i have created a new tcp endpoint using the following:
CREATE ENDPOINT [CustomConnection1]
STATE = STARTED
AS TCP
(LISTENER_PORT = 1444, LISTENER_IP =ALL)
FOR TSQL() ;
And I got warning about permissions being revoked for the default tcp
endpoint, but I was okay with that since I really wanted all users to go
through this new endpoint I am creating.
I then granted connect pemissions to a sql login (called test) to connect to
this endpoint.
I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
I tried connecting to the sql server with the test login & it gave me a
login failed error 18456.
i then granted connect permissions to public to the default tcp port & tried
conecting with the test user & it connected successfully. So obviously it was
connecting with the default tcp port & not the new port i defined as the
endpoint. to be sure, i stopped the new endpoint & connected with the test
login again & it still worked.
So my question is - what am i doing wrong? i dont connections to go through
the default tcp port , i want them to go through the port i define in the
endpoint.
also, how can i connect to a specific port through management studio?
just fyi - i basically followed the instructions on this link:
http://msdn2.microsoft.com/en-us/library/ms189310.aspx
thanks in advance!Did you specify this new port in the connection string/server name?
It seems you just want to change the port, and for that you don't need to create a new endpoint. You
would just change the port in Server Configuration program.
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"adba" <adba@.discussions.microsoft.com> wrote in message
news:04055949-5892-425E-8593-541612857169@.microsoft.com...
>i have created a new tcp endpoint using the following:
> CREATE ENDPOINT [CustomConnection1]
> STATE = STARTED
> AS TCP
> (LISTENER_PORT = 1444, LISTENER_IP =ALL)
> FOR TSQL() ;
> And I got warning about permissions being revoked for the default tcp
> endpoint, but I was okay with that since I really wanted all users to go
> through this new endpoint I am creating.
> I then granted connect pemissions to a sql login (called test) to connect to
> this endpoint.
> I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
> I tried connecting to the sql server with the test login & it gave me a
> login failed error 18456.
> i then granted connect permissions to public to the default tcp port & tried
> conecting with the test user & it connected successfully. So obviously it was
> connecting with the default tcp port & not the new port i defined as the
> endpoint. to be sure, i stopped the new endpoint & connected with the test
> login again & it still worked.
> So my question is - what am i doing wrong? i dont connections to go through
> the default tcp port , i want them to go through the port i define in the
> endpoint.
> also, how can i connect to a specific port through management studio?
> just fyi - i basically followed the instructions on this link:
> http://msdn2.microsoft.com/en-us/library/ms189310.aspx
> thanks in advance!
>|||No, I havenâ't specified this new port in my servername â' how do I do that in
management studio? Lets assume my server name is sqltest & the new port
number is 1443 & the endpoint is called custom1. should the servername be
sqltest:1443 ?
What I want to do is create different tcp endpoints for different
applications. That way the default port 1433 would be used only by admins
internally & other users outside the firewall will connect through another
port (new endpoint) than 1433. That way if security is compromised with one
application, I donâ't have to shut the entire server down, I should be able to
shut down that specific port â' does this idea make sense' Iâ'm not having
much luck implementing itâ?¦.
"Tibor Karaszi" wrote:
> Did you specify this new port in the connection string/server name?
> It seems you just want to change the port, and for that you don't need to create a new endpoint. You
> would just change the port in Server Configuration program.
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://sqlblog.com/blogs/tibor_karaszi
>
> "adba" <adba@.discussions.microsoft.com> wrote in message
> news:04055949-5892-425E-8593-541612857169@.microsoft.com...
> >i have created a new tcp endpoint using the following:
> > CREATE ENDPOINT [CustomConnection1]
> > STATE = STARTED
> > AS TCP
> > (LISTENER_PORT = 1444, LISTENER_IP =ALL)
> > FOR TSQL() ;
> > And I got warning about permissions being revoked for the default tcp
> > endpoint, but I was okay with that since I really wanted all users to go
> > through this new endpoint I am creating.
> > I then granted connect pemissions to a sql login (called test) to connect to
> > this endpoint.
> > I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
> > I tried connecting to the sql server with the test login & it gave me a
> > login failed error 18456.
> > i then granted connect permissions to public to the default tcp port & tried
> > conecting with the test user & it connected successfully. So obviously it was
> > connecting with the default tcp port & not the new port i defined as the
> > endpoint. to be sure, i stopped the new endpoint & connected with the test
> > login again & it still worked.
> > So my question is - what am i doing wrong? i dont connections to go through
> > the default tcp port , i want them to go through the port i define in the
> > endpoint.
> > also, how can i connect to a specific port through management studio?
> >
> > just fyi - i basically followed the instructions on this link:
> > http://msdn2.microsoft.com/en-us/library/ms189310.aspx
> >
> > thanks in advance!
> >
> >
>|||I understand about your usage scenario. Yes, that makes sense to me.
To connect to so something else than the "default" port, the client uses below syntax for the server
name. Note that you don't specify an instance name if it is a named instance:
SERVERNAME,PORT#
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"adba" <adba@.discussions.microsoft.com> wrote in message
news:C84D70CE-AEC4-48F3-B56E-86C264C85858@.microsoft.com...
> No, I havenâ't specified this new port in my servername â' how do I do that in
> management studio? Lets assume my server name is sqltest & the new port
> number is 1443 & the endpoint is called custom1. should the servername be
> sqltest:1443 ?
> What I want to do is create different tcp endpoints for different
> applications. That way the default port 1433 would be used only by admins
> internally & other users outside the firewall will connect through another
> port (new endpoint) than 1433. That way if security is compromised with one
> application, I donâ't have to shut the entire server down, I should be able to
> shut down that specific port â' does this idea make sense' Iâ'm not having
> much luck implementing itâ?¦.
>
> "Tibor Karaszi" wrote:
>> Did you specify this new port in the connection string/server name?
>> It seems you just want to change the port, and for that you don't need to create a new endpoint.
>> You
>> would just change the port in Server Configuration program.
>> --
>> Tibor Karaszi, SQL Server MVP
>> http://www.karaszi.com/sqlserver/default.asp
>> http://sqlblog.com/blogs/tibor_karaszi
>>
>> "adba" <adba@.discussions.microsoft.com> wrote in message
>> news:04055949-5892-425E-8593-541612857169@.microsoft.com...
>> >i have created a new tcp endpoint using the following:
>> > CREATE ENDPOINT [CustomConnection1]
>> > STATE = STARTED
>> > AS TCP
>> > (LISTENER_PORT = 1444, LISTENER_IP =ALL)
>> > FOR TSQL() ;
>> > And I got warning about permissions being revoked for the default tcp
>> > endpoint, but I was okay with that since I really wanted all users to go
>> > through this new endpoint I am creating.
>> > I then granted connect pemissions to a sql login (called test) to connect to
>> > this endpoint.
>> > I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
>> > I tried connecting to the sql server with the test login & it gave me a
>> > login failed error 18456.
>> > i then granted connect permissions to public to the default tcp port & tried
>> > conecting with the test user & it connected successfully. So obviously it was
>> > connecting with the default tcp port & not the new port i defined as the
>> > endpoint. to be sure, i stopped the new endpoint & connected with the test
>> > login again & it still worked.
>> > So my question is - what am i doing wrong? i dont connections to go through
>> > the default tcp port , i want them to go through the port i define in the
>> > endpoint.
>> > also, how can i connect to a specific port through management studio?
>> >
>> > just fyi - i basically followed the instructions on this link:
>> > http://msdn2.microsoft.com/en-us/library/ms189310.aspx
>> >
>> > thanks in advance!
>> >
>> >
>>|||thanks. okay now i wa able to connect to a specific port through management
studio.
but my problem is that to be able to connect to that port, i have to have
connect permissions granted to public on the default tcp port. like when you
create a new endpointm it takes away the permissions on the deafult port. so
i i leave it like that, i cannot connect to the new endpoint i created. if i
grant permissions to public, it kind of defeats the purpose of creating new
endpoints for me.
so i guess my question is can we connect to a new endpoint without granting
connect permissions to public on the default tcp port?
"Tibor Karaszi" wrote:
> I understand about your usage scenario. Yes, that makes sense to me.
> To connect to so something else than the "default" port, the client uses below syntax for the server
> name. Note that you don't specify an instance name if it is a named instance:
> SERVERNAME,PORT#
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://sqlblog.com/blogs/tibor_karaszi
>
> "adba" <adba@.discussions.microsoft.com> wrote in message
> news:C84D70CE-AEC4-48F3-B56E-86C264C85858@.microsoft.com...
> > No, I havenâ't specified this new port in my servername â' how do I do that in
> > management studio? Lets assume my server name is sqltest & the new port
> > number is 1443 & the endpoint is called custom1. should the servername be
> > sqltest:1443 ?
> >
> > What I want to do is create different tcp endpoints for different
> > applications. That way the default port 1433 would be used only by admins
> > internally & other users outside the firewall will connect through another
> > port (new endpoint) than 1433. That way if security is compromised with one
> > application, I donâ't have to shut the entire server down, I should be able to
> > shut down that specific port â' does this idea make sense' Iâ'm not having
> > much luck implementing itâ?¦.
> >
> >
> >
> > "Tibor Karaszi" wrote:
> >
> >> Did you specify this new port in the connection string/server name?
> >>
> >> It seems you just want to change the port, and for that you don't need to create a new endpoint.
> >> You
> >> would just change the port in Server Configuration program.
> >>
> >> --
> >> Tibor Karaszi, SQL Server MVP
> >> http://www.karaszi.com/sqlserver/default.asp
> >> http://sqlblog.com/blogs/tibor_karaszi
> >>
> >>
> >> "adba" <adba@.discussions.microsoft.com> wrote in message
> >> news:04055949-5892-425E-8593-541612857169@.microsoft.com...
> >> >i have created a new tcp endpoint using the following:
> >> > CREATE ENDPOINT [CustomConnection1]
> >> > STATE = STARTED
> >> > AS TCP
> >> > (LISTENER_PORT = 1444, LISTENER_IP =ALL)
> >> > FOR TSQL() ;
> >> > And I got warning about permissions being revoked for the default tcp
> >> > endpoint, but I was okay with that since I really wanted all users to go
> >> > through this new endpoint I am creating.
> >> > I then granted connect pemissions to a sql login (called test) to connect to
> >> > this endpoint.
> >> > I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
> >> > I tried connecting to the sql server with the test login & it gave me a
> >> > login failed error 18456.
> >> > i then granted connect permissions to public to the default tcp port & tried
> >> > conecting with the test user & it connected successfully. So obviously it was
> >> > connecting with the default tcp port & not the new port i defined as the
> >> > endpoint. to be sure, i stopped the new endpoint & connected with the test
> >> > login again & it still worked.
> >> > So my question is - what am i doing wrong? i dont connections to go through
> >> > the default tcp port , i want them to go through the port i define in the
> >> > endpoint.
> >> > also, how can i connect to a specific port through management studio?
> >> >
> >> > just fyi - i basically followed the instructions on this link:
> >> > http://msdn2.microsoft.com/en-us/library/ms189310.aspx
> >> >
> >> > thanks in advance!
> >> >
> >> >
> >>
> >>
>|||> but my problem is that to be able to connect to that port, i have to have
> connect permissions granted to public on the default tcp port.
That is not what I'm seeing. Below is what I did, and result of my actions. I'm on sp2, btw:
CREATE LOGIN adba WITH PASSWORD = 'pwd'
CREATE ENDPOINT [CustomConnection1]
STATE = STARTED
AS TCP
(LISTENER_PORT = 1444, LISTENER_IP =ALL)
FOR TSQL() ;
GRANT CONNECT ON ENDPOINT::[CustomConnection1] to [public]
GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
-- Added port 1444 in Network Server Utility, IPAll, TCP Port: 1433,1444
-- Restarted SQL Server
REVOKE CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
--Login adba able to login on port 1444
--Login adba not able to login with only server name specified
--Login adba not able to login on port 1433
--Windows login able to login on port 1433
--Windows login able to login with only server name specified
--(my Windows account is a login member of syadmin)
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"adba" <adba@.discussions.microsoft.com> wrote in message
news:9AF19309-A371-4983-B788-95E67789552C@.microsoft.com...
> thanks. okay now i wa able to connect to a specific port through management
> studio.
> but my problem is that to be able to connect to that port, i have to have
> connect permissions granted to public on the default tcp port. like when you
> create a new endpointm it takes away the permissions on the deafult port. so
> i i leave it like that, i cannot connect to the new endpoint i created. if i
> grant permissions to public, it kind of defeats the purpose of creating new
> endpoints for me.
> so i guess my question is can we connect to a new endpoint without granting
> connect permissions to public on the default tcp port?
> "Tibor Karaszi" wrote:
>> I understand about your usage scenario. Yes, that makes sense to me.
>> To connect to so something else than the "default" port, the client uses below syntax for the
>> server
>> name. Note that you don't specify an instance name if it is a named instance:
>> SERVERNAME,PORT#
>> --
>> Tibor Karaszi, SQL Server MVP
>> http://www.karaszi.com/sqlserver/default.asp
>> http://sqlblog.com/blogs/tibor_karaszi
>>
>> "adba" <adba@.discussions.microsoft.com> wrote in message
>> news:C84D70CE-AEC4-48F3-B56E-86C264C85858@.microsoft.com...
>> > No, I havenâ't specified this new port in my servername â' how do I do that in
>> > management studio? Lets assume my server name is sqltest & the new port
>> > number is 1443 & the endpoint is called custom1. should the servername be
>> > sqltest:1443 ?
>> >
>> > What I want to do is create different tcp endpoints for different
>> > applications. That way the default port 1433 would be used only by admins
>> > internally & other users outside the firewall will connect through another
>> > port (new endpoint) than 1433. That way if security is compromised with one
>> > application, I donâ't have to shut the entire server down, I should be able to
>> > shut down that specific port â' does this idea make sense' Iâ'm not having
>> > much luck implementing itâ?¦.
>> >
>> >
>> >
>> > "Tibor Karaszi" wrote:
>> >
>> >> Did you specify this new port in the connection string/server name?
>> >>
>> >> It seems you just want to change the port, and for that you don't need to create a new
>> >> endpoint.
>> >> You
>> >> would just change the port in Server Configuration program.
>> >>
>> >> --
>> >> Tibor Karaszi, SQL Server MVP
>> >> http://www.karaszi.com/sqlserver/default.asp
>> >> http://sqlblog.com/blogs/tibor_karaszi
>> >>
>> >>
>> >> "adba" <adba@.discussions.microsoft.com> wrote in message
>> >> news:04055949-5892-425E-8593-541612857169@.microsoft.com...
>> >> >i have created a new tcp endpoint using the following:
>> >> > CREATE ENDPOINT [CustomConnection1]
>> >> > STATE = STARTED
>> >> > AS TCP
>> >> > (LISTENER_PORT = 1444, LISTENER_IP =ALL)
>> >> > FOR TSQL() ;
>> >> > And I got warning about permissions being revoked for the default tcp
>> >> > endpoint, but I was okay with that since I really wanted all users to go
>> >> > through this new endpoint I am creating.
>> >> > I then granted connect pemissions to a sql login (called test) to connect to
>> >> > this endpoint.
>> >> > I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
>> >> > I tried connecting to the sql server with the test login & it gave me a
>> >> > login failed error 18456.
>> >> > i then granted connect permissions to public to the default tcp port & tried
>> >> > conecting with the test user & it connected successfully. So obviously it was
>> >> > connecting with the default tcp port & not the new port i defined as the
>> >> > endpoint. to be sure, i stopped the new endpoint & connected with the test
>> >> > login again & it still worked.
>> >> > So my question is - what am i doing wrong? i dont connections to go through
>> >> > the default tcp port , i want them to go through the port i define in the
>> >> > endpoint.
>> >> > also, how can i connect to a specific port through management studio?
>> >> >
>> >> > just fyi - i basically followed the instructions on this link:
>> >> > http://msdn2.microsoft.com/en-us/library/ms189310.aspx
>> >> >
>> >> > thanks in advance!
>> >> >
>> >> >
>> >>
>> >>
>>|||ok i tried your steps like u mentioned them & all of them worked except for
"Login adba not able to login with only server name specified". The login
adba is still able to connect with the servername :(
Public has grant permissions to the following:
CustomConnection1
TSQL Default VIA
TSQL Local Machine
TSQL Named Pipes
So I'm guessing adba is able to connect usng one of the other protocols'
"Tibor Karaszi" wrote:
> > but my problem is that to be able to connect to that port, i have to have
> > connect permissions granted to public on the default tcp port.
> That is not what I'm seeing. Below is what I did, and result of my actions. I'm on sp2, btw:
> CREATE LOGIN adba WITH PASSWORD = 'pwd'
> CREATE ENDPOINT [CustomConnection1]
> STATE = STARTED
> AS TCP
> (LISTENER_PORT = 1444, LISTENER_IP =ALL)
> FOR TSQL() ;
> GRANT CONNECT ON ENDPOINT::[CustomConnection1] to [public]
> GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
> -- Added port 1444 in Network Server Utility, IPAll, TCP Port: 1433,1444
> -- Restarted SQL Server
> REVOKE CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
> --Login adba able to login on port 1444
> --Login adba not able to login with only server name specified
> --Login adba not able to login on port 1433
> --Windows login able to login on port 1433
> --Windows login able to login with only server name specified
> --(my Windows account is a login member of syadmin)
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://sqlblog.com/blogs/tibor_karaszi
>
> "adba" <adba@.discussions.microsoft.com> wrote in message
> news:9AF19309-A371-4983-B788-95E67789552C@.microsoft.com...
> > thanks. okay now i wa able to connect to a specific port through management
> > studio.
> > but my problem is that to be able to connect to that port, i have to have
> > connect permissions granted to public on the default tcp port. like when you
> > create a new endpointm it takes away the permissions on the deafult port. so
> > i i leave it like that, i cannot connect to the new endpoint i created. if i
> > grant permissions to public, it kind of defeats the purpose of creating new
> > endpoints for me.
> > so i guess my question is can we connect to a new endpoint without granting
> > connect permissions to public on the default tcp port?
> >
> > "Tibor Karaszi" wrote:
> >
> >> I understand about your usage scenario. Yes, that makes sense to me.
> >> To connect to so something else than the "default" port, the client uses below syntax for the
> >> server
> >> name. Note that you don't specify an instance name if it is a named instance:
> >> SERVERNAME,PORT#
> >>
> >> --
> >> Tibor Karaszi, SQL Server MVP
> >> http://www.karaszi.com/sqlserver/default.asp
> >> http://sqlblog.com/blogs/tibor_karaszi
> >>
> >>
> >> "adba" <adba@.discussions.microsoft.com> wrote in message
> >> news:C84D70CE-AEC4-48F3-B56E-86C264C85858@.microsoft.com...
> >> > No, I havenâ't specified this new port in my servername â' how do I do that in
> >> > management studio? Lets assume my server name is sqltest & the new port
> >> > number is 1443 & the endpoint is called custom1. should the servername be
> >> > sqltest:1443 ?
> >> >
> >> > What I want to do is create different tcp endpoints for different
> >> > applications. That way the default port 1433 would be used only by admins
> >> > internally & other users outside the firewall will connect through another
> >> > port (new endpoint) than 1433. That way if security is compromised with one
> >> > application, I donâ't have to shut the entire server down, I should be able to
> >> > shut down that specific port â' does this idea make sense' Iâ'm not having
> >> > much luck implementing itâ?¦.
> >> >
> >> >
> >> >
> >> > "Tibor Karaszi" wrote:
> >> >
> >> >> Did you specify this new port in the connection string/server name?
> >> >>
> >> >> It seems you just want to change the port, and for that you don't need to create a new
> >> >> endpoint.
> >> >> You
> >> >> would just change the port in Server Configuration program.
> >> >>
> >> >> --
> >> >> Tibor Karaszi, SQL Server MVP
> >> >> http://www.karaszi.com/sqlserver/default.asp
> >> >> http://sqlblog.com/blogs/tibor_karaszi
> >> >>
> >> >>
> >> >> "adba" <adba@.discussions.microsoft.com> wrote in message
> >> >> news:04055949-5892-425E-8593-541612857169@.microsoft.com...
> >> >> >i have created a new tcp endpoint using the following:
> >> >> > CREATE ENDPOINT [CustomConnection1]
> >> >> > STATE = STARTED
> >> >> > AS TCP
> >> >> > (LISTENER_PORT = 1444, LISTENER_IP =ALL)
> >> >> > FOR TSQL() ;
> >> >> > And I got warning about permissions being revoked for the default tcp
> >> >> > endpoint, but I was okay with that since I really wanted all users to go
> >> >> > through this new endpoint I am creating.
> >> >> > I then granted connect pemissions to a sql login (called test) to connect to
> >> >> > this endpoint.
> >> >> > I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
> >> >> > I tried connecting to the sql server with the test login & it gave me a
> >> >> > login failed error 18456.
> >> >> > i then granted connect permissions to public to the default tcp port & tried
> >> >> > conecting with the test user & it connected successfully. So obviously it was
> >> >> > connecting with the default tcp port & not the new port i defined as the
> >> >> > endpoint. to be sure, i stopped the new endpoint & connected with the test
> >> >> > login again & it still worked.
> >> >> > So my question is - what am i doing wrong? i dont connections to go through
> >> >> > the default tcp port , i want them to go through the port i define in the
> >> >> > endpoint.
> >> >> > also, how can i connect to a specific port through management studio?
> >> >> >
> >> >> > just fyi - i basically followed the instructions on this link:
> >> >> > http://msdn2.microsoft.com/en-us/library/ms189310.aspx
> >> >> >
> >> >> > thanks in advance!
> >> >> >
> >> >> >
> >> >>
> >> >>
> >>
> >>
>|||> So I'm guessing adba is able to connect usng one of the other protocols'
That seems to be the case. You can check what netlib a connection is using though the catalog views.
And you can disable netlibs using Configuration Manager. Note that the VIA is disabled by default
and Local Machine is only for local access, so the only one you would need to disable is Named
Pipes.
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://sqlblog.com/blogs/tibor_karaszi
"adba" <adba@.discussions.microsoft.com> wrote in message
news:DF4D5051-2D13-4083-9A82-BCC4A597E071@.microsoft.com...
> ok i tried your steps like u mentioned them & all of them worked except for
> "Login adba not able to login with only server name specified". The login
> adba is still able to connect with the servername :(
> Public has grant permissions to the following:
> CustomConnection1
> TSQL Default VIA
> TSQL Local Machine
> TSQL Named Pipes
> So I'm guessing adba is able to connect usng one of the other protocols'
>
> "Tibor Karaszi" wrote:
>> > but my problem is that to be able to connect to that port, i have to have
>> > connect permissions granted to public on the default tcp port.
>> That is not what I'm seeing. Below is what I did, and result of my actions. I'm on sp2, btw:
>> CREATE LOGIN adba WITH PASSWORD = 'pwd'
>> CREATE ENDPOINT [CustomConnection1]
>> STATE = STARTED
>> AS TCP
>> (LISTENER_PORT = 1444, LISTENER_IP =ALL)
>> FOR TSQL() ;
>> GRANT CONNECT ON ENDPOINT::[CustomConnection1] to [public]
>> GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
>> -- Added port 1444 in Network Server Utility, IPAll, TCP Port: 1433,1444
>> -- Restarted SQL Server
>> REVOKE CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
>> --Login adba able to login on port 1444
>> --Login adba not able to login with only server name specified
>> --Login adba not able to login on port 1433
>> --Windows login able to login on port 1433
>> --Windows login able to login with only server name specified
>> --(my Windows account is a login member of syadmin)
>> --
>> Tibor Karaszi, SQL Server MVP
>> http://www.karaszi.com/sqlserver/default.asp
>> http://sqlblog.com/blogs/tibor_karaszi
>>
>> "adba" <adba@.discussions.microsoft.com> wrote in message
>> news:9AF19309-A371-4983-B788-95E67789552C@.microsoft.com...
>> > thanks. okay now i wa able to connect to a specific port through management
>> > studio.
>> > but my problem is that to be able to connect to that port, i have to have
>> > connect permissions granted to public on the default tcp port. like when you
>> > create a new endpointm it takes away the permissions on the deafult port. so
>> > i i leave it like that, i cannot connect to the new endpoint i created. if i
>> > grant permissions to public, it kind of defeats the purpose of creating new
>> > endpoints for me.
>> > so i guess my question is can we connect to a new endpoint without granting
>> > connect permissions to public on the default tcp port?
>> >
>> > "Tibor Karaszi" wrote:
>> >
>> >> I understand about your usage scenario. Yes, that makes sense to me.
>> >> To connect to so something else than the "default" port, the client uses below syntax for the
>> >> server
>> >> name. Note that you don't specify an instance name if it is a named instance:
>> >> SERVERNAME,PORT#
>> >>
>> >> --
>> >> Tibor Karaszi, SQL Server MVP
>> >> http://www.karaszi.com/sqlserver/default.asp
>> >> http://sqlblog.com/blogs/tibor_karaszi
>> >>
>> >>
>> >> "adba" <adba@.discussions.microsoft.com> wrote in message
>> >> news:C84D70CE-AEC4-48F3-B56E-86C264C85858@.microsoft.com...
>> >> > No, I havenâ't specified this new port in my servername â' how do I do that in
>> >> > management studio? Lets assume my server name is sqltest & the new port
>> >> > number is 1443 & the endpoint is called custom1. should the servername be
>> >> > sqltest:1443 ?
>> >> >
>> >> > What I want to do is create different tcp endpoints for different
>> >> > applications. That way the default port 1433 would be used only by admins
>> >> > internally & other users outside the firewall will connect through another
>> >> > port (new endpoint) than 1433. That way if security is compromised with one
>> >> > application, I donâ't have to shut the entire server down, I should be able to
>> >> > shut down that specific port â' does this idea make sense' Iâ'm not having
>> >> > much luck implementing itâ?¦.
>> >> >
>> >> >
>> >> >
>> >> > "Tibor Karaszi" wrote:
>> >> >
>> >> >> Did you specify this new port in the connection string/server name?
>> >> >>
>> >> >> It seems you just want to change the port, and for that you don't need to create a new
>> >> >> endpoint.
>> >> >> You
>> >> >> would just change the port in Server Configuration program.
>> >> >>
>> >> >> --
>> >> >> Tibor Karaszi, SQL Server MVP
>> >> >> http://www.karaszi.com/sqlserver/default.asp
>> >> >> http://sqlblog.com/blogs/tibor_karaszi
>> >> >>
>> >> >>
>> >> >> "adba" <adba@.discussions.microsoft.com> wrote in message
>> >> >> news:04055949-5892-425E-8593-541612857169@.microsoft.com...
>> >> >> >i have created a new tcp endpoint using the following:
>> >> >> > CREATE ENDPOINT [CustomConnection1]
>> >> >> > STATE = STARTED
>> >> >> > AS TCP
>> >> >> > (LISTENER_PORT = 1444, LISTENER_IP =ALL)
>> >> >> > FOR TSQL() ;
>> >> >> > And I got warning about permissions being revoked for the default tcp
>> >> >> > endpoint, but I was okay with that since I really wanted all users to go
>> >> >> > through this new endpoint I am creating.
>> >> >> > I then granted connect pemissions to a sql login (called test) to connect to
>> >> >> > this endpoint.
>> >> >> > I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
>> >> >> > I tried connecting to the sql server with the test login & it gave me a
>> >> >> > login failed error 18456.
>> >> >> > i then granted connect permissions to public to the default tcp port & tried
>> >> >> > conecting with the test user & it connected successfully. So obviously it was
>> >> >> > connecting with the default tcp port & not the new port i defined as the
>> >> >> > endpoint. to be sure, i stopped the new endpoint & connected with the test
>> >> >> > login again & it still worked.
>> >> >> > So my question is - what am i doing wrong? i dont connections to go through
>> >> >> > the default tcp port , i want them to go through the port i define in the
>> >> >> > endpoint.
>> >> >> > also, how can i connect to a specific port through management studio?
>> >> >> >
>> >> >> > just fyi - i basically followed the instructions on this link:
>> >> >> > http://msdn2.microsoft.com/en-us/library/ms189310.aspx
>> >> >> >
>> >> >> > thanks in advance!
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >>
>> >>
>>|||That was it Tibor. Once I disabled the other protocols it couldnt connect.
Thanks so much for your help.
"Tibor Karaszi" wrote:
> > So I'm guessing adba is able to connect usng one of the other protocols'
> That seems to be the case. You can check what netlib a connection is using though the catalog views.
> And you can disable netlibs using Configuration Manager. Note that the VIA is disabled by default
> and Local Machine is only for local access, so the only one you would need to disable is Named
> Pipes.
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://sqlblog.com/blogs/tibor_karaszi
>
> "adba" <adba@.discussions.microsoft.com> wrote in message
> news:DF4D5051-2D13-4083-9A82-BCC4A597E071@.microsoft.com...
> > ok i tried your steps like u mentioned them & all of them worked except for
> >
> > "Login adba not able to login with only server name specified". The login
> > adba is still able to connect with the servername :(
> >
> > Public has grant permissions to the following:
> > CustomConnection1
> > TSQL Default VIA
> > TSQL Local Machine
> > TSQL Named Pipes
> >
> > So I'm guessing adba is able to connect usng one of the other protocols'
> >
> >
> > "Tibor Karaszi" wrote:
> >
> >> > but my problem is that to be able to connect to that port, i have to have
> >> > connect permissions granted to public on the default tcp port.
> >>
> >> That is not what I'm seeing. Below is what I did, and result of my actions. I'm on sp2, btw:
> >>
> >> CREATE LOGIN adba WITH PASSWORD = 'pwd'
> >>
> >> CREATE ENDPOINT [CustomConnection1]
> >> STATE = STARTED
> >> AS TCP
> >> (LISTENER_PORT = 1444, LISTENER_IP =ALL)
> >> FOR TSQL() ;
> >>
> >> GRANT CONNECT ON ENDPOINT::[CustomConnection1] to [public]
> >>
> >> GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
> >>
> >> -- Added port 1444 in Network Server Utility, IPAll, TCP Port: 1433,1444
> >> -- Restarted SQL Server
> >>
> >> REVOKE CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]
> >>
> >> --Login adba able to login on port 1444
> >> --Login adba not able to login with only server name specified
> >> --Login adba not able to login on port 1433
> >> --Windows login able to login on port 1433
> >> --Windows login able to login with only server name specified
> >> --(my Windows account is a login member of syadmin)
> >> --
> >> Tibor Karaszi, SQL Server MVP
> >> http://www.karaszi.com/sqlserver/default.asp
> >> http://sqlblog.com/blogs/tibor_karaszi
> >>
> >>
> >> "adba" <adba@.discussions.microsoft.com> wrote in message
> >> news:9AF19309-A371-4983-B788-95E67789552C@.microsoft.com...
> >> > thanks. okay now i wa able to connect to a specific port through management
> >> > studio.
> >> > but my problem is that to be able to connect to that port, i have to have
> >> > connect permissions granted to public on the default tcp port. like when you
> >> > create a new endpointm it takes away the permissions on the deafult port. so
> >> > i i leave it like that, i cannot connect to the new endpoint i created. if i
> >> > grant permissions to public, it kind of defeats the purpose of creating new
> >> > endpoints for me.
> >> > so i guess my question is can we connect to a new endpoint without granting
> >> > connect permissions to public on the default tcp port?
> >> >
> >> > "Tibor Karaszi" wrote:
> >> >
> >> >> I understand about your usage scenario. Yes, that makes sense to me.
> >> >> To connect to so something else than the "default" port, the client uses below syntax for the
> >> >> server
> >> >> name. Note that you don't specify an instance name if it is a named instance:
> >> >> SERVERNAME,PORT#
> >> >>
> >> >> --
> >> >> Tibor Karaszi, SQL Server MVP
> >> >> http://www.karaszi.com/sqlserver/default.asp
> >> >> http://sqlblog.com/blogs/tibor_karaszi
> >> >>
> >> >>
> >> >> "adba" <adba@.discussions.microsoft.com> wrote in message
> >> >> news:C84D70CE-AEC4-48F3-B56E-86C264C85858@.microsoft.com...
> >> >> > No, I havenâ't specified this new port in my servername â' how do I do that in
> >> >> > management studio? Lets assume my server name is sqltest & the new port
> >> >> > number is 1443 & the endpoint is called custom1. should the servername be
> >> >> > sqltest:1443 ?
> >> >> >
> >> >> > What I want to do is create different tcp endpoints for different
> >> >> > applications. That way the default port 1433 would be used only by admins
> >> >> > internally & other users outside the firewall will connect through another
> >> >> > port (new endpoint) than 1433. That way if security is compromised with one
> >> >> > application, I donâ't have to shut the entire server down, I should be able to
> >> >> > shut down that specific port â' does this idea make sense' Iâ'm not having
> >> >> > much luck implementing itâ?¦.
> >> >> >
> >> >> >
> >> >> >
> >> >> > "Tibor Karaszi" wrote:
> >> >> >
> >> >> >> Did you specify this new port in the connection string/server name?
> >> >> >>
> >> >> >> It seems you just want to change the port, and for that you don't need to create a new
> >> >> >> endpoint.
> >> >> >> You
> >> >> >> would just change the port in Server Configuration program.
> >> >> >>
> >> >> >> --
> >> >> >> Tibor Karaszi, SQL Server MVP
> >> >> >> http://www.karaszi.com/sqlserver/default.asp
> >> >> >> http://sqlblog.com/blogs/tibor_karaszi
> >> >> >>
> >> >> >>
> >> >> >> "adba" <adba@.discussions.microsoft.com> wrote in message
> >> >> >> news:04055949-5892-425E-8593-541612857169@.microsoft.com...
> >> >> >> >i have created a new tcp endpoint using the following:
> >> >> >> > CREATE ENDPOINT [CustomConnection1]
> >> >> >> > STATE = STARTED
> >> >> >> > AS TCP
> >> >> >> > (LISTENER_PORT = 1444, LISTENER_IP =ALL)
> >> >> >> > FOR TSQL() ;
> >> >> >> > And I got warning about permissions being revoked for the default tcp
> >> >> >> > endpoint, but I was okay with that since I really wanted all users to go
> >> >> >> > through this new endpoint I am creating.
> >> >> >> > I then granted connect pemissions to a sql login (called test) to connect to
> >> >> >> > this endpoint.
> >> >> >> > I added the tcp port 1444 to the IPALL TCP Port list & restarted SQL.
> >> >> >> > I tried connecting to the sql server with the test login & it gave me a
> >> >> >> > login failed error 18456.
> >> >> >> > i then granted connect permissions to public to the default tcp port & tried
> >> >> >> > conecting with the test user & it connected successfully. So obviously it was
> >> >> >> > connecting with the default tcp port & not the new port i defined as the
> >> >> >> > endpoint. to be sure, i stopped the new endpoint & connected with the test
> >> >> >> > login again & it still worked.
> >> >> >> > So my question is - what am i doing wrong? i dont connections to go through
> >> >> >> > the default tcp port , i want them to go through the port i define in the
> >> >> >> > endpoint.
> >> >> >> > also, how can i connect to a specific port through management studio?
> >> >> >> >
> >> >> >> > just fyi - i basically followed the instructions on this link:
> >> >> >> > http://msdn2.microsoft.com/en-us/library/ms189310.aspx
> >> >> >> >
> >> >> >> > thanks in advance!
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >>
> >>
>
Showing posts with label state. Show all posts
Showing posts with label state. Show all posts
Tuesday, 20 March 2012
Sunday, 12 February 2012
Configuring ASP.NET for Persistant Seesion State Management
Hi,
We have created an ASPState database following the instructions in 311209 in
KB. One part of this is to run a job, ASPState_Job_DeleteExpiredSessions,
every minute to clean up any expired sessions from this database.
Recently we had MOM say that this job was causing blocking problems on the
ASPState db. What are the ramifications of changing the job frequency from 1
minute to longer on using this method?
Thanks
Chris WoodChris Wood wrote:
> Hi,
> We have created an ASPState database following the instructions in 311209 in
> KB. One part of this is to run a job, ASPState_Job_DeleteExpiredSessions,
> every minute to clean up any expired sessions from this database.
> Recently we had MOM say that this job was causing blocking problems on the
> ASPState db. What are the ramifications of changing the job frequency from 1
> minute to longer on using this method?
> Thanks
> Chris Wood
>
Review the execution plan for the delete query that you're running,
create the necessary indexes to eliminate any table or index scans that
the delete statement is doing. This will minimize the locking that is
done to the table.
Tracy McKibben
MCDBA
http://www.realsqlguy.com|||Tracy,
This is a script provided by MS! You think that I should change it?
Thanks
Chris
"Tracy McKibben" <tracy@.realsqlguy.com> wrote in message
news:ecdTMGMtGHA.1948@.TK2MSFTNGP04.phx.gbl...
> Chris Wood wrote:
>> Hi,
>> We have created an ASPState database following the instructions in 311209
>> in KB. One part of this is to run a job,
>> ASPState_Job_DeleteExpiredSessions, every minute to clean up any expired
>> sessions from this database.
>> Recently we had MOM say that this job was causing blocking problems on
>> the ASPState db. What are the ramifications of changing the job frequency
>> from 1 minute to longer on using this method?
>> Thanks
>> Chris Wood
> Review the execution plan for the delete query that you're running, create
> the necessary indexes to eliminate any table or index scans that the
> delete statement is doing. This will minimize the locking that is done to
> the table.
>
> --
> Tracy McKibben
> MCDBA
> http://www.realsqlguy.com|||Chris Wood wrote:
> Tracy,
> This is a script provided by MS! You think that I should change it?
> Thanks
>
Just because it's from Microsoft doesn't mean it's perfect. I'm not
familiar with the script you're using, but I didn't say you should
change the script itself. I suggested that you review the execution
plan, to make sure the proper indexes are in place. You are
experiencing blocking problems during a delete operation. This usually
means that the delete is doing a table or index scan and holding a
higher level lock than necessary. Putting the proper index in place
will eliminate the scan, minimizing the duration of the lock.
Tracy McKibben
MCDBA
http://www.realsqlguy.com
We have created an ASPState database following the instructions in 311209 in
KB. One part of this is to run a job, ASPState_Job_DeleteExpiredSessions,
every minute to clean up any expired sessions from this database.
Recently we had MOM say that this job was causing blocking problems on the
ASPState db. What are the ramifications of changing the job frequency from 1
minute to longer on using this method?
Thanks
Chris WoodChris Wood wrote:
> Hi,
> We have created an ASPState database following the instructions in 311209 in
> KB. One part of this is to run a job, ASPState_Job_DeleteExpiredSessions,
> every minute to clean up any expired sessions from this database.
> Recently we had MOM say that this job was causing blocking problems on the
> ASPState db. What are the ramifications of changing the job frequency from 1
> minute to longer on using this method?
> Thanks
> Chris Wood
>
Review the execution plan for the delete query that you're running,
create the necessary indexes to eliminate any table or index scans that
the delete statement is doing. This will minimize the locking that is
done to the table.
Tracy McKibben
MCDBA
http://www.realsqlguy.com|||Tracy,
This is a script provided by MS! You think that I should change it?
Thanks
Chris
"Tracy McKibben" <tracy@.realsqlguy.com> wrote in message
news:ecdTMGMtGHA.1948@.TK2MSFTNGP04.phx.gbl...
> Chris Wood wrote:
>> Hi,
>> We have created an ASPState database following the instructions in 311209
>> in KB. One part of this is to run a job,
>> ASPState_Job_DeleteExpiredSessions, every minute to clean up any expired
>> sessions from this database.
>> Recently we had MOM say that this job was causing blocking problems on
>> the ASPState db. What are the ramifications of changing the job frequency
>> from 1 minute to longer on using this method?
>> Thanks
>> Chris Wood
> Review the execution plan for the delete query that you're running, create
> the necessary indexes to eliminate any table or index scans that the
> delete statement is doing. This will minimize the locking that is done to
> the table.
>
> --
> Tracy McKibben
> MCDBA
> http://www.realsqlguy.com|||Chris Wood wrote:
> Tracy,
> This is a script provided by MS! You think that I should change it?
> Thanks
>
Just because it's from Microsoft doesn't mean it's perfect. I'm not
familiar with the script you're using, but I didn't say you should
change the script itself. I suggested that you review the execution
plan, to make sure the proper indexes are in place. You are
experiencing blocking problems during a delete operation. This usually
means that the delete is doing a table or index scan and holding a
higher level lock than necessary. Putting the proper index in place
will eliminate the scan, minimizing the duration of the lock.
Tracy McKibben
MCDBA
http://www.realsqlguy.com
Configuring ASP.NET for Persistant Seesion State Management
Hi,
We have created an ASPState database following the instructions in 311209 in
KB. One part of this is to run a job, ASPState_Job_DeleteExpiredSessions,
every minute to clean up any expired sessions from this database.
Recently we had MOM say that this job was causing blocking problems on the
ASPState db. What are the ramifications of changing the job frequency from 1
minute to longer on using this method?
Thanks
Chris WoodChris Wood wrote:
> Hi,
> We have created an ASPState database following the instructions in 311209
in
> KB. One part of this is to run a job, ASPState_Job_DeleteExpiredSessions,
> every minute to clean up any expired sessions from this database.
> Recently we had MOM say that this job was causing blocking problems on the
> ASPState db. What are the ramifications of changing the job frequency from
1
> minute to longer on using this method?
> Thanks
> Chris Wood
>
Review the execution plan for the delete query that you're running,
create the necessary indexes to eliminate any table or index scans that
the delete statement is doing. This will minimize the locking that is
done to the table.
Tracy McKibben
MCDBA
http://www.realsqlguy.com|||Tracy,
This is a script provided by MS! You think that I should change it?
Thanks
Chris
"Tracy McKibben" <tracy@.realsqlguy.com> wrote in message
news:ecdTMGMtGHA.1948@.TK2MSFTNGP04.phx.gbl...
> Chris Wood wrote:
> Review the execution plan for the delete query that you're running, create
> the necessary indexes to eliminate any table or index scans that the
> delete statement is doing. This will minimize the locking that is done to
> the table.
>
> --
> Tracy McKibben
> MCDBA
> http://www.realsqlguy.com|||Chris Wood wrote:
> Tracy,
> This is a script provided by MS! You think that I should change it?
> Thanks
>
Just because it's from Microsoft doesn't mean it's perfect. I'm not
familiar with the script you're using, but I didn't say you should
change the script itself. I suggested that you review the execution
plan, to make sure the proper indexes are in place. You are
experiencing blocking problems during a delete operation. This usually
means that the delete is doing a table or index scan and holding a
higher level lock than necessary. Putting the proper index in place
will eliminate the scan, minimizing the duration of the lock.
Tracy McKibben
MCDBA
http://www.realsqlguy.com
We have created an ASPState database following the instructions in 311209 in
KB. One part of this is to run a job, ASPState_Job_DeleteExpiredSessions,
every minute to clean up any expired sessions from this database.
Recently we had MOM say that this job was causing blocking problems on the
ASPState db. What are the ramifications of changing the job frequency from 1
minute to longer on using this method?
Thanks
Chris WoodChris Wood wrote:
> Hi,
> We have created an ASPState database following the instructions in 311209
in
> KB. One part of this is to run a job, ASPState_Job_DeleteExpiredSessions,
> every minute to clean up any expired sessions from this database.
> Recently we had MOM say that this job was causing blocking problems on the
> ASPState db. What are the ramifications of changing the job frequency from
1
> minute to longer on using this method?
> Thanks
> Chris Wood
>
Review the execution plan for the delete query that you're running,
create the necessary indexes to eliminate any table or index scans that
the delete statement is doing. This will minimize the locking that is
done to the table.
Tracy McKibben
MCDBA
http://www.realsqlguy.com|||Tracy,
This is a script provided by MS! You think that I should change it?
Thanks
Chris
"Tracy McKibben" <tracy@.realsqlguy.com> wrote in message
news:ecdTMGMtGHA.1948@.TK2MSFTNGP04.phx.gbl...
> Chris Wood wrote:
> Review the execution plan for the delete query that you're running, create
> the necessary indexes to eliminate any table or index scans that the
> delete statement is doing. This will minimize the locking that is done to
> the table.
>
> --
> Tracy McKibben
> MCDBA
> http://www.realsqlguy.com|||Chris Wood wrote:
> Tracy,
> This is a script provided by MS! You think that I should change it?
> Thanks
>
Just because it's from Microsoft doesn't mean it's perfect. I'm not
familiar with the script you're using, but I didn't say you should
change the script itself. I suggested that you review the execution
plan, to make sure the proper indexes are in place. You are
experiencing blocking problems during a delete operation. This usually
means that the delete is doing a table or index scan and holding a
higher level lock than necessary. Putting the proper index in place
will eliminate the scan, minimizing the duration of the lock.
Tracy McKibben
MCDBA
http://www.realsqlguy.com
Subscribe to:
Posts (Atom)