Discussion:
SQL Linked server over firewall
(too old to reply)
jjstenhouse
2003-11-26 15:32:48 UTC
Permalink
I have a server in one town behind a firewall, and another
in another town behind another firewall. I've set up a
linkes server on server1 connecting to server2, with the
relevant ports open on the firewalls (1433 inbound on the
local firewall (no outbound blocking), 1024 - 5000 in and
out on the remote firewall. However, when I try to make
the linked server connection to the local server, a Server
Doesn't Exist or Access Denied error appears. Using a
port montor, I can see that a connection is being made
from the remote server to port 1433 on the local server,
but the local server seems not to respond. The remote
firewall administrators can see no traffic from the local
to remote server. This is using TCP/IP. If I use
multiprotocol, the remote server tries sending on ports
135 and 445. Ideally, I want a Linked Server on 1433, or
any high number port. Can anyone help?
Kevin McDonnell [MSFT]
2003-11-27 00:19:23 UTC
Permalink
See the following kb:

287932 INF: TCP Ports Needed for Communication to SQL Server Through a
Firewall
http://support.microsoft.com/?id=287932



Thanks,

Kevin McDonnell
Microsoft Corporation

This posting is provided AS IS with no warranties, and confers no rights.
jjstenhouse
2003-11-27 10:23:28 UTC
Permalink
Thanks, but...

I have already read this document, and have had port 1024
to 5000 inclusive opened on the remote firewall. NETSTAT
shows that a connection is being made from a random port
to port 1433 on the local machine, but no authentication
attempts are logged. Also last night, I ran a small job
every 20 minutes. The job sucessfully logged in to the
remote server between 6PM and 11PM every 20 minutes, then
failed for the rest of night. The nightly backup started
on this server just after 11PM, and lasted until about
12:30AM. No authentication attempts were logged after
11PM, although the job contuned to run.
The SQL databases are accesed from a web server, which
also uses port 1433 (TCP comms), might they be
conflicting?
I would prefer to use multiprotocol to connect the servers
so I can use enrytption, but when I do, the remote server
attempts to connect on ports 135 and 445, which our
firewall admins are not happy about opening as these ports
have been used by several worms and viruses to replicate.
Can I force multprotocol to use a port of my choosing and
if so, how?

Many thanks

JohnS
-----Original Message-----
287932 INF: TCP Ports Needed for Communication to SQL
Server Through a
Firewall
http://support.microsoft.com/?id=287932
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and
confers no rights.
.
Kevin McDonnell [MSFT]
2003-12-01 20:02:12 UTC
Permalink
The key to the problem is what is the true error message when the
connections starting failing.
Once you're in a failed state, use ISQL.exe from a DOS command window and
get the OS Error number. Eg. 10061.

As far as Multiprotocol goes, you can set a fixed port for the
destination. It should not be 1433. There's a registry key to set it.
Here's the article.

239894 INF: How to Establish Encrypted Multiprotocol Connections with SQL
7.0
http://support.microsoft.com/?id=239894

and

164667 INF: Replication Setup Over a Firewall
http://support.microsoft.com/?id=164667

However, you will also require 135 since it uses RPC. If you're on SQL
2000, I would recommend using SSL instead of Multiprotocol encryption.



Thanks,

Kevin McDonnell
Microsoft Corporation

This posting is provided AS IS with no warranties, and confers no rights.
Linchi Shea
2003-11-28 03:08:25 UTC
Permalink
To ensure that your linked server uses TCP sockets and the specific port and
nothing but these, you can set up your linked server using the IP address or
preferably fully qualifed domain name plus the port number. So if the
'remote' server is myServer.abcd.com, you can set up your linked server as
myServer.abcd.com,1433 using the Microsoft OLE DB provider for SQL Server.
--
Linchi Shea
Post by jjstenhouse
I have a server in one town behind a firewall, and another
in another town behind another firewall. I've set up a
linkes server on server1 connecting to server2, with the
relevant ports open on the firewalls (1433 inbound on the
local firewall (no outbound blocking), 1024 - 5000 in and
out on the remote firewall. However, when I try to make
the linked server connection to the local server, a Server
Doesn't Exist or Access Denied error appears. Using a
port montor, I can see that a connection is being made
from the remote server to port 1433 on the local server,
but the local server seems not to respond. The remote
firewall administrators can see no traffic from the local
to remote server. This is using TCP/IP. If I use
multiprotocol, the remote server tries sending on ports
135 and 445. Ideally, I want a Linked Server on 1433, or
any high number port. Can anyone help?
Loading...