SQL microsoft windows Firewall configuration.
-
Good afternoon gentlemen from ACI learning. I have been reviewing and has not been able to find a straight answer for my dub. I am trying to configure an app server that uses an SQL service which is located in a different server like in the real world. The issue I am finding is that when the firewall of any of them or both are set to domain the servers won't talk to reach each other. Yes, you can ping both servers by name and IP but SQL management won't connect. I suspect that it has to do with those dynamic ports since I open port 1433 and 1434 for SQL. The issue is in the first handshake when authenticating with AD credentials. In reality it would be too risky to just open random ports and it doesn't mean that windows will use those same ports again. Last they both live in the same subnet and no FW appliance is between them. Thanks FYI .248 is the ap server, .249 the SQL server. PS they can communicate when private firewall is on in both. Just at domain level won't work.
-
This is just a guess, but I think your problem lies with the domain firewall rules. I would check the domains firewall and compare it with the private firewall rules and see what is missing from the domain's firewall rule.
-
I think @Douglas-Atwood suggestion is a good place to start.
-
@Victor-Rosa you could have an issue that I have had in the past where you are choosing the Network Location and regardless of what you choose, the Windows Firewall chooses a public network location or the most restrictive settings. This has caused problems in the past, so I have used a GPO to force the network location, which applies the appropriate firewall settings. You can find the settings for that GPO here Computer Configuration > Windows Settings > Security Settings > Network List Manager Policies
-
Good morning guys. Thanks for following up.@wes-bryan should I implement the GPO in the local policy or through the DC?
-
I have used LGPOs, or a domain-based GPO. You can test it out with both, and then customize the settings to your environment. Keep in mind the GPO processing order for any conflicts.
-
@Ronnie-Wong you can mark this as resolve. Thanks for all your input guys. I definitely encourage your team to emphasize the importance of knowing networking, ports and most important how communication happens between systems. In my case SQL could not authenticate the app server with the Domain controller. At the private level they negotiate their authentication locally using TDS but at the domain profile level it needed port 445 explicitly opened in the SQL to talk to Active Directory. Thanks for all of you guys input. Your forum is pretty strong and it helps people to brainstorm until a possible solution is found. Also home labing since it was my environment but my finding will be brought to my work place.
-
-
-
@Victor-Rosa I appreciate the feedback and I completely agree with you! The foundational skills we teach like ports, protocols, network services...etc., are critical to implementing, working with and troubleshooting the technologies that learners will encounter later or may already be working with.