Configure SQL Express Browser Client Through Firewall

Question

i setup a new instance named newExpress as Mixed authentication mode.everything works fine.but when i turn on firewall in windows 7 remote connection failed.i also have a default instance of sqlexpress.And add inbound rules for that default port 1433.Now also configre tcp port 1435 for newExpress instance and add inbound rules for firewall port 1435 for newExpress remote browser.But my problem is default instance connect when i turn on firewall but newExpress do not connet from remote pc.what is the problem.and how to configure the newExpress?anyone helps me is greatly appreciated.

Answer 1

To connect to NewExpress on TCP port 1435, the client needs to work out what port it is running on before it can connect (as it could be any), so the client interrogates the SQL browser service on the server, it does this by connecting to UDP port 1434, finding the port for NewExpress and then connecting on TCP port 1435.

So, 3 things need to be done for this to work behind a firewall:

1. You need a firewall rule to open port 1435 (TCP)
2. You need to makesure that the SQL browser service is enabled and started
3. You need a firewall rule to open port 1434 (UDP)

The fact that the browser runs on a UDP port rather than TCP is the thing I find catches most people out when configuring the firewall rules, make sure you get the rules right and it should just work.

Answer 2

To add to steolearys answer.

The command line to run for his three steps (in the same order) are as follows

1. NETSH.EXE advfirewall firewall add rule name = SQLPort-TCP dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN
2. SC.EXE config sqlbrowser start= delayed-auto
3. SC.EXE start sqlbrowser
4. NETSH.EXE advfirewall firewall add rule name = SQLPort-UDP dir = in protocol = udp action = allow localport = 1434 remoteip = localsubnet profile = DOMAIN

If required, adjust the remoteip = & profile = portions of the NETSH.EXE command.