Security

TechRepublic Tutorial: MS SQL 7-to-IIS question nets twofold answer

Learn how to make an MS SQL 7 server communicate with an IIS server through a firewall.


When TechRepublic member Larry had a problem connecting his IIS Web server on one side of a Cisco PIX firewall to two Microsoft SQL7 servers on the inside of his network, he asked other members for answers.

Larry's questions were featured in the article "Can you answer this SQL7 question on changing pipes to IP?" In it, he described his problem with enough detail that he was able to find a number of helpful solutions within the more than 50 responses to the article.

Double trouble
Larry's problem actually turned out to be two problems, so we will be sending two oversized TechRepublic coffee mugs to the two members who offered the clearest and most complete solutions to both problems.

Here are the two critical paragraphs from Larry's description of his problem:
  • We initially installed the SQL7 [servers] with the default pipes connection but have run into problems between the Web server and the SQL servers, which cannot communicate with each other. We are able to ping in both directions between the Web server and the SQL servers and do not believe it is a firewall configuration problem.
  • We have read that we need to change from a pipes connection to a TCP/IP connection for the Web server to talk to the SQL servers, but we have been unable to find a way to change the default pipes option to a TCP/IP option.

First question answered
Larry's initial question had to do with changing the default named pipes option in the SQL7 setup to a TCP/IP configuration. While a number of those who responded to the question mentioned that configuration issues may be addressed for the server side or the client side, those who mentioned both typically did not go into much detail about the process on both ends.

However, our first winner, johnsawyer_2000, began his response by saying that Larry would have to look at both sides of the equation to be sure everything was set up correctly.

Johnsawyer_2000 then reviewed four points:
  • Change the servers first.
  • Don't break any existing network connections.
  • A server may also be a client of other servers and may need to communicate with its servers over TCP/IP.
  • Client programs running on the localhost server do not need an alias and should always communicate using named pipes.

He then described what needs to be done on both the server and client sides. You can go to his answer for the details.

Several responses noted that the default installation on the SQL Server side would have activated both named pipes and the TCP/IP protocol. On the client side, that is not the case, with named pipes being the only default.

Once the client and server were talking the same language, the PIX firewall was the sole obstacle to Larry's success.

Second question answered
Communicating through a firewall can be frustrating. Because the main function of firewalls is to prevent unauthorized communication, they complicate the communication process. And the solutions to communication problems are often just as complicated.

Rbruce wrote that even though Larry could ping across the firewall, it didn't mean that a firewall communication problem wasn't involved.

"You want to find out what ports the clustering is being used on and make sure that you have identified and made these ports open on the firewall," he said.

Rbruce went on to suggest turning on the debug packet for the source and destination packets traveling through the PIX firewall.

"It was the PIX firewall that was causing the problem," said Larry, after the problem was fixed. He noted that in reply to his post, a number of people mentioned he could be looking at a PIX configuration problem. "That led us to verify that the PIX configuration was at fault. Once [the ports] were opened correctly we had no problems talking to the SQL server."

Larry expressed his thanks to everyone who helped him by suggesting solutions to his problem.

Are you full of answers?
If you like helping your peers solve their problems, visit the Technical Q&A section of our site and pick a question. While not every answer is acknowledged, those asking the question have the option of awarding you TechPoints for participating.

 

Editor's Picks

Free Newsletters, In your Inbox