• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Pls Help : Unable to register a remote SQL server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> General >> Pls Help : Unable to register a remote SQL server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Pls Help : Unable to register a remote SQL server - 6.Apr.2006 1:23:53 PM   
kaliste

 

Posts: 4
Joined: 5.Apr.2006
Status: offline
Hi,

Config
-------------------------------------------
Win 2k3 sp1 / ISA 2000 sp2

Problem
-------------------------------------------
I have been unable to connect/register to our remote SQL servers on our web hosts but have been able to connect to the same remote sql servers via a notebook from home (dial-up). Since the problem exists only when we try to connect while at office it seems the problem lies with the ISA configurations

Also we are able to connect /register to SQL servers of our clients via vpn.

Solutions Attempted so far
-------------------------------------------
  1. Create protocol rule for 1433
    // kbid=299673 // URL (http://support.microsoft.com/?kbid=299673)
    prior to this we used to get an error sql server does exist / denied, after implementation of this solution, we have ended with the following "General network error ... check your network documentation. ConnectionOpen(PreLoginHandshake())"

    a more verbose error from odbcping -s server.ip

    COULD NOT CONNECT TO SQL SERVER


    SQLState: 08001  Native Error: 11
    Info. Message: [Microsoft][ODBC SQL Server Driver][DBNETLIB]General network error. Check your network documentation.

    SQLState: 01000  Native Error: 10060
    Info. Message: [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (PreLoginHandshake()).

    note: an alternative to the above
    opened 1433 / 1434 in both directions that did not help as well.. problem repeated itself as mentioned above


  2. Implemented the RPC filter solutions
    KBid : 887222 // URL (http://support.microsoft.com/?id=887222)

    this did not work as well....
  3. Using "MinTickBeforePortReuse = 240000" // ref : stefan spousele article : "The Mystery of the failing POP3 Access with ISA 2000"

    While reading through some db forums i happen to fall on some a link suggested it could be a winsock error (native error 10060 is documented: WSAETIMEDOUT 10060) url // (http://www.dbforums.com/printthread.php?t=484808)...

    so i googled up native error 10060 ended with the article of stefan spousele "The Mystery of the failing POP3 Access with ISA 2000 " since this was supposed to be for all TCP protocols...

    but this has not worked as well

I hope somebody here can help me ...


best regards
kaliste
Post #: 1
RE: Pls Help : Unable to register a remote SQL server - 7.Apr.2006 3:21:14 PM   
kaliste

 

Posts: 4
Joined: 5.Apr.2006
Status: offline
A further addition ... Our clients do suffer from the "Mystery of the failing POP3 Access " ...

they still continue to do so ....

...No replies so far  ....


anyone ... some few of your pearls pls ....

if this continues i might have to leave this software industry  ....


best regards
kaliste

(in reply to kaliste)
Post #: 2
RE: Pls Help : Unable to register a remote SQL server - 8.Apr.2006 1:28:25 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi kaliste,

first of all, check out http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/winsock/windows_sockets_error_codes_2.asp to understand what the winsock error codes mean. For the case WSAETIMEDOUT 10060 it means Connection timed out: A connection attempt failed because the connected party did not properly respond after a period of time, or the established connection failed because the connected host has failed to respond.

Now, to find out where the problem is situated, I would first check out if you can reach the SQL server on TCP port 1433. Assuming that the SQL server is located external to the ISA server, I suggest that you test it from outside the ISA server with Jim's excellent WinsockTool (http://isatools.org/winsocktool.msi) or a simple telnet command (telnet IP-address 1433). In both cases the connection should succeed.

Once you have verified that the SQL server is indeed reachable on TCP port 1433, you should test next from inside ISA server. Of course we assume here you that you have a protocol rule allowing the protocol TCP port 1433 Outbound and a site&content rule allowing access to the remote SQL server. If it still doesn't work, what is the ISA logging telling you? Just make sure that you have enabled the logging of all fields.

HTH,
Stefaan

(in reply to kaliste)
Post #: 3
RE: Pls Help : Unable to register a remote SQL server - 8.Apr.2006 6:15:06 PM   
kaliste

 

Posts: 4
Joined: 5.Apr.2006
Status: offline
hi stefaan,

thanx for the reply ... really appreciate it ...

i was aware of the winsock error codes ... went through them prior to posting here ... apologies for not having posted it earlier

since i'am able to connect to the remote sql servers // also have no problems in pop access when connected via a dial-up modem at home via the same laptop that is unable to at the office...
  1. I consequently ruled out connection attempt failing due lack of response from the connected host either on time lag basis or none at all...
  2. protocol rule for 1433 outbound exists
  3. site & content for the required ip exists ...
Have enabled all the logging options ... except the payload // ipheader for packet filters

I have checked the logs of both packet filters / firewall services ... here is a brief synopsis of an failed attempt...

fw log indicates (will be enabling all other options for fw.. log to further understand what is going on)

___________________________________________________________________
Packet filter log
---------------------------------
date : 2006-04-08
time : 15:18:24
source-ip : xxx.xxx.xxx.xxx (external interface ip)
destination-ip : xxx.xxx.xxx.xxx (remote sql server ip)
protocol : Tcp 
param#1 : 5346
param#2 : 1433 
filter-rule : ALLOWED 
interface : xxx.xxx.xxx.xxx (external interface ip)

 
Fw log
----------------------------------
c-ip : 192.168.xxx.xxx
cs-username : -
c-agent : -
date : 2006-04-08 
time : 15:18:36 
s-computername : OMSERVER
r-host : - 
r-ip : xxx.xxx.xxx.xxx
r-port : 1433
time-taken : 21000
cs-bytes : -
sc-bytes : - 
cs-protocol : 1433
cs-transport : TCP
s-operation : Connect 10060 /*  ??? */
sc-status :
rule#1 : Allow_SQL_Remote_Conn (Array level rule) 
rule#2 : Allow_All (enterprise rule)
sessionid : 4
connectionid : 8

___________________________________________________________________

But a definite improvement has been detected by clients in being able to access their external pop a/c's ... large sized mails still having connection problems ...

Sql remote conn still not working ....

a stupid question ... Could this problem due to the size of the packet / payload ? (regrets for any wrong terminology)

Will going through with winsock tool to further understand the problem ... are there any good winsock tutorials that you are aware of ?

PS : I have been on ISA for only abt 2 months ... so i'am newbie

Once again i truly appreciate your help ....

cheers
kaliste

< Message edited by kaliste -- 8.Apr.2006 6:21:15 PM >

(in reply to spouseele)
Post #: 4
RE: Pls Help : Unable to register a remote SQL server - 8.Apr.2006 6:26:22 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
I don't know squat about ISA 2000 but I do know that W2K3SP1 disables PMTUDiscovery and that causes packet size related issues with ISA 2K4.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to kaliste)
Post #: 5
RE: Pls Help : Unable to register a remote SQL server - 8.Apr.2006 6:42:13 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi kaliste,

according to the posted log entries, it doesn't sound that ISA is blocking the connection. Do you have evidence that for a dial-up user the SQL server is accessed through TCP port 1433 and not through another protocol? If you like you can post the IP address of the SQL server (or send me the info in a private message) and I can test it out.

BTW --- check out that you have implemented *all* Windows 2003 patches. If so, make sure that EnablePMTUDiscovery registry entry is also enabled. Check out http://support.microsoft.com/?kbid=905179 for more info. This is a Windows 2003 setting and therefore applies also to ISA 2000 server.

HTH,
Stefaan

(in reply to kaliste)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> General >> Pls Help : Unable to register a remote SQL server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts