Unable to connect named instance through VPN

Question

Unable to connect named instance through VPN

SQL!$@w$0ME

SSChampion

Points: 12349
More actions
April 29, 2016 at 8:27 am

#326769

Hello guys,
I can't connect to a named instance(TCP/IP) through VPN connection. But I can connect to the default instance(TCP/IP) on the same server through VPN.
The named instance is using a static port and the firewall is open for this TCP port and UDP 1434(browser).
I can't telnet to the named instance port from VPN.
Please help to troubleshoot this issue.
Many thanks!
March 3, 2023 at 11:35 am

This was removed by the editor as SPAM

Viewing 12 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic. Login to reply

Lowell SSC Guru Points: 323518 More actions · Answer 1

SQL!$@w$0ME (4/29/2016)
Hello guys,
I can't connect to a named instance(TCP/IP) through VPN connection. But I can connect to the default instance(TCP/IP) [highlight="#ffff11"]on the same server[/highlight] through VPN.
The named instance is using a static port and the firewall is open for this TCP port and UDP 1434(browser).
I can't telnet to the named instance port from VPN.
Please help to troubleshoot this issue.
Many thanks!

what specific error message do you get?

have you EVER connected to the named instance from anyplace other than the server itself? is this the first time?

since you mentioned specifically that port 1434 is open, is the SQL browser service running? if it's not, you cannot determine the dynamic port of the instance, so you could not connect.

Otherwise, if the browser service is not running, you have to set it to listen to a specific port, did you set the named instance to listen to a static port

the reason for the question is windows firewall could certainly be blocking connections.

If you are leaning towards the windows firewall, i would assign a static port, and make sure the firewall allows connections to the server by that port.

Lowell

--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

SQL!$@w$0ME SSChampion Points: 12349 More actions · Answer 2

I'm able to connect to the named instance when I'm in office, not on VPN when working remotely(home).

Browser service is running and a fixed port has been assigned to the named instance and this port is opened on windows firewall(Inbound).

Telnet to the named instance fails when working remotely(VPN) and works when in the office.

U:\>telnet 172.XX.XX.XXX 5700

Connecting To 172.XX.XX.XXX ...Could not open connection to the host, on port 5700

: Connect failed

Please see the attached screenshot.

Thanks.

crow1969 Hall of Fame Points: 3001 More actions · Answer 3

Check with the network guys to see if the port for the named instance is allowed through the firewall for VPN users. Typically, VPN users will only be able to access certain ports on servers.

Joie Andrew One Orange Chip Points: 27360 More actions · Answer 4

Check with the network guys to see if the port for the named instance is allowed through the firewall for VPN users. Typically, VPN users will only be able to access certain ports on servers.

I second this. Just because the server's local firewall doesn't block the port and you can connect internally does not mean that the VPN is configured the same way.

Joie Andrew
"Since 1982"

SQL!$@w$0ME SSChampion Points: 12349 More actions · Answer 5

SQL!$@w$0ME

SSChampion

Points: 12349

May 1, 2016 at 4:11 pm

#1875814

Thanks

SQL!$@w$0ME SSChampion Points: 12349 More actions · Answer 6

SQL!$@w$0ME

SSChampion

Points: 12349

May 1, 2016 at 4:11 pm

#1875815

Thanks

jeff.mason SSCrazy Eights Points: 9585 More actions · Answer 7

You probably tried this, but just in case try to connect with the port instead of the instance. If you do that, you remove browser-related issues out of it. So if hostname, port does not work, and if it DOES work in the office, you've got a packet filtering issue on that port. If hostname, port works but hostname\instancename does not, you've got a browser related issue, probably again on a filter (but at least you know where the filter is set up).

curtkrueger Grasshopper Points: 10 More actions · Answer 8

I had this issue before, and it was due to me not using the fully qualified domain name when using VPN.

For example, our domain is xyz but on the controller its really xyz.local

for me it worked when I put it as such..

server.xyz.local

My assumption is we have things setup improperly for the VPN side of things, maybe you have the same issue.

SQL!$@w$0ME SSChampion Points: 12349 More actions · Answer 9

curtkrueger (5/4/2016)
I had this issue before, and it was due to me not using the fully qualified domain name when using VPN.
For example, our domain is xyz but on the controller its really xyz.local
for me it worked when I put it as such..
server.xyz.local
My assumption is we have things setup improperly for the VPN side of things, maybe you have the same issue.

Didn't work with IP/FQDN. Seems like problem is with firewall, I cant telnet the sql port.

jeff.mason SSCrazy Eights Points: 9585 More actions · Answer 10

SQL!$@w$0ME (5/4/2016)
curtkrueger (5/4/2016)
I had this issue before, and it was due to me not using the fully qualified domain name when using VPN.
For example, our domain is xyz but on the controller its really xyz.local
for me it worked when I put it as such..
server.xyz.local
My assumption is we have things setup improperly for the VPN side of things, maybe you have the same issue.
Didn't work with IP/FQDN. Seems like problem is with firewall, I cant telnet the sql port.

If you can ping the hostname and cannot telnet the port, it's a packet filter somewhere (assuming that the process is live on that port and others can connect to it).