แก้ไข

แชร์ผ่าน


Lesson 2: Connect from another computer

Applies to: SQL Server

To enhance security, the Database Engine of SQL Server Developer, Express, and Evaluation editions can't be accessed from another computer when initially installed. This lesson shows you how to enable the protocols, configure the ports, and configure the Windows Firewall for connecting from other computers.

This lesson contains the following tasks:

Enable protocols

To enhance security, SQL Server Express, Developer, and Evaluation editions install with only limited network connectivity. Connections to the Database Engine can be made from tools that are running on the same computer but not from other computers if you're planning to do your development work on the same computer as the Database Engine, you don't have to enable additional protocols. Management Studio connects to the Database Engine by using the shared memory protocol. This protocol is already enabled.

If you plan to connect to the Database Engine from another computer, you must enable a protocol, such as TCP/IP.

How to enable TCP/IP connections from another computer

  1. On the Start menu, point to All Programs, point to Microsoft SQL Server, point to Configuration Tools, and then select SQL Server Configuration Manager.

    Note

    Check to see if you have both 32-bit and 64-bit options available.

    Version Path
    SQL Server 2022 (16.x) C:\Windows\SysWOW64\SQLServerManager16.msc
    SQL Server 2019 (15.x) C:\Windows\SysWOW64\SQLServerManager15.msc
    SQL Server 2017 (14.x) C:\Windows\SysWOW64\SQLServerManager14.msc
    SQL Server 2016 (13.x) C:\Windows\SysWOW64\SQLServerManager13.msc
    SQL Server 2014 (12.x) C:\Windows\SysWOW64\SQLServerManager12.msc
    SQL Server 2012 (11.x) C:\Windows\SysWOW64\SQLServerManager11.msc
  2. In SQL Server Configuration Manager, expand SQL Server Network Configuration, and then select Protocols for <InstanceName>.

    The default (unnamed) instance is listed as MSSQLSERVER. If you installed a named instance, the name you provided is listed. SQL Server Express installs as SQLEXPRESS, unless you changed the name during setup.

  3. In the list of protocols, right-click the protocol you want to enable (TCP/IP), and then select Enable.

    Note

    Restart the SQL Server service after you make changes to network protocols; however, this is completed in the next task.

Configure a fixed port

To enhance security, Windows and Windows Server turn on the Windows Firewall. When you want to connect to this instance from another computer, you must open a communication port in the firewall. The default instance of the Database Engine listens on port 1433; therefore, you don't have to configure a fixed port. However, named instances, including SQL Server Express listen on dynamic ports. Before you can open a port in the firewall, you must first configure the Database Engine to listen on a specific port known as a fixed port or a static port; otherwise, the Database Engine might listen on a different port each time it starts. For more information about firewalls, the default Windows Firewall settings, and a description of the TCP ports that affect the Database Engine, Analysis Services, Reporting Services, and Integration Services, see Configure the Windows Firewall to allow SQL Server access.

Note

Port number assignments are managed by the Internet Assigned Numbers Authority and are listed at https://www.iana.org. Port numbers should be assigned from numbers 49152 through 65535.

Configure SQL Server to listen on a specific port

  1. In SQL Server Configuration Manager, expand SQL Server Network Configuration, and then select the server instance you want to configure.

  2. In the right pane, double-click TCP/IP.

  3. In the TCP/IP Properties dialog box, select the IP Addresses tab.

  4. In the TCP Port box of the IP All section, type an available port number. For this tutorial, we use 49172.

  5. Select OK to close the dialog box, and select OK to the warning that the service must be restarted.

  6. In the left pane, select SQL Server Services.

  7. In the right pane, right-click the instance of SQL Server, then select Restart. When the Database Engine restarts, it listens on port 49172.

Open ports in the firewall

Firewall systems help prevent unauthorized access to computer resources. To connect to SQL Server from another computer when a firewall is on, you must open a port in the firewall.

Important

Opening firewall ports can expose your server to malicious attacks. Be sure to understand firewall systems before opening ports. For more information, see Security Considerations for a SQL Server Installation.

After you configure the Database Engine to use a fixed port, follow the following instructions to open that port in your Windows Firewall. (You don't have to configure a fixed port for the default instance, because it defaults to TCP port 1433.)

Open a port in the Windows Firewall for TCP access (Windows 7)

  1. On the Start menu, select Run, type WF.msc, and then select OK.

  2. In Windows Firewall with Advanced Security, in the left pane, right-click Inbound Rules, and then select New Rule in the action pane.

  3. In the Rule Type dialog box, select Port, and then select Next.

  4. In the Protocol and Ports dialog box, select TCP. Select Specific local ports, and then type the port number of the instance of the Database Engine. Type 1433 for the default instance. Type 49172 if you're configuring a named instance and configuring a fixed port in the previous task. Select Next.

  5. In the Action dialog box, select Allow the connection, and then select Next.

  6. In the Profile dialog box, select any profiles that describe the computer connection environment when you want to connect to the Database Engine, and then select Next.

  7. In the Name dialog box, type a name and description for this rule, and then select Finish.

Open a port in the Windows Firewall for TCP access (Windows 10)

To open a port in the Windows Firewall for TCP access on a Windows 10 computer, follow these steps:

  1. Access Windows Firewall Settings:

    • Select the Windows key on your keyboard or the Windows icon in the taskbar to open the Start menu.
  2. Type Windows Security:

    • In the Start menu search bar, type Windows Security and select Enter. This opens the Windows Security app.
  3. Open Windows Security Firewall & Network Protection:

    • Select Firewall & network protection in the Windows Security app in the left sidebar.
  4. Select Allow an app through firewall:

    • Under Firewall & network protection, select Allow an app through firewall.
  5. Change settings (administrator permission):

    • You might need administrator permission to make changes. Select the Change settings button if prompted and provide your admin credentials.
  6. Find the program or port:

    • In the Allowed apps and features section, scroll down to find the program or port you want to open. If you're opening a port for a specific application, look for the application in the list. If opening a custom port, you need to create a rule, otherwise skip to step 12.
  7. Create a new rule (for custom ports):

    • You must create a new rule if the program or port you want to open isn't listed. Select Allow another app... or Allow another program... depending on your specific requirement.
  8. Choose the program or port:

    • If you're opening a port, choose Ports and specify the port number and whether it's TCP or UDP. If you're allowing an application, browse to the executable file of the application.
  9. Name the rule:

    • Give your rule a name so you can identify it quickly.
  10. Specify action:

    • Choose Allow the connection to open the port for TCP access.
  11. Save the rule:

    • Select Next and then Finish to create the rule.
  12. Verify the new rule:

    • In the Allowed apps and features section, ensure the newly created rule is listed with the desired port or program and is enabled.
  13. Close Windows Security:

    • Close the Windows Security app.
  14. Test the Port Access:

    • To ensure the port is open, you can use a network utility or application that relies on the specific port to see if it can establish a connection.

Following these steps, you can open a specific port in the Windows Firewall for TCP access on your Windows 10 computer. Remember to exercise caution when modifying firewall settings, as it can affect the security of your system. Only open ports when necessary and for trusted applications or services.

Note

For more information about configuring the firewall including instructions for Windows Vista, see Configure a Windows Firewall for Database Engine Access. For more information about the default Windows firewall settings, and a description of the TCP ports that affect the Database Engine, Analysis Services, Reporting Services, and Integration Services, see Configure the Windows Firewall to allow SQL Server access.

Connect to the Database Engine from another computer

Now that you have configured the Database Engine to listen on a fixed port, and have opened that port in the firewall, you can connect to SQL Server from another computer.

With SQL Server Browser service running on the server computer, when the firewall has opened UDP port 1434, the connection can be made by using the computer name and instance name. To enhance security, our example doesn't use the SQL Server Browser service.

Connect to the Database Engine from another computer

  1. On a second computer that contains the SQL Server client tools, log in with an account authorized to connect to SQL Server, and open Management Studio.

  2. In the Connect to Server dialog box, confirm Database Engine in the Server type box.

  3. In the Server name box, type tcp: to specify the protocol, followed by the computer name, a comma, and the port number. To connect to the default instance, port 1433 is implied and can be omitted; therefore, type tcp:<computer_name>, where <computer_name> is the name of the computer. In our example for a named instance, type tcp:<computer_name>,49172.

    If you omit tcp: from the Server name box, then the client attempts all enabled protocols, in the order specified in the client configuration. For more information, see Connect to the Database Engine.

    If an attempt is made to establish a connection with the instance name while connecting to the remote server, the SQL Server Browser service must be running on the remote server. Instance name port mapping doesn't work if the SQL Server Browser service is not running.

  4. In the Authentication box, confirm Windows Authentication, and then select Connect.

Connect using the SQL Server Browser Service

The SQL Server Browser service listens for incoming requests for SQL Server resources and provides information about SQL Server instances installed on the computer. When the SQL Server Browser service is running, and users can connect to named instances by providing the computer name and instance name instead of the computer name and port number. Because SQL Server Browser receives unauthenticated UDP requests, it isn't always turned on during setup. For a description of the service and an explanation of when it turns on, see SQL Server Browser Service (Database Engine and SSAS).

To use the SQL Server Browser, you must follow the same steps as before and open UDP port 1434 in the firewall.

This concludes this brief tutorial on basic connectivity.

Return to tutorials portal

Tutorial: Getting Started with the Database Engine