Last week I was installing SQL Server 2008 R2 on a 64 bit Windows 2008 box, after the installation I suppose to do a post installation check that includes connectivity test both local and remotely. I ensured that the SQL services are running under expected network domain account. When I tried to connect the SQL instance remotely the SQL kept throwing connection error and I couldn’t get into the instance and the below error popped up.
Error Thrown
TITLE: Connect to Server
------------------------------
Cannot connect to SQL2008INS01.
------------------------------
ADDITIONAL INFORMATION:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) (Microsoft SQL Server, Error: 10060)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=10060&LinkId=20476
-----------------------------
BUTTONS:
OK
------------------------------
After reading some knowledge bases and forums I understood the follows. In Windows Server 2008 and Vista the default dynamic port range for outgoing connections has been increased, the default start port is 49152 and end port is 65535 where as the earlier versions has between 1025 through 5000. By default the SQL Server establish it connections through TCP port 1433 and the windows firewall will accept connections.
In windows server 2008 the firewall is on and blocking all remote connections by default. This ensures that Windows 2008 does not leave the TCP port open by default not the SQL 2008 installation. We have to create a firewall rule to allow the server to send and receive traffic from SQL Server.
So make sure to add this step in our SQL 2008 post installation step on Windows Server 2008 to open the TCP port 1433.
By default, the Windows Firewall blocks all incoming unsolicited network traffics, we need to configure firewall rules for program, port or system/app services to connect a server remotely.
Following are steps to configure firewall rules for TCP port 1433 to accept SQL Server connection request remotely.
Step 1: Go to Start Administrative Tools click on Windows Firewall and Advanced Security, on Windows Firewall and Advanced Security page, right click on Inbound Rules and click on New Rule(Refer Fig1).
Step 2: The New Rule will navigate to Rule Type window, here you can chose either program, port , predefined or a custom rules. Make sure you have chosen Port and click Next(Refer Fig2).
Step 3: Now you are on the Protocol and Ports settings window, make sure the rules applies to TCP and type 1433 on Specific local ports and click Next(Refer Fig 3).
Step 4: After specifying the port number 1433, you have to specify the action to be taken by Windows Firewall when it receives a connection that matches with the specified conditions, so choose “Allow the Connections” and click Next to move further (Refer Fig 4).
Step 5: Now choose the profile to apply the rule. Since most of the business allows their employees to work remotely and these three profiles will be used most common. Choose all three and move next (Refer Fig 5)
Step 6: Finally specify the name of the Firewall rule and Finish it(Refer Fig6).
Reference
1) The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008
2) Windows Server 2008 Default firewall Settings
3) How to: Configure a Windows Firewall for Database Engine Access
4) How do I open the firewall port for SQL Server on Windows Server 2008 programmatically?
Error Thrown
TITLE: Connect to Server
------------------------------
Cannot connect to SQL2008INS01.
------------------------------
ADDITIONAL INFORMATION:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) (Microsoft SQL Server, Error: 10060)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=10060&LinkId=20476
-----------------------------
BUTTONS:
OK
------------------------------
After reading some knowledge bases and forums I understood the follows. In Windows Server 2008 and Vista the default dynamic port range for outgoing connections has been increased, the default start port is 49152 and end port is 65535 where as the earlier versions has between 1025 through 5000. By default the SQL Server establish it connections through TCP port 1433 and the windows firewall will accept connections.
In windows server 2008 the firewall is on and blocking all remote connections by default. This ensures that Windows 2008 does not leave the TCP port open by default not the SQL 2008 installation. We have to create a firewall rule to allow the server to send and receive traffic from SQL Server.
So make sure to add this step in our SQL 2008 post installation step on Windows Server 2008 to open the TCP port 1433.
By default, the Windows Firewall blocks all incoming unsolicited network traffics, we need to configure firewall rules for program, port or system/app services to connect a server remotely.
Following are steps to configure firewall rules for TCP port 1433 to accept SQL Server connection request remotely.
Step 1: Go to Start Administrative Tools click on Windows Firewall and Advanced Security, on Windows Firewall and Advanced Security page, right click on Inbound Rules and click on New Rule(Refer Fig1).
| Image may be NSFW. Clik here to view.  |
| Fig 1 |
Step 2: The New Rule will navigate to Rule Type window, here you can chose either program, port , predefined or a custom rules. Make sure you have chosen Port and click Next(Refer Fig2).
| Image may be NSFW. Clik here to view.  |
| Fig2 |
Step 3: Now you are on the Protocol and Ports settings window, make sure the rules applies to TCP and type 1433 on Specific local ports and click Next(Refer Fig 3).
| Image may be NSFW. Clik here to view.  |
| Fig 3 |
| Image may be NSFW. Clik here to view.  |
| Fig 4 |
| Image may be NSFW. Clik here to view.  |
| Fig 5 |
Step 6: Finally specify the name of the Firewall rule and Finish it(Refer Fig6).
| Image may be NSFW. Clik here to view.  |
| Fig 6 |
Reference
1) The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008
2) Windows Server 2008 Default firewall Settings
3) How to: Configure a Windows Firewall for Database Engine Access
4) How do I open the firewall port for SQL Server on Windows Server 2008 programmatically?