CREATE ENDPOINT [CustomConnection1]
STATE = STARTED
AS TCP
(LISTENER_PORT = 1444, LISTENER_IP =ALL)
FOR TSQL() ;
And I got warning about permissions being revoked for the default tcp
endpoint, but I was okay with that since I really wanted all users to go
through this new endpoint I am creating.
I then granted connect pemissions to a sql login (called test) to connect to
this endpoint.
I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
I tried connecting to the sql server with the test login & it gave me a
login failed error 18456.
i then granted connect permissions to public to the default tcp port & tried
conecting with the test user & it connected successfully. So obviously it wa
s
connecting with the default tcp port & not the new port i defined as the
endpoint. to be sure, i stopped the new endpoint & connected with the test
login again & it still worked.
So my question is - what am i doing wrong? i dont connections to go through
the default tcp port , i want them to go through the port i define in the
endpoint.
also, how can i connect to a specific port through management studio?
just fyi - i basically followed the instructions on this link:
http://msdn2.microsoft.com/en-us/library/ms189310.aspx
thanks in advance!Did you specify this new port in the connection string/server name?
It seems you just want to change the port, and for that you don't need to cr
eate a new endpoint. You
would just change the port in Server Configuration program.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"adba" <adba@.discussions.microsoft.com> wrote in message
news:04055949-5892-425E-8593-541612857169@.microsoft.com...
>i have created a new tcp endpoint using the following:
> CREATE ENDPOINT [CustomConnection1]
> STATE = STARTED
> AS TCP
> (LISTENER_PORT = 1444, LISTENER_IP =ALL)
> FOR TSQL() ;
> And I got warning about permissions being revoked for the default tcp
> endpoint, but I was okay with that since I really wanted all users to go
> through this new endpoint I am creating.
> I then granted connect pemissions to a sql login (called test) to connect
to
> this endpoint.
> I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
> I tried connecting to the sql server with the test login & it gave me a
> login failed error 18456.
> i then granted connect permissions to public to the default tcp port & tri
ed
> conecting with the test user & it connected successfully. So obviously it
was
> connecting with the default tcp port & not the new port i defined as the
> endpoint. to be sure, i stopped the new endpoint & connected with the test
> login again & it still worked.
> So my question is - what am i doing wrong? i dont connections to go throug
h
> the default tcp port , i want them to go through the port i define in the
> endpoint.
> also, how can i connect to a specific port through management studio?
> just fyi - i basically followed the instructions on this link:
> http://msdn2.microsoft.com/en-us/library/ms189310.aspx
> thanks in advance!
>|||No, I haven’t specified this new port in my servername – how do I do tha
t in
management studio? Lets assume my server name is sqltest & the new port
number is 1443 & the endpoint is called custom1. should the servername be
sqltest:1443 ?
What I want to do is create different tcp endpoints for different
applications. That way the default port 1433 would be used only by admins
internally & other users outside the firewall will connect through another
port (new endpoint) than 1433. That way if security is compromised with one
application, I don’t have to shut the entire server down, I should be able
to
shut down that specific port – does this idea make sense' I’m not havin
g
much luck implementing it….
"Tibor Karaszi" wrote:
> Did you specify this new port in the connection string/server name?
> It seems you just want to change the port, and for that you don't need to
create a new endpoint. You
> would just change the port in Server Configuration program.
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://sqlblog.com/blogs/tibor_karaszi
>
> "adba" <adba@.discussions.microsoft.com> wrote in message
> news:04055949-5892-425E-8593-541612857169@.microsoft.com...
>|||I understand about your usage scenario. Yes, that makes sense to me.
To connect to so something else than the "default" port, the client uses bel
ow syntax for the server
name. Note that you don't specify an instance name if it is a named instance
:
SERVERNAME,PORT#
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"adba" <adba@.discussions.microsoft.com> wrote in message
news:C84D70CE-AEC4-48F3-B56E-86C264C85858@.microsoft.com...[vbcol=seagreen]
> No, I haven’t specified this new port in my servername – how do I do t
hat in
> management studio? Lets assume my server name is sqltest & the new port
> number is 1443 & the endpoint is called custom1. should the servername be
> sqltest:1443 ?
> What I want to do is create different tcp endpoints for different
> applications. That way the default port 1433 would be used only by admins
> internally & other users outside the firewall will connect through another
> port (new endpoint) than 1433. That way if security is compromised with on
e
> application, I don’t have to shut the entire server down, I should be ab
le to
> shut down that specific port – does this idea make sense' I’m not hav
ing
> much luck implementing it….
>
> "Tibor Karaszi" wrote:
>|||thanks. okay now i wa able to connect to a specific port through management
studio.
but my problem is that to be able to connect to that port, i have to have
connect permissions granted to public on the default tcp port. like when you
create a new endpointm it takes away the permissions on the deafult port. so
i i leave it like that, i cannot connect to the new endpoint i created. if i
grant permissions to public, it kind of defeats the purpose of creating new
endpoints for me.
so i guess my question is can we connect to a new endpoint without granting
connect permissions to public on the default tcp port?
"Tibor Karaszi" wrote:
> I understand about your usage scenario. Yes, that makes sense to me.
> To connect to so something else than the "default" port, the client uses b
elow syntax for the server
> name. Note that you don't specify an instance name if it is a named instan
ce:
> SERVERNAME,PORT#
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://sqlblog.com/blogs/tibor_karaszi
>
> "adba" <adba@.discussions.microsoft.com> wrote in message
> news:C84D70CE-AEC4-48F3-B56E-86C264C85858@.microsoft.com...
>|||> but my problem is that to be able to connect to that port, i have to have
> connect permissions granted to public on the default tcp port.
That is not what I'm seeing. Below is what I did, and result of my actions.
I'm on sp2, btw:
CREATE LOGIN adba WITH PASSWORD = 'pwd'
CREATE ENDPOINT [CustomConnection1]
STATE = STARTED
AS TCP
(LISTENER_PORT = 1444, LISTENER_IP =ALL)
FOR TSQL() ;
GRANT CONNECT ON ENDPOINT::[CustomConnection1] to [public]
GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
-- Added port 1444 in Network Server Utility, IPAll, TCP Port: 1433,1444
-- Restarted SQL Server
REVOKE CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
--Login adba able to login on port 1444
--Login adba not able to login with only server name specified
--Login adba not able to login on port 1433
--Windows login able to login on port 1433
--Windows login able to login with only server name specified
--(my Windows account is a login member of syadmin)
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"adba" <adba@.discussions.microsoft.com> wrote in message
news:9AF19309-A371-4983-B788-95E67789552C@.microsoft.com...[vbcol=seagreen]
> thanks. okay now i wa able to connect to a specific port through managemen
t
> studio.
> but my problem is that to be able to connect to that port, i have to have
> connect permissions granted to public on the default tcp port. like when y
ou
> create a new endpointm it takes away the permissions on the deafult port.
so
> i i leave it like that, i cannot connect to the new endpoint i created. if
i
> grant permissions to public, it kind of defeats the purpose of creating ne
w
> endpoints for me.
> so i guess my question is can we connect to a new endpoint without grantin
g
> connect permissions to public on the default tcp port?
> "Tibor Karaszi" wrote:
>|||ok i tried your steps like u mentioned them & all of them worked except for
"Login adba not able to login with only server name specified". The login
adba is still able to connect with the servername
Public has grant permissions to the following:
CustomConnection1
TSQL Default VIA
TSQL Local Machine
TSQL Named Pipes
So I'm guessing adba is able to connect usng one of the other protocols'
"Tibor Karaszi" wrote:
> That is not what I'm seeing. Below is what I did, and result of my actions
. I'm on sp2, btw:
> CREATE LOGIN adba WITH PASSWORD = 'pwd'
> CREATE ENDPOINT [CustomConnection1]
> STATE = STARTED
> AS TCP
> (LISTENER_PORT = 1444, LISTENER_IP =ALL)
> FOR TSQL() ;
> GRANT CONNECT ON ENDPOINT::[CustomConnection1] to [public]
> GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
> -- Added port 1444 in Network Server Utility, IPAll, TCP Port: 1433,1444
> -- Restarted SQL Server
> REVOKE CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
> --Login adba able to login on port 1444
> --Login adba not able to login with only server name specified
> --Login adba not able to login on port 1433
> --Windows login able to login on port 1433
> --Windows login able to login with only server name specified
> --(my Windows account is a login member of syadmin)
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://sqlblog.com/blogs/tibor_karaszi
>
> "adba" <adba@.discussions.microsoft.com> wrote in message
> news:9AF19309-A371-4983-B788-95E67789552C@.microsoft.com...
>|||> So I'm guessing adba is able to connect usng one of the other protocols'
That seems to be the case. You can check what netlib a connection is using t
hough the catalog views.
And you can disable netlibs using Configuration Manager. Note that the VIA i
s disabled by default
and Local Machine is only for local access, so the only one you would need t
o disable is Named
Pipes.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"adba" <adba@.discussions.microsoft.com> wrote in message
news:DF4D5051-2D13-4083-9A82-BCC4A597E071@.microsoft.com...[vbcol=seagreen]
> ok i tried your steps like u mentioned them & all of them worked except fo
r
> "Login adba not able to login with only server name specified". The login
> adba is still able to connect with the servername
> Public has grant permissions to the following:
> CustomConnection1
> TSQL Default VIA
> TSQL Local Machine
> TSQL Named Pipes
> So I'm guessing adba is able to connect usng one of the other protocols'
>
> "Tibor Karaszi" wrote:
>|||That was it Tibor. Once I disabled the other protocols it couldnt connect.
Thanks so much for your help.
"Tibor Karaszi" wrote:
> That seems to be the case. You can check what netlib a connection is using
though the catalog views.
> And you can disable netlibs using Configuration Manager. Note that the VIA
is disabled by default
> and Local Machine is only for local access, so the only one you would need
to disable is Named
> Pipes.
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://sqlblog.com/blogs/tibor_karaszi
>
> "adba" <adba@.discussions.microsoft.com> wrote in message
> news:DF4D5051-2D13-4083-9A82-BCC4A597E071@.microsoft.com...
>sqlsql
No comments:
Post a Comment