堆栈内存溢出
  简体   繁体   English

防火墙规则允许远程连接到其他域中的SQL Server

[英]Firewall rules to allow remote connection to SQL Server in a different domain

 原文  2014-08-08 16:29:51       sql-server/ ssms/ windows-server-2012/ windows-firewall/ sql-server-2014

问题描述

  1. I recently installed SQL Server Express 2014 on a series of machines running Windows Server 2012. Seven machines in total. 我最近在运行Windows Server 2012的一系列计算机上安装了SQL Server Express2014 。总共七台计算机。

  2. All but 1 of them live in the same local domain company.local . 除了1个外,其他所有用户都住在同一个地域company.local

  3. A single rogue machine lives in a different public domain public.company.org . 单个恶意机器位于另一个公共public.company.org

    1. The installation process on this machine on a separate domain was carried out by someone who was not paying much attention to the process and pretty much selected all defaults (aka a click-click-click installation.) As such, certain features such as SQL Server authentication and remote connectivity were not enabled by default. 该机器在单独域上的安装过程是由不十分关注该过程的人执行的,他几乎选择了所有默认设置(也就是单击单击安装)。因此,某些功能(例如SQL Server)默认情况下,未启用身份验证和远程连接。

  4. We want to connect remotely, via SQL Server Authentication, using SSMS , from development machines in the same local domain company.local . 我们希望通过SQL Server身份验证使用SSMS从同一本地域company.local中的开发计算机进行远程连接。 This we were able to easily turn on. 我们能够轻松打开它。

  5. As for allowing remote connections, we found ourselves in more difficulties. 至于允许远程连接,我们发现自己遇到了更多困难。

    1. We ensured that firewall rules have are defined to allow inbound connection on ports 1433 for TCP and 1434 for UDP. 我们确保已定义防火墙规则,以允许在TCP的端口1433和UDP的端口1434上进行入站连接。 We verified that that is the case. 我们证实情况就是如此。

    2. We have set this rule to apply to all profiles: Domain , Public , Private . 我们已将此规则设置为适用于所有配置文件: DomainPublicPrivate

    3. We ensured that all protocols for SQLEXPRESS are allowed in the SQL Server Configuration Manager , specifically TCP/IP. 我们确保在SQL Server配置管理器中允许所有SQLEXPRESS协议,特别是TCP / IP。

    4. We have enabled SQL Server Browser . 我们已启用SQL Server浏览器

    5. We have restarted all services multiple times after our configuration changes. 配置更改后,我们已多次重新启动所有服务。 We have even restarted the machine. 我们甚至已经重启了机器。

      • We have also kicked the box. 我们也踢了箱子。

    6. We are still not able to the SQLEXPRESS instance using either: 我们仍然不能使用以下两种方法访问SQLEXPRESS实例:

      • machine-name.public.company.com\\SQLEXPRESS
      • machine-name.public.company.com\\SQLEXPRESS,1434
      • <ip-address>\\SQLEXPRESS
      • <ip-address>\\SQLEXPRESS,1434
      • Using SSMS or SQLCMD 使用SSMSSQLCMD
      • Using SQL Server Authentication, with regular logins or sa. 使用SQL Server身份验证以及常规登录名或sa。
      • Using windows authentication, with credentials on the remote machine. 使用Windows身份验证以及远程计算机上的凭据。

    7. Pinging the server shows it is responsive. 对服务器执行ping命令显示它已响应。 And we have verified that the ports are indeed open. 并且我们已经验证了端口确实是开放的。

    8. As far as we are aware of, we've revised, compared and match all configuration/environment settings from the 6 local machines to the one on the different domain. 据我们所知,我们已经对6台本地计算机上的所有配置/环境设置进行了修订,比较和匹配,并将它们与不同域中的一台进行匹配。

    9. When disabling firewall all together at all levels, we are able to connect. 在所有级别同时禁用防火墙时,我们可以进行连接。

    10. Of course we don't want to leave the door open, so we added a inbound rule to the firewall to allow all sorts of connections to the SQL Server (SQLEXPRESS) service. 当然,我们不想打开大门,因此我们向防火墙添加了入站规则,以允许与SQL Server(SQLEXPRESS)服务的各种连接。

QUESTION

So the QUESTION is if what we did is the correct approach? 所以问题是我们所做的是正确的方法吗?

How come adding this firewall exception for the SQL Server process itself is not required in the other local machines??? 为什么在其他本地计算机上不需要为SQL Server进程本身添加此防火墙例外???

1 个解决方案

解决方案1
 0 已采纳  2014-08-10 08:41:53

I've checked your post twice, but I can't find anything about whether you've allowed remote connections to that SQL Express instance. 我已经检查过您的帖子两次,但是关于您是否允许远程连接到该SQL Express实例,我找不到任何信息。 You've allowed all protocols, sure, but that's not enough. 当然,您已经允许所有协议,但这还不够。

By default, all remote connections to Express instances are disabled (that includes DAC, too). 默认情况下,所有与Express实例的远程连接均被禁用(也包括DAC)。 To check this setting, restart the machine (or SQL instance) and look into SQL Server logs. 要检查此设置,请重新启动计算机(或SQL实例)并查看SQL Server日志。 Specifically, you will be interested in entries started with "SQL Server is listening on ..." - there, you'll find all protocols, ports and addresses the instance is listening on. 具体来说,您将对以“ SQL Server正在侦听...”开头的条目感兴趣-在此处,您将找到实例正在侦听的所有协议,端口和地址。 If the only IP you're see there is 127.0.0.1, then instance rejects all remote connections, regardless of firewall or anything else. 如果您看到的唯一IP是127.0.0.1,则实例将拒绝所有远程连接,而不管防火墙或其他任何内容。

I don't have 2014 Express to check it, but in 2012 this setting is configured via Configuration Manager, in the "SQL Server Network Configuration" section. 我没有2014 Express可以检查它,但是在2012年,此设置是通过Configuration Manager在“ SQL Server网络配置”部分中进行配置的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 允许SQL Server远程连接 - Allow SQL Server Remote Connection 如何在与 1433 不同的端口上允许 MS SQL 服务器管理工​​作室中的远程连接? - How to allow remote connection in MS SQL server management studio, on a port different then 1433? 阻止 SQL 服务器上的远程连接并只允许本地连接 - Block remote connection on SQL server and allow only local connection SQL Server连接字符串-不同的域 - SQL Server Connection String - Different Domain 如何在Visual Studio 2013中配置SQL Server以允许远程连接 - How to configure SQL Server in Visual Studio 2013 to allow remote connection 在不配置防火墙的情况下连接到远程SQL Server - Connecting to a remote SQL Server without configuring the firewall 服务器外部的Azure TFS / SQL防火墙连接 - Azure TFS/SQL firewall connection outside server SQL Server多服务器管理需要哪些防火墙规则 - What firewall rules are necessary for SQL Server Multi-Server Administration 远程连接到SQL Server - Remote connection to SQL Server SQL Server远程连接 - SQL Server Remote Connection
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM