How to configure ngrok for SQL Server access - ngrok

I would like to test a website in development hosted in a remote location against a sql server instance on my local machine. I was thinking I could run ngrok locally and update the connection string on the remote website appropriately, but I'm not sure what parameters I need to specify.
I've tried ngrok tcp 12345 and ngrok http 12345
In SQL Server Configuration Manager I've enabled TCP/IP for the SQL Express instance I want to use and set the port to listen on to 12345 (actually, a different number, but we'll say 12345 for the sake of this post). And I then restarted SQL Server.
I don't believe it's necessary for me to make holes in the firewall, but just in case I've temporarily disabled it entirely while I test this.
To test locally, I am taking the url ngrok provides and putting it in the connection dialog in SQL Management Studio, but I can't get it to connect.
What am I missing?

Set up Ngrok
Run ngrok on tcp on the SQL port (by default is 1433)
ngrok tcp 1433
You will get an url like tcp://3.tcp.ngrok.io:12345
In the "Connect to Server Dialog" type:
Server name: 3.tcp.ngrok.io,12345 Notice the comma between the port and the url. Type the url without tcp://
Login: your regular user, in my case sa and your password
Connect

The "URL" that ngrok generates for a TCP tunnel probably shouldn't be used unmodified. The tcp:// scheme part isn't a URI scheme in common use I don't think. Only the hostname and port part of the generated ngrok "URL" would be useful in a SQL Server connection configuration.
Not being intimately familiar with the referenced connection dialog in SQL Management Studio, it's hard to say exactly what input is expected, but maybe stripping out the tcp:// scheme will do the trick?

Related

Cannot trickle ICE server using external IP, Coturn server in Ubuntu

I have setup Coturn server from Url https://www.webrtc-experiment.com/docs/TURN-server-installation-guide.html#coturn in Ubuntu.
Turnserver is working fine using local-ip, but when I try to trickle using exernal-ip I get error Not reachable?
If I access turnserver from browser url I can access it using external-ip. I get message.
TURN Server
https admin connection
To use the HTTPS admin connection, you have to set the database table _admin_user_ with the admin user accounts.
My turnserver.conf looks like:
user=test:test123
listening-port=3478
tls-listening-port=5349
listening-ip=192.168.22.101
relay-ip=192.168.22.101
external-ip=202.137.12.10
realm=yourdomain.com
server-name=yourdomain.com
lt-cred-mech
userdb=/etc/turnuserdb.conf
cert=/etc/ssl/my-certificate.pem
pkey=/etc/ssl/my-private.key
no-stdout-log
I am starting turn server using command:
sudo turnserver -a
And I try to trickle using below format:
turn:202.137.12.10:3478[test:test123]
Trickle: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
Please tell me where I am going wrong.
I got what was wrong, it turned out to be that UDP port 3478 was blocked. Also I was able to get trickle if I used TCP protocol (turn:?transport=tcp[username:password])

How do I channel all browsing traffic through encrypted sTunnel session?

I have sTunnel running on my client and server and can't seem to get my head round how I can have it running in a sort of "silent mode" whereby if I were abroad I could fire up the sTunnel connection on my client, connect to my server and then my browsing traffic connection would behave as if I were in the UK (an encrypted proxy).
On the client conf I have:
accept = localhost:xxx (I understand this means the local sTunnel installation listens on xxx port and grabs any traffic sent on that port).
connect = serverip:xxx (This is the instruction of where it needs to be forwarded, i.e the server).
On my server:
accept: clientIP:xxx (the source IP address of my client)
connect: localhost:xxx (the loopback address of the server)
What am I failing to see here? As I see it I can only use this tunnel if I explicitly target a port with my browser and even then wouldn't it only make it as far as the sTunnel server and not onward to the website intended? Do I need to setup proxy settings in the browser?
thanks a lot
I'm not sure stunnel is what you're looking for here.
What you describe would be best accomplished with OpenSSH, and its dynamic SOCKS5 proxy functionality, e.g. ssh -D1080 from the client.
This generally doesn't require any extra settings on the server-side (unless it was specifically disabled by your system administrator), and then on your roaming client-side, you simply establish an SSH connection to your server as per usual, but add an extra -D1080 parameter to your ssh invocation.
Or, if using PuTTY, set up dynamic port forwarding within Connection, SSH, Tunnels, Source port of 1080 and Destination of Dynamic, click Add.
Subsequently, change the settings of your browser to use SOCKS proxy at localhost, port 1080, and also make sure to specify SOCKS v5 and ensure that the checkbox for resolving hostnames remotely is set, too.

Could not open a connection to SQL Server

I have problems connecting to my database server. The database server is not local, I am connected via its IP address.
It works fine in my development machine. After publishing the website to my server, it can not connect to my database server.
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
Why can't my publish server connect to the database server, whereas it works fine through the development machine?
I often had that problem. Mostly it's because of two problems.
Open the SQL Server Configuration Manager.
Check if the SQL Server Network Configuration supports TCP/IP, if it's disabled, enable it.
e.g. SqlServer 2005 Network Configuration, Protocols for SQLEXPRESS
Open the SQL Server Management Studio
Click on the Sql Server Properties (right click on the server name and
select properties).
After that, select the page "Security" and switch the check to "SQL Server and Windows Authentication mode".
That's all.
I'll attempt to go two for two on the psychic debugging for today...
I will assume that you are not using integrated security? If so it might explain things as the account on your local machine probably has permissions, but the SYSTEM account that is running on the server does not. Just a shot in the dark though.
It sounds like your server can't make the network connection, rather than a security issue.
Ensure that any firewalls on both the DB and app servers allow traffic on the port (1433).
Ensure you're able to ping or tracert from both machines.
Is it your first time you publish your website on the web server ? if it is , Are you sure you have set your connection string properly ?
You need to create a login ( of curse a password for that too ) and the IP Address of that SQL on the web server .
So you need IP Address of the sql server host , Database Name , UId , Pwd .
I will agree that this sounds like a network issue and not a security issue.
Remote into the web server and ping the DB server by IP address. If this does not work, your server cannot see the DB server via that address (different subnet, incorrect firewall/proxy setup, etc). There may be a proxy address you must use to get to the DB server from the web server, or your web server may also be the gateway and IIS doesn't know to look for the DB server on the LAN. If it does work, the computers may not be talking on the same port, or the firewall may be blocking that port exiting the web server.
I have spent hours trying to connect to SQL server using sqlcmd. I disabled my firewall, checked all ip listed in "Protocols for SQLEXPRESS", edited my hosts file. I tried using different ips and machinename to connect to the server. But none of work worked. After hours of investigation, I found out that I made absolutely stupid blunder making me unable to connect.
I want to remind people that the connection string is not case sensitive. But the option is!!
what i did is I put
sqlcmd -s .\sqlserver
But the correct string is
sqlcmd -S .\sqlserver
so watch out, people

Default port for SQL Server

I need to know the default port settings for the following services
SQL Server
SQL Browser
SQL Reporting services
SQL Analysis services
I need to know the port settings for these services for different versions of SQL Server (2000,2005,2008)
Also let me know whether the default port setting will change based on sql server versions.
The default SQL Server port is 1433 but only if it's a default install. Named instances get a random port number.
The browser service runs on port UDP 1434.
Reporting services is a web service - so it's port 80, or 443 if it's SSL enabled.
Analysis services is 2382 but only if it's a default install. Named instances get a random port number.
If you have access to the server then you can use
select local_tcp_port from sys.dm_exec_connections where local_tcp_port is not null
For full details see port number of SQL Server
The default, unnamed instance always gets port 1433 for TCP. UDP port 1434 is used by the SQL Browser service to allow named instances to be located. In SQL Server 2000 the first instance to be started took this role.
Non-default instances get their own dynamically-allocated port, by default. If necessary, for example to configure a firewall, you can set them explicitly. If you don't want to enable or allow access to SQL Browser, you have to either include the instance's port number in the connection string, or set it up with the Alias tab in cliconfg (SQL Server Client Network Utility) on each client machine.
For more information see SQL Server Browser Service on MSDN.
1433
the default port hasn't changed yet
SQL Server default port is 1434.
To allow remote access I had to release those ports on my firewall:
Protocol | Port
---------------------
UDP | 1050
TCP | 1050
TCP | 1433
UDP | 1434
You can use SQL Configuration Manager to set individual IP addresses to use dynamic ports or not (value of 0 = yes, use dynamic port), and to set the TCP port used for each IP.
But be careful: I recommend first mapping out your instances, IPs, and ports, and planning such that no instances or IPs step on each other before starting to make changes willy-nilly.
We can take a look at three different ways you can identify the port used by an instance of SQL Server.
Reading SQL Server Error Logs
Using SQL Server Configuration Manager
Using Windows Application Event Viewer
USE master
GO
xp_readerrorlog 0, 1, N'Server is listening on', 'any', NULL, NULL, N'asc'
GO
Identify Port used by SQL Server Database Engine Using SQL Server
Configuration Manager
Click Start -> Programs -> Microsoft SQL Server 2008 -> Configuration Tools -> SQL Server Configuration Manager
In SQL Server Configuration Manager, expand SQL Server Network Configuration and then select Protocols for on the
left panel. To identify the TCP/IP Port used by the SQL Server
Instance, right click onTCP/IP and select Properties from the drop
down as shown below.
For More Help
http://sqlnetcode.blogspot.com/2011/11/sql-server-identify-tcp-ip-port-being.html

Sql Server 2005 only accessible in ASP.NET 1.1 when I specify protocol and port

My company is currently migrating some of their really old db's to sql server 2005. Some legacy apps have problems connecting to the new server. The connection string works in Asp.NET 2.0, probably because it assumes tcp:1433 automatically.
I have to construct the connection string like this in ASP.NET 1.1 for it to work:
"Server=tcp:my.server.com,1433;..."
Without the protocol and the port, the connection fails ("Invalid Connection exception")
TCP 1433 and UDP 1434 are open on our firewall. On SQL Server 2005 Remote Access is enabled, so is TCPIP, the SQL Browser service is running, I use the proper login credentials.
Any ideas why I can't just specify the server name without protocol and port number?
IIRC SQL Server 2005 defaults to find any-old-port that is available. On my laptop this means port 1212.
To force it to a specific port you must go to Start->Programs->SQL Server 2005->Configuration Tools->SQL Server Configuration Manager
From here you must go to SQL Server 2005 Network Configuration->Protocols for (name of service)->Right click on TCP/IP->Properties->Choose tab "IP Address" and set TCP Dynamic Ports to .
For some reason "0" means "Yes, use dynamic ports" and (i.e. no entry in field) menas "No, I will specify it myself"
Then fill in the field TCP Port with 1433.
Do so on all adapters that are listed, and restart the SQL Service.
You can now check if the service is indeed on the right port by doing the following
Start->Run->cmd.exe
C:>netstat -ano
look for an entry like this
local address <stuff> PID
0.0.0.0:1433 <some number>
Now do
C:>tasklist
and look for the task with the number from above. This task should be called something like sqlsrvr.exe.
Perhaps your SQL Server is configured for multi-protocol, and it's trying to use the other protocol first and failing, perhaps for some security reason (the account that the app is running as in IIS). Just a guess.
Check the "SQL Native Client Configuration" settings in "SQL Configuration Manager" on the ASP.NET machine. The default connection settings are set there. Also try messing with the MDAC configuration:
http://msdn.microsoft.com/en-us/library/ms131035.aspx

Resources