We are attempting to configure a server application to run on Windows Server 2008 R2 using SQL Server 2012 Express. With the server firewall turned off completely the application can communicate just fine with the server, but when the firewall is turned on and the usual SQL Server ports are enabled, the communication fails.
Are there any special tricks with the firewall to enable this to work on a Workgroup network? The application support people are used to working on a domain-based network and are surprised that the firewall is not working with their usual ports open.
Thank you,
Update:
We were given the following batch file to open up the required ports on the server. We tried this and saw all the corresponding SQL entries in the firewall exception list, but it was still not working (and we did try a server reboot).
@echo ========= SQL Server Ports ===================
@echo Enabling SQLServer default instance port 1433
netsh firewall set portopening TCP 1433 "SQLServer"
@echo Enabling Dedicated Admin Connection port 1434
netsh firewall set portopening TCP 1434 "SQL Admin Connection"
@echo Enabling conventional SQL Server Service Broker port 4022
netsh firewall set portopening TCP 4022 "SQL Service Broker"
@echo Enabling Transact-SQL Debugger/RPC port 135
netsh firewall set portopening TCP 135 "SQL Debugger/RPC"
@echo ========= Analysis Services Ports ==============
@echo Enabling SSAS Default Instance port 2383
netsh firewall set portopening TCP 2383 "Analysis Services"
@echo Enabling SQL Server Browser Service port 2382
netsh firewall set portopening TCP 2382 "SQL Browser"
@echo ========= Misc Applications ==============
@echo Enabling HTTP port 80
netsh firewall set portopening TCP 80 "HTTP"
@echo Enabling SSL port 443
netsh firewall set portopening TCP 443 "SSL"
@echo Enabling port for SQL Server Browser Service's 'Browse' Button
netsh firewall set portopening UDP 1434 "SQL Browser"
@echo Allowing multicast broadcast response on UDP (Browser Service Enumerations OK)
netsh firewall set multicastbroadcastresponse ENABLE
Best Answer
SQL Server documentation has a very good chapter on configuring the Windows Firewall for SQL Server. Pay special attention to the "dynamic ports" section: Configure the Windows Firewall to Allow SQL Server Access
I would assume your instance has a broker listening on 1433 and then using dynamic ports for the SQL DB instance. In this case you can either disable dynamic ports, or by using Windows Advanced Firewall give access to the sqlservr.exe instead of a specific port (as per the documentation).