Server Network Configuration

Server network configuration tasks include enabling protocols, modifying the port or pipe used by a protocol, configuring encryption, configuring the SQL Server Browser service, exposing or hiding the Microsoft Database Engine on the network, and registering the Server Principal Name. Most of the time, you do not need to change the server network configuration. Only reconfigure the server network protocols if special network requirements.

Network configuration for SQL Server 2005 is done using SQL Server Configuration Manager. For previous versions of SQL Server, use the Server Network Utility that ships with those products.

Protocols

Use SQL Server Configuration Manager to enable or disable the protocols used by SQL Server, and to configure the options available for the protocols. More than one protocol can be enabled. You must enable all protocols that you want clients to use. All protocols have equal access to the server. For information about which protocols you should use, see Choosing a Network Protocol. See also, How to: Enable or Disable a Server Network Protocol (SQL Server Configuration Manager).

Changing a Port

You can configure TCP/IP and VIA protocols to listen on a designated port. By default, the default instance of the Database Engine listens on TCP port 1433. Named instances of the Database Engine and SQL Server 2005 Compact Edition are configured for dynamic ports, which means they select an available port when the SQL Server service is started. The SQL Server Browser service helps clients identify the port when they connect.

When configured for dynamic ports, the port used by SQL Server may change each time it is started. When connecting to SQL Server through a firewall, you must open the port used by SQL Server. Configure SQL Server to use a specific port, so you can configure the firewall to allow communication to the server. See also, How to: Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager).

Changing a Named Pipe

You can configure the named pipe protocol to listen on a designated named pipe. By default, the default instance of SQL Server Database Engine listens on pipe \\.\pipe\sql\query for the default instance and \\.\pipe\MSSQL$<instancename>\sql\query for a named instance. The Database Engine can only listen on one named pipe, but you can change the pipe to another name if you wish. The SQL Server Browser service helps clients identify the pipe when they connect. See also, How to: Configure a Server to Listen on an Alternate Pipe (SQL Server Configuration Manager)

Force Encryption

The Database Engine can be configured to require encryption when communicating with client applications. For more information, see Encrypting Connections to SQL Server, and How to: Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager).

SQL Server Browser Service

The SQL Server Browser service runs on the server, and helps client computers to find instances of SQL Server. The SQL Server Browser service does not need to be configured, but must be running under some connection scenarios. For more information about SQL Server Browser, see SQL Server Browser Service.

Hiding SQL Server

When running, SQL Server Browser responds to queries, with the name, version, and connection information for each installed instance. For Microsoft SQL Server 2005, the HideInstance flag, indicates that SQL Server Browser should not respond with information about this server instance. Client applications can still connect, but they must know the required connection information. SQL Server Browser also supports the Microsoft SQL Server 2000 method of hiding instances enabled by setting the HideServer option through the server network utility. See also, How to: Hide an Instance of SQL Server Database Engine.

Registration of Server Principal Name (SPN)

The Kerberos authentication service can use an SPN to authenticate a service. For more information, see Registration of Service Principal Name.

Connections May Be Forcibly Closed When Running on Windows Server 2003 SP1

When testing scalability with a large number of client connection attempts to an instance of the SQL Server Database Engine running on Windows Server 2003 Service Pack 1, Windows may drop connections if the requests arrive faster than SQL Server can service them. This is a security feature of Windows Server 2003 Service Pack 1, which implements a finite queue for incoming TCP connection requests. It results in the following error:

ProviderNum: 7, Error: 10054, ErrorMessage: "TCP Provider: An existing connection was forcibly closed by the remote host ...

To resolve this issue, use the regedit.exe utility to add the following registry key:

Key Type Name Value

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\

DWORD

SynAttackProtect

00000000

ms189083.security(en-US,SQL.90).gifSecurity Note:
Setting this registry key may expose the server to a SYN flood, denial-of-service attack. Add this registry value only if necessary and with an understanding of the security risks. Remove this registry value when testing is complete.

See Also

Other Resources

Client Network Configuration
Database Engine Connectivity How-to Topics

Help and Information

Getting SQL Server 2005 Assistance

Change History

Release History

5 December 2005

New content:
  • Section Connections May Be Forcibly Closed When Running on Windows Server 2003 SP1.