Post reply

Multiprotocol Encrytion Through a Firewall

  • April 27, 2004 at 6:40 am

    #66365

    Hi All,

    I am now on my fourth day of trying to establish an 'encrypted' (net-library encryption) multiprotocol connection from QueryAnalyzer to a remote SQL Server 2000, through a firewall.  At this point, after about 10,000 KB articles, none of which are exactly on point, but all enticingly related, I am to the point of offering up my 'first-born' to anyone who can help:-)

    I am trying to enable 'ClientSide' multiprotocol encryption to the remote server.  I have enabled the multiprotocol net library on the server and specified a single port for the RPC traffic associated with the multiprotocol traffic on the server.  I chose 1433 (not to be confused with the standard TCP/IP listening port) for the RPC traffic because it is one of the few ports that the 'keepers of the server' have opened through their firewall.  I also specified 1433 as the client side RPC port.  I set this up per KB 164667.

    As long as I don't enable encryption on the client side, I am able to connect to and query the remote server.  A network packet analyzer shows that a multiprotocol over TPC/IP (ncacn_ip_tcp) has indeed been established.

    When I make the registry entry to enable client side encryption at:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\RPCNetlib

    Value Name: Security

    Value Type: REGS_SZ

    Value: Encrypt

    I am no longer able to connect to the remote server.  After the timeout, I get the standard "SQL Server does not exist or access denied" message.

    My best guesses as to the probable problem areas is either the need to open additional ports through the firewall (though unencrypted traffic flows through it just fine on 1433) or some sort of RPC authentication problem on the server end.  FWIW, the server computer is a member of a Workgroup, not a domain.

    The 'Keepers of the Server' will not allow opening ALL ports through the firewall for troubleshooting, even with a promise that unnecessary ports can be closed later.

    I am most interested in advice from someone who has actually made this configuration work but any and all suggestions would be most welcome!

    Thanks,

    Doug

  • April 28, 2004 at 2:08 am

    #504446

    Did you look at KB artivle 164667 Replication over a firewall

    this article covers everything required to get you going..

    It is best to use similar port no's to those in the knowledge base article (ease of readability) .. It was quite a while ago I set up our replication

    Also Make Notes as it is easy to get confused .

    Andoi

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply