on a Vista machine as a server and accessing it from machines running XP. I could not connect with the Vista server until I turned off the firewall, despite creating exceptions for both the sqlexpress and sqlbrowser services in the firewall setup. Obviously, I don't want to run on a wireless network without a firewall for any length of time. What else to I need to enable in order to run with my firewall up? In SMSS, I could 'see' the Vista server on the network with the firewall up, but I could not 'see' the SERVERSQLEXPRESS service or connect to it .
I am trying to install SQl express as part of a custom app.I have been able to use the template.ini to pass in all the parameters and install. installs fine,however the installation isnt browseable by remote machines due to the sqlserver.exe and sqlbrowser.exe not being in the windows firewall list. How can i add then to this list automatically at install time? or is there another way around this?
I have a Windows Server 2003 with SQL Server 2005. I´ve configured the following itens to allow remote connecitions:
[code] WORKAROUND Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.To work around this problem, follow these steps on the computer that Windows XP SP2 is installed on:
1. Make sure that the Log On As account for the MSDTC service is the Network Service account. To do this, follow these steps: a. Click Start, and then click Run. b. In the Run dialog box, type Services.msc, and then click OK. c. In the Services window, locate the Distributed Transaction Coordinator service under Name in the right pane. d. Under the Log On As column, see whether the Log On As account is Network Service or Local System.
If the Log On As account is Network Service, go to step 2. If the Log On As account is Local System, continue with these steps. e. Click Start, and then click Run. f. In the Run dialog box, type cmd, and then click OK. g. At the command prompt, type Net stop msdtc to stop the MSDTC service. h. At the command prompt, type Msdtc €“uninstall to remove MSDTC. i. At the command prompt, type regedit to open Registry Editor. j. In Registry Editor, locate, and then delete the following subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSDTC k. Close Registry Editor. l. At the command prompt, type Msdtc €“install to install MSDTC. m. At the command prompt, type Net start msdtc to start the MSDTC service.
Note The Log On As account for the MSDTC service is set to the Network Service account.
2. To allow the network transaction, you must enable MSDTC. To do this, follow these steps: a. Click Start, and then click Run. b. In the Run dialog box, type dcomcnfg.exe, and then click OK. c. In the Component Services window, expand Component Services, expand Computers, and then expand My Computer. d. Right-click My Computer, and then click Properties. e. In the My Computer Properties dialog box, click Security Configuration on the MSDTC tab. f. In the Security Configuration dialog box, click to select the Network DTC Access check box. g. To allow the distributed transaction to run on this computer from a remote computer, click to select the Allow Inbound check box. h. To allow the distributed transaction to run on a remote computer from this computer, click to select the Allow Outbound check box. i. Under the Transaction Manager Communication group, click to select the No Authentication Required option. j. In the Security Configuration dialog box, click OK. k. In the My Computer Properties dialog box, click OK.
3. Configure Windows Firewall to include the MSDTC program and to include port 135 as an exception. To do this, follow these steps:
a. Click Start, and then click Run. b. In the Run dialog box, type Firewall.cpl, and then click OK. c. In Control Panel, double-click Windows Firewall. d. In the Windows Firewall dialog box, click Add Program on the Exceptions tab. e. In the Add a Program dialog box, click Browse, and then locate the Msdtc.exe file. By default, the file is stored in the Installation drive:WindowsSystem32 folder. f. In the Add a Program dialog box, click OK. g. In the Windows Firewall dialog box, click to select the msdtc option in the Programs and Services list. h. Click Add Port on the Exceptions tab. i. In the Add a Port dialog box, type 135 in the Port number text box, and then click to select the TCP option. j. In the Add a Port dialog box, type a name for the exception in the Name text box, and then click OK. k. In the Windows Firewall dialog box, select the name that you used for the exception in step j in the Programs and Services list, and then click OK. [/code]
But, when the Windows firewal on the server is "On", remote connections are not allowed, despite I´ve configured the Exceptions on the firewall.
I am using SQL Server 2005 Express + SP1 on a Windows Small Business Server(SBS) box. The SBS is connected to a client thru LAN.
Following are what I gave as IP address and DNS on the server:
IP: 192.168.16.2, subnet mask : 255.255.255.0, Preferred DNS server: 192.168.16.2, Default gateway and Alternate DNS Server blank
On the client, I have,
IP: 192.168.16.4, subnet mask : 255.255.255.0, Preferred DNS server, Default gateway and Alternate DNS Server blank
I can ping and connect to either of the machines.
If I do a sqlcmd -S "tcp:servernameINSTANCE,port", I get the following error message: HResult 0x80090304, Level 16, State 1 SQL Network Interfaces: The Local Security Authority cannot be contacted
I cannot seem to find the definitive how-to guide for this. Can anyone point me in the right direction?
I have SQL Server 2005 (x64) already running on Windows 2003 R2 (x64). I'm having difficulty trying to expose it the Internet.
Using the Surface Area Configuration tool I can see that remote connections using TCP/IP is enabled. I also made the machine administrator a member of the SysAdmin role from here too.
In Windows Firewall "SQL Server" and "Web" are already checked as exceptions.
I know that SQL Server uses port 1433 and I also read somewhere that clients connecting to SQL Server communicate on a random port between 1024 and 5000. So, on my router (Netgear WNR854T) I'm forwarding ports 1024 through 5000 to the machine where SQL Server lives.
In my connection string I'm using the IP address of the SQL Server machine with ":1433" appended to the address. Yet I cannot connect to SQL Server. Am I missing anything?
I have purchased 4 new boxes for SQL2005 and my var database product all running on the new Windows 2008 server. A lot of silly mind bender issues but I am up and live now. However, what should the firewall settings be on my SQL database box? I have ultimately turned off Windows Firewall so that I could connect and continue forward.
I've been successful at installing a customized SQLexpress using setup.exe /settings template.ini.
What I'd like to do now is see if I can progammatically detect a Firewall on the SQLexpress machine and if there is one to add the exceptions for sqlservr and sqlbrowser programmatically so that the user doesn't have to do anything.
I am new to internet development and would like some advice on the technology used to access a SQL database that sits on a network behind a firewall.
** ASP .NET Page ** -> ** Web Server ** -> ** FIREWALL ** -> ** SQL **
So to give an example; from an ASP .NET page on the internet, I would like to populate a DataGrid with the contents of a single table from a SQL database. The SQL database is sitting on our company network behind a firewall.
Could someone please explain / point me in the right direction in how the ASP .NET page / Web Server can securely access the SQL database.
I have got a MTS Server and SQL server 7 in different boxes. However, MTS only communicates to SQL server when there is no firewall while it doesn't work when there is a firewall between them. Any idea I can solve this problem?
I have changed SQL Server port to 2433, and add it to exception in Windows Firewall, add executive files as in this KB http://msdn2.microsoft.com/en-us/library/ms175043.aspx
Want to change port of SQL Server Browser as well, but dont know how to :(
anyway, after enable Firewall, SQL server is stop working. How to get it working with Firewall? Also, if some one lets me know how to change port of SQL Server Browser too, it would be great