| Author |
Topic |
|
cxormst
Starting Member
9 Posts |
 Posted - 2004-06-01 : 12:05:52
|
| We have a web server that is set up in the DMZ of our firewall.It of course is on a seperate subnet from the internal SQL server.Our network is Windows 2000 with active directory.The web server is windows 2003 web edition.We are having trouble getting the ASP.net web application can not authenticate or establish it's connection string to the SQL server and associated databases.Does anyone know how to resolve this issue?Webserver is in DNS and WINS |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-06-01 : 13:08:54
|
| You need to create an alias on the web server that points to the database server's IP address and port that SQL is listening on. You also need to punch a hole in the firewall for that port as well.Tara |
 |
|
|
cxormst
Starting Member
9 Posts |
Posted - 2004-06-03 : 10:21:53
|
| We had it working when the server was setup temporarily on a XP desk top with IIS.(it was a little inconsistent)Now that it is installed on a 2003 web edition server, it will not establish a connection to the database.The firewall has been setup to pass packets for the SQL port numbersthe same setup that works with XP is stillin place, it must be something with 2003 or the new default settings. NIC card settings are the same. it sees the neighbor hood just fine.I know that the 2003 web edition server does not allow you too use the server as an application server. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-06-03 : 12:23:07
|
| So did you create an alias on the web server?Tara |
|
|
|
cxormst
Starting Member
9 Posts |
Posted - 2004-06-03 : 17:48:15
|
| I am not clear as to what you mean by alias.Our Web Sites has a name (TelebaseWeb)The connection string for the asp.net applications points at or authenticates to the SQL server database. (using an SQL login ID)The firewall has the holes for the sql ports.Do you mean make an alias DNS entry for the web server.We have a DNS entry for the webserver now. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-06-03 : 17:52:26
|
| An alias (it's a SQL alias) tells the client how to connect to the SQL Server. In a non-DMZ environment, an alias isn't usually necessary unless you aren't using port 1433.There are 3 ways to create an alias. The easiest way is if you have the SQL client tools installed on the client. You then can use Client Network Utility. The second way is to get to the Client Network Utility by way of a DSN in ODBC. If you aren't using ODBC, just setup a test DSN. In the DSN configuration, go to the second screen and you'll see a button labeled Client configuration. That's where you'd setup the alias. The third way is to set it through the registry which is the easiest way if you need to deploy this to lots of machines, which you can do with a reg file. Let me know which way you'd like to do it, and I'll describe what you need to do.Tara |
|
|
|
scullee
Posting Yak Master
103 Posts |
Posted - 2004-06-03 : 20:16:32
|
| If you are using NT Authentication you have to watch the firewall rules for that as well. |
|
|
|
mdh333
Starting Member
4 Posts |
Posted - 2004-06-25 : 15:13:54
|
| Did you get anywhere with this? We're having a similar issue and I also don't really know what we should be doing.We're going from web server in DMZ, through an ISA server, to the sql server.We don't have an alias setup on the web server, would we just point it to the IP address of the ISA server? Example, alias SQLName = IP of ISA server, port 1433??Or should there even be a different port we connect to, and the rule on the ISA Server maps it to 1433 on our SQL Server?thanks |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-06-25 : 15:39:00
|
| The port that you use is the port that SQL Server uses. By default, it is 1433. But it just depends what you selected during the installation process. Port 1433 is not recommended in a web environment, so if you are using 1433, change it. The alias would point to the database server, but I'm not sure about an ISA server. What does that do?Tara |
|
|
|
mdh333
Starting Member
4 Posts |
Posted - 2004-06-25 : 15:45:56
|
| The ISA server is basically the firewall.So, I would want the alias setup on the web server to beserver alias: sql server name (internal network)server name: ISA Server IP address?port: 1433 (we're at the default right now, and that's what the rule on the ISA server is setup for - so I'm told)Or is there something else we need to be configuring? For this example you can really say that the web server is just a client, right now all I'm trying to do is connect via query analyzer and getting server not found messages. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-06-25 : 15:49:03
|
| server alias: sql server name (internal network)server name: SQL Server IP addressport: 1433And you should really rethink using 1433. That is a huge security concern in a web environment. Whatever port you select, you would then setup a rule on the firewall for it. But for now, 1433 would be fine.Do you have SQL Client Tools installed on the web server?Tara |
|
|
|
mdh333
Starting Member
4 Posts |
Posted - 2004-06-25 : 16:02:17
|
| Sorry if I'm confused here, but what is this alias setup really doing for me?My web server in the dmz can't get to the SQL Server IP address (it's just an internal 10.10.x.x address)And if I just put the internal ip address into query analyzer, it would be working the same. Is the only thing I'm really getting from the alias the ability to use a different port (which so far i'm not doing anyway?)I do agree with you that it should be changed for security reasons, and it will be once we're ready to really open things up.Thanks for the help. It certainly could be that the ISA server just isn't configured correctly, I can't control that ;-) |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-06-25 : 16:07:26
|
| Yes you are correct. I missed the point of you using the IP address in Query Analyzer. So yes the firewall must not be setup correctly. What we do is open up the port to specific IP or MAC addresses that way no other computer can get through with it.Tara |
|
|
|
mdh333
Starting Member
4 Posts |
Posted - 2004-06-25 : 16:09:07
|
| Thanks - I'll go with it being an ISA issue. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-06-26 : 13:04:11
|
| I just remembered a system that I worked on a few years back. The clients had to use the firewall's IP address. A rule was setup on the firewall to do port forwarding or something like that. So the client's pointed to a port on the firewall and its IP address. The firewall then redirected the client to the database server. The firewall rule contained the IP address of the database server and its port. So you just need to talk to the firewall administrators to see if they set it up like that or the more common way.Tara |
|
|
|
keithc1
Yak Posting Veteran
88 Posts |
Posted - 2004-06-28 : 01:05:08
|
| We had similar issue with DMZ to internal sql access and it turned out that we had to remove named pipes and specify TCP/IP network library only, it will default to try to using named pipes i beleive which in some cases will fail. I think like named pipes uses SMB protocol which is big security issue and most likely blocked by the firewall causing you problems to connect internal or slow application load/timeouts? Set the sql server to TCP/IP ONLY and like Tara said Change the default port and so long as your ISA publishing rules are correct you should be fine. ISA is a sweet product good choice thereKeithc MCSE MCSA |
|
|
|
lug668
Starting Member
8 Posts |
Posted - 2004-07-06 : 20:05:49
|
quote:
Originally posted by tduggan
server alias: sql server name (internal network)server name: SQL Server IP addressport: 1433And you should really rethink using 1433. That is a huge security concern in a web environment. Whatever port you select, you would then setup a rule on the firewall for it. But for now, 1433 would be fine.Do you have SQL Client Tools installed on the web server?Tara
Hi Tara, I've got similar situation. I've created an alias using SQL Client Tools but then how do I use it?My network administrator has set up a firewall rule to the db server ip and port as well. Why can't I put the db server ip address directly in the data source?Thanks,George |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-07-07 : 11:57:10
|
| You need to use the alias name in your connection string/DSN/etc... You can't just use the IP address because you also need to use the port. The alias contains this information.Tara |
|
|
|
lug668
Starting Member
8 Posts |
Posted - 2004-07-07 : 21:30:22
|
| Thanks Tara. I've solved the problem! I guess I can't use the alias since I set up DSN under ColdFusion Administrator which I can specify the port. What I did is put our firewall's ip address and SQL Server's default port in the DSN setting page. And my network administrator has set up a rule contains the SQL server ip address and port information. So in short, the webserver in DMZ points to the firewall and the firewall redirects to the database server.Thank you again for your help! |
|
|
|
culpepmw
Starting Member
1 Post |
Posted - 2004-07-13 : 18:15:41
|
| Realize this is a bit of a stale topic in the forum, but you can use the port number if you use the ip address specifically if you use the convention - 192.168.1.1;1433 (semi-colon between Ip address and port). I have seen this work in everything from Query Analyzer to VBA scripts. Useful if you know the IP Address and port. |
|
|
|
|
DMZ WebServer to SQL server internal