Share via

Why is SQL Browser (on a cluster) doing a vertical port scan of the node its running on?

Chris Fournier 1 Reputation point
2021-06-30T16:01:45.313+00:00

Here's some background.

This is a 3 node SQL cluster running 10 instances all SQL 2012 on WIN2012R2. Each SQL instance has its own IP and uses p1433, so browser is not used to make connections to named instances.

One of our monitoring tools caught a SQL instance source using the SQL browser to do an internal port scan against the node it is running on.

Sample of ports scanned:
TCP/UDP Port (Impacted):
49179 (4)
49171 (4)
49173 (4)

Is anyone aware of this sort of behavior out of the browser service?

SQL Server | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmeliaGu-MSFT 14,006 Reputation points Microsoft External Staff
    2021-07-01T06:09:22.51+00:00

    Hi ChrisFournier-9075,

    Welcome to Microsoft Q&A.

    One of our monitoring tools caught a SQL instance source using the SQL browser to do an internal port scan against the node it is running on.

    Will this happen even if the browser is disabled?
    Could you please try to hide the instances in the SQL Server configuration manager? Setting the HideInstance flag can indicate that SQL Server Browser should not respond with information about this server instance. To hide a clustered instance, we need to create an alias in all the nodes of the clustered instance to reflect the static port that you configured for the instance.
    Please refer to this doc which might help.

    Best Regards,

    Amelia

    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.