Firewall changes prevent ODBC SQL access

  • I'm wondering if anyone has come across this before. To achieve PCI-DSS compliance, we have been forced to segment our network behind a firewall.

    Previously, our SQL server was on the same IP range as our clients (10.0.0.0/24), but has now been moved to a different IP range (192.168.4.0/24). The firewall, as far as I can tell, has been properly configured. All clients on the 10.0.0.0/24 range can ping the SQL server by name or by IP address.

    However, when I try and configure clients to connect to the SQL Server by ODBC, I get the same error:

    Connection failed.

    SQL State: '01000' SQL

    Server Error: 10061 [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets] ConnectionOpen (Connect())

    Connection failed:

    SQLState: '08001'

    SQL Server Error: 17

    [Microsoft][ODBC SQL Server Driver][TCP/IP Sockets] SQL Server does not exist or access denied.

    I've ensured I'm using the correct username and password, and also played about with the client configuration settings (trying named pipes, tcp/ip etc. The port I'm attempting to use is 1433, which has been opened on the firewall).

    We're using SQL Server 2000, fully patched, running on Windows 2003 Enterprise Server. The clients are all Windows XP SP2.

    Can anyone help?

  • Check the SQL server and be sure you are running on the default port.

  • Is this a named instance? If so, you connect to the browser service on 1433 and it lets you know which port the named instance is on. You need to set a specific port for the firewall (and have it opened) if you have named instances.

  • I'm not sure if it's necessary, but you may need to create a "DNS Name" for the server. That way, it's only created in one place, instead of having to modify the HOSTS file on every single client. Talk to your domain admin and/or network person about it. I don't know exactly how that's done, but it would be an administrative task on your DNS server.

    Steve

    (aka smunson)

    :):):)

    Steve (aka sgmunson) 🙂 🙂 🙂
    Rent Servers for Income (picks and shovels strategy)

  • Thanks for your replies, chaps. Problem is solved... it was something as simple as a DENY_ALL rule on our firewall preventing traffic between the two segments of the network. The ALLOW rule we'd added to allow the communication was beneath this and therefore being ignored.

    I spanked our network admin 😉

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply