Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Firewall changes prevent ODBC SQL access Expand / Collapse
Author
Message
Posted Tuesday, December 9, 2008 2:47 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, December 10, 2008 10:05 AM
Points: 2, Visits: 5
I'm wondering if anyone has come across this before. To achieve PCI-DSS compliance, we have been forced to segment our network behind a firewall.

Previously, our SQL server was on the same IP range as our clients (10.0.0.0/24), but has now been moved to a different IP range (192.168.4.0/24). The firewall, as far as I can tell, has been properly configured. All clients on the 10.0.0.0/24 range can ping the SQL server by name or by IP address.

However, when I try and configure clients to connect to the SQL Server by ODBC, I get the same error:

Connection failed.
SQL State: '01000' SQL
Server Error: 10061 [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets] ConnectionOpen (Connect())
Connection failed:
SQLState: '08001'
SQL Server Error: 17
[Microsoft][ODBC SQL Server Driver][TCP/IP Sockets] SQL Server does not exist or access denied.

I've ensured I'm using the correct username and password, and also played about with the client configuration settings (trying named pipes, tcp/ip etc. The port I'm attempting to use is 1433, which has been opened on the firewall).

We're using SQL Server 2000, fully patched, running on Windows 2003 Enterprise Server. The clients are all Windows XP SP2.
Can anyone help?
Post #615993
Posted Wednesday, December 10, 2008 8:31 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Tuesday, August 12, 2014 10:17 AM
Points: 277, Visits: 512

Check the SQL server and be sure you are running on the default port.

Post #617090
Posted Wednesday, December 10, 2008 9:46 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 10:11 AM
Points: 31,168, Visits: 15,611
Is this a named instance? If so, you connect to the browser service on 1433 and it lets you know which port the named instance is on. You need to set a specific port for the firewall (and have it opened) if you have named instances.






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #617177
Posted Wednesday, December 10, 2008 9:46 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, October 17, 2014 6:53 AM
Points: 1,669, Visits: 2,219
I'm not sure if it's necessary, but you may need to create a "DNS Name" for the server. That way, it's only created in one place, instead of having to modify the HOSTS file on every single client. Talk to your domain admin and/or network person about it. I don't know exactly how that's done, but it would be an administrative task on your DNS server.

Steve
(aka smunson)
:):):)


Steve
(aka sgmunson)

Internet ATM Machine
Post #617178
Posted Wednesday, December 10, 2008 10:08 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, December 10, 2008 10:05 AM
Points: 2, Visits: 5
Thanks for your replies, chaps. Problem is solved... it was something as simple as a DENY_ALL rule on our firewall preventing traffic between the two segments of the network. The ALLOW rule we'd added to allow the communication was beneath this and therefore being ignored.

I spanked our network admin ;)
Post #617201
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse