none
Windows Firewall blocking port 1433 traffic for PPTP connected computer

    Question

  • I have a single server which runs Windows 2008 R2 and also SQL Server 2008 R2.  (Don't worry, this isn't a SQL question!)

    Computers on the same local network as the server can connect OK to the SQL Server using SQL Server Management Studio, pointing to the server on its local address (192.168.0.133).

    I have another (Win 7 x64) machine which is connected remotely using a PPTP VPN.  In Routing and Remote Access I can see it listed under "Remote Access Clients (1)". The Properties of the connected client show the IP address as 192.168.0.202.  On the remote machine I am able to map network drives on the server, connect to the server using VNC, and so on.  But if I try to connect to the server using SQL Management Studio it tells me that the server cannot be found (SQL Server error 5).

    HOWEVER (and this is why I don't think this is a SQL question) if I go into Windows Firewall on the server and change the SQL (port 1433) rule to apply to the public as well as the private profile, then I can connect OK.

    But surely having connected via PPTP, and been given a local 192.168 address, my machine should be allowed through on the private profile only?

    I realise that my understanding of PPTP, VPNs etc is somewhat shaky so apologies for that!

    Mike


    Tuesday, March 19, 2013 12:37 PM

Answers

  • OK, thanks - I misunderstood the purpose of the firewall profiles.

    In fact both the private and the public profiles were active: the private on the LAN connection, and the public on the RAS connection.  Changing the RAS connection from public to private solved the problem.

    Mike



    Friday, March 22, 2013 10:48 AM

All replies

  • We are performing some research on this case and will reply soon.

     

    Regards,

    Zhang     

    TechNet Subscriber Support

    If you are TechNet Subscriptionuser and have any feedback, please send your feedback here.

    Thursday, March 21, 2013 2:53 AM
  • Hi Mike,

    What is the current profile used by your SQL server? Is it using public profile? When it uses public profile, it will use the rules in the public profile in the windows firewall. The public profile has the most secure and restrictive role which may block the SQL traffic.

    Best Regards

    Scott Xie


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, March 21, 2013 9:43 AM
  • Hi Scott

    Thanks for your help.  But how do you set SQL Server to use a particular firewall profile?  Surely the profile used depends on where the traffic is coming from, not on the software the traffic is aimed at?

    Mike


    Thursday, March 21, 2013 10:50 AM
  • Hi Mike,

    Based on my experience, the windows should use the profile which depends on its profile. It should not depend on where the traffic is coming from. Only one firewall profile may be active on the computer at the same time.

    To determine which firewall profile is currently being used, click Start, type wf.msc in the Start Search box, and then click wf.msc in the Programs list. The active profile is indicated in the Overview section in the "Windows Firewall with Advanced Security" Microsoft Management Console (MMC).

    Please refer to the following article:

    http://support.microsoft.com/kb/938756/en-us

    Best Regards

    Scott Xie


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, March 22, 2013 8:01 AM
  • OK, thanks - I misunderstood the purpose of the firewall profiles.

    In fact both the private and the public profiles were active: the private on the LAN connection, and the public on the RAS connection.  Changing the RAS connection from public to private solved the problem.

    Mike



    Friday, March 22, 2013 10:48 AM
  • Hi,

    I am experiencing the same issue. I have set up a PPTP VPN on windows 2008 R2. It works perfectly well and once connected my my client machine can access to the remote network.

    However, the SQL server is not detected. I suspect a firewall issue.

    both public and domain profiles are active. Incoming requests firewall policies are active and allow dbclient.exe connection for all profiles both TCP and UDP (all ports). However, dbclient cannot connect via VPN (it can when executed on the LAN).

    I would like to test your solution but I do not understand how you changed your RAS connection profile. 

    I tried gpedit.msc command to do it as described in the "Server 2012: File Sharing with VPN / RAS" but I cannot even see my PPTP VPN connection in the list of connections.

    Could you indicate a way to do make i have the proper profile set up of the VPN connection.

    Many thanks

    Sunday, December 22, 2013 10:39 PM