无法通过PHP连接到MS SQL Server

Question

I have a MSSql Db I am trying to connect to from PHP7.1 hosted on my RedHat box running apache. I have installed the sqlsrv && pdo_sqlsrv extensions and verified they are present via php.ini.

This is the small script I am using to test my connection:

<?php
    $serverName = "MY_IP_ADDRESS"; //serverName\instanceName

    // Since UID and PWD are not specified in the $connectionInfo array,
   // The connection will be attempted using Windows Authentication.
   $connectionInfo = array("Database"=>"MY_DB", "UID"=>"MY_UID", "PWD"=>"MY_PWD");
   $conn = sqlsrv_connect(  $serverName, $connectionInfo);

  if( $conn ) {
      echo "Connection established.<br />";
  }else{
     echo "Connection could not be established.<br />";
     die( print_r( sqlsrv_errors(), true));
   }
?>

This is the reponse I am getting fro this script:

Connection could not be established.
Array
(
    [0] => Array
        (
            [0] => HYT00
            [SQLSTATE] => HYT00
            [1] => 0
            [code] => 0
            [2] => [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]Login timeout expired
            [message] => [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]Login timeout expired
        )
    [1] => Array
        (
            [0] => 08001
            [SQLSTATE] => 08001
            [1] => 10013
            [code] => 10013
            [2] => [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]TCP Provider: Error code 0x271D
            [message] => [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]TCP Provider: Error code 0x271D
        )
    [2] => Array
        (
            [0] => 08001
            [SQLSTATE] => 08001
            [1] => 10013
            [code] => 10013
            [2] => [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.
            [message] => [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.
        )
)

I have verified with telnet that I can connect to the MSSql server form my Redhat box. Any clues as to why I would not be able to connect to the db?

Answer 1

Thanks to miken32 I was finally able to find the solution. He pointed out that the connection might not be allowed by SELinux and he was right. I just had to allow db connections and it worked like a charm.

Allow db connections:

setsebool -P httpd_can_network_connect_db 1

Answer 2

RedHat Linux comes with SELinux protection enabled by default. The fact that you can execute this script from CLI as root suggests that they are preventing your script from running properly from the web server. You'll need to tweak a couple of settings to allow your web server this kind of access. Try this one first, which allows your web server to make its own network connections:

setsebool -P httpd_can_network_connect 1

If that doesn't work you can try allowing database access specifically, though I'm honestly not sure whether this would apply to a remote SQL Server:

setsetbool -P httpd_can_network_connect_db 1

If neither of those work, you'll want to use the audit2why tool to read your audit log and find out why it's getting rejected. That is likely a question for Server Fault though.

---

You may read suggestions to just disable SELinux. Don't do it. It's there for a reason, and provides a lot of protection for your server.