Hello,
Thank you for reaching out
It seems like the issue you're facing is due to the firewall settings on your domain controller. When you allow the incoming traffic on TCP Port 3306 only for the public profile, your workstation can connect to the MySQL server, but that's not ideal as it exposes the port to public networks. You want to restrict the connection to only the domain network, without exposing it publicly.
Here are some steps to resolve the issue without opening port 3306 to the public:
1. Check the Network Profile of the Domain Controller
Ensure that your domain controller is correctly categorized as part of the Domain network profile. Sometimes, Windows might mistakenly categorize the domain controller as a public network, even if it’s part of the domain network.
You can check this by running:
Get-NetConnectionProfile
Ensure that the domain network interface is listed as DomainAuthenticated and not as Public. If it’s incorrect, change it using:
Set-NetConnectionProfile -InterfaceAlias "Ethernet" -NetworkCategory DomainAuthenticated
2. Allow 3306 TCP for the Domain Profile on the Firewall
You should configure the firewall rule to specifically allow connections for private and domain profiles, and avoid using the public profile for security reasons.
Follow these steps:
Open Windows Firewall and go to Advanced Settings.
In the Inbound Rules, locate the rule allowing TCP 3306.
Right-click the rule and choose Properties.
Under the General tab, ensure that the rule is enabled.
Go to the Scope tab and set the rule to apply only to the Domain profile and not to the public network.
Also, ensure that the Local IP Address is set to match the IP range of your domain network.
3. Check MySQL Binding Address
MySQL has a configuration option bind-address which controls on which IP address MySQL listens. By default, MySQL may only listen to 127.0.0.1 or localhost.
Open your my.cnf (or my.ini on Windows) file and ensure that MySQL is bound to the correct IP address (e.g., the domain controller's private IP address or 0.0.0.0 to listen on all interfaces). Example:
bind-address = 0.0.0.0
After making this change, restart MySQL.
4. Check the Routing Configuration
Ensure that there is proper routing between your workstation and the domain controller. If the workstation is on a different subnet, you might need to add a route on the domain controller to allow traffic from your workstation's subnet to reach port 3306.
5. Verify Network Isolation Settings
If you're using Network Isolation or Network Segmentation, ensure that the workstation can still reach the domain controller via TCP Port 3306 on the required interface.
6. Check for Antivirus Software Blocking
Some antivirus software (on either the workstation or domain controller) might block specific ports. Check for any settings in the antivirus software that might be preventing the connection.
7. Use Telnet for Further Debugging
After ensuring all firewall rules are correct, test the connection again using telnet:
telnet <server-ip> 3306
If the connection still fails, it could mean either MySQL is not listening on that port, or there's a misconfiguration in the firewall. You can also use tools like Wireshark to trace the packets and see if they’re getting blocked or misrouted.
8. Use Windows Server Firewall for Domain Profile
In some cases, instead of relying on the default Windows firewall settings, you might need to set up explicit inbound rules for the domain profile. Create a rule that allows port 3306, specifying the domain network only.
If you've verified all of this and the connection still fails, there may be a deeper networking or misconfiguration issue on either the workstation or the domain controller. Let me know how it goes!