SQL Protocols

You said that this issue won't fix; so what do we do now (after search knowledge base for enabling TCP/IP port and some more)

Would installing SQL2005 as a default instance (instead of a named instance) help avoid the problem?  Since you can only have one named instance per virtual server (in a clustered environment), what is the advantage of a named instance over a default instance anyway?

If it's default instance, client can connect the server using default port number (1433). So, it's not an issue unless you change the server TCP port.

For the other question, Yes. One named instance per virtual server. But, you can install multiple virtual servers on one physical machine, in which case, you would need named instances so that we can distinguish those instances on the physical machine.

We do have the same phenomenon.

When running osql on the cluster node, randomly the connection fails or succeeds.

When doing this workaround to specify the port, than it works.

Is this bug in SQL Browser still not fixed in the upcoming SQL2005 SP2 ?

PingBack from http://chaespot.com/mssql/2007/02/24/sql-protocols-unable-to-connect-to-a-sql-server-named-instance-on-a/

would this scenario also apply to multiple instances on a host, each bound to two VLANs on two NICS?

Your scenario is different. Say you have IP1 on VLAN1 and IP2 on VLAN2. SQL Instance 1 listens on IP1, SQL Instance 2 listens on IP2. SQL Browser listens on IP ALL. You can only make a SQL connection to INST1 from VLAN1 and to INST2 from VLAN2. In this case, UDP packets input/output from the same IP address on the server, so no such issue. If you try to connect to INST1 from VLAN2 or INST2 from VLAN1, you will fail. But that's because of routing, not because of Firewall issue I described.

Please let me know if your scenario is different than what I just assumed.

thanks for the feedback - our setup is slightly more complicated : SQL 2005 - two instances listening on both vlans, and one sql 2000 instance.

We were getting intermittent prelogin failures to the SQL 2005 instances, but usage is currently light so its hard to get accurate pictures.

I changed the bindings on the SQL 2005 instances so that they listen on only one VLAN and we still get the issue. I'm planning to simplify further as the second VLAN was only required for internet access for service pack 1.. so I'll take that out of the equation, and hopefully that will cure the problem - otherwise I'll have to start looking at removing the sql2000 instance.

The issue I mentioned in the blog only happens when you connect one IP but the return packet changed the server IP to another one. With two VLANs, networks are seperated by lower layer(link layer). IPs usually won't be messed up. Unless your client also attachs to both VLANs, you should not see the issue I mentioned. Also, if you do have this issue, you won't be able to connect your server at all (without the workaround). Since you see intermittent pre-login error, I believe your issue is different.

What's the exact error message?

removing the multiple vlans has cured the problem, thanks.

exact error message was: The SQLBrowser service was unable to process a client request.

Users often see this error message when connection to a SQL Server and don't know where to start to solve

So is this a bug that will be corrected in a Service pack at some point? I am hoping it is not as I have the same issue in an active active cluster each with a named instance.

Thanks,

Mike

You can consider this as a bug for us, but its origin is the nature of UDP. We hope to fix this in coming releases. For now, you can either use the workaround I mentioned, or define an exception between your server and client on your client Vista machine. Thanks.

I'm trying to register a database engine (named instance of a cluster) in SQL Server Management Studio and I can't connect.  I also can't connect if I drop down to osql.  I've added exceptions to my firewall for ports and programs but still no luck.  If I try to register or connect to the default instance of the cluster I can connect fine.  It's only the named instance which I'm having problems with.  It also only happens on one PC.  I hate to refresh the PC if there's a workaround.  Any ideas?

Can you check my following blog about Connection Alias: http://blogs.msdn.com/sql_protocols/archive/2007/01/07/connection-alias.aspx

Make sure you don't have an outdated entry there on the machine you have problem. Thanks.

Ran into the same issue on a multihomed SQL box.  I connect using IP 1, SQL Browser response comes back on IP 2 and sure enough, the client firewall blocks it (this is on Vista).

If this has been a problem since SQL 2000, how come it's taken so long to get it fixed?

I'm trying to connect to a clustered server (SQL 2000) with two named instances on two nodes in the cluster, and i have tried setting up sql alias entries for each, using both named pipes:

\\192.168.104.51\pipe\$$\CACLMSDBINST1\MSSQL$LMSINST1\sql\query

and tcp

192.168.104.51,1461

Both of which i got from the server configuration. The IP address is the sql cluster ip address, not either named instance ip, which i believe is correct.. The other variable here is i am trying to connect through a VPN. Where should i start looking next as far as firewall rules on the other side of the vpn, etc?

Does anyone see these type of login failures showing up on stand-alone servers with multiple instances of SQL 2005 and 2000 installed?  The OS is win2000 sp2

On a Windows Cluster it is possible to install a SQL Server Cluster, which will be a separate entity

We have intermittent issues with connecting to named instances of Analysis Services on a cluster.  So, does the initial situation described by Xinwei apply in this case?  It seems that the situation described either always works or never works.

Top things I always forget when logging into SQL Server:   1. SSL Self-Signed Cert Does Not Work

Have they come out with a Fix to this yet? I've prefer named instances over Default but i've run into this problem as well and opened ports, enabled remote connections, pinged, shared drives, folders... everything short of glueing the two servers together. It simply acts as if it doesn't want to connect to the named instance

Have they come out with a Patch yet, or and upgrade/ fix?

We had a fix in SQL Server 2008 for this issue. However, we found another issue and this issue makes the fixs does not work for x64 machine (server machine). So, if your server is SQL Server 2008 on Vista/Win2k8 on X86/IA64, you should have no problem connecting to your server even if you have firewall enabled on your client Vista/W2k8 machine. Thanks.

I have also been stalled by Error:26 issue.

The followings are my current installed applicaions and related info:

1. OS: Vista Home Premium with SP1

2. SQL Server 2005 SP1 and SQWL Server Management Studio Express edition.

3. Web Developer 2008 Express.

Symptom:

When I tried to create a connection to SQL Server by clciking the mdf in Database Explorer of VWD, it displayed the Error 26. However, I can attach the mdfs in Management studio and access the file at all.

Thank you in advance for any idea.

I am trying to connect from Server 2008x64 to Clustered SQL 2008x64 on Server 2008x64, (named instance) and I continually get the error 26. Have checked all the issues you list. When will the fix for Server 2008 x64 - Clustered SQL 2008 be available?

Thanks,

Nevermind. Firewall was "on", albeit showed up as red in control panel because wasn't configd with all of the recommened settings.

I have been able to connect to Sql Express using the Data connection Wizard.But when I connect using code I have an error that says that remote connection is not possible error 40.In spite of doing all possible changes to the settings of SQL Config manager and firewall. Please help me fix this problem.Thanking you in advance.

we installed 2 virtual server on a cluster, each with 1 named instance but no DEFAULT instance. we set the port for both instances to 1433, do we still have to specify "server=ip,1433" in the connect string?

If you have a clustered SQL Server 2000 or SQL Server 2005 you might have the following error message:

We had similar issues.

The servers on the LAN side worked fine. The one in the DMZ could not connect to the SQL server. We could ping it and browse.

The reason it didn't work in our network was this.

The SQL browser listened on IP adres 10.0.0.44 (the IP address of the virtual node) and replied using the IP address of the physical node.

Our Firewall blocked the packet because it was no reply to a request and therfore had no business getting into the DMZ.

After creating a policy in the Firewall allowing the ip address to access the DMZ it all worked fine.

There have been a couple of issues that keep pestering the SQL Server community for those that use Vista

We are about to move a very large number of databases from SQL2000 and SQL2005, on to a SQL2005 Cluster. As I am reading this article, named instance resolution on SQL2005 Clusters is going to break with Vista, and also break with any app or device that enforces strict UDP i.e. checks that the IP address of the reply matches the IP address of the original destination. This is an important test to apply because it screens off a lot of serious UDP attacks, including attacks that target SQL Server specifically.

Xinwei, you are saying the problem originates in the UDP protocol but is it not the case that this could be fixed in the SQL Browser Service? Other services can listen on specific IPs and ports, is it that expensive to have the *option* to configure SQL Browser the same way?

I also have another suggestion that you can implement which is much less expensive and makes the Browser service compliant with correct UDP checks. Have the Browser Service inspect the UDP packet header and check the destination address. If the destination address is an available direct attached interface and routable to the sender, have the Browser Service send the response packet with an origin address of this interface, via the interface. That will then pass strict UDP checking and contribute to everyone's security.

As a bonus you could also have the Browser (optionally) discard packets that had a (forged) origin on a local interface or a (forged) destination that is not a local interface.

We really need this fixed on 2005, not just 2008. To be honest we are avoiding Vista as it's a nightmare. But we still need our SQL2005 Cluster to work properly. Microsoft should make sure that all its supported products comply with security best practices. Sending UDP replies, with a different origin than they were originally sent to, does not comply.

I hope you will be able to do something. Thanks very much to Xinwei and other contributors for all the excellent information here, it has helped us understand this problem.

Please let me know in case there is any solution.

I have 2-node SQL Server 2005 Cluster which configured as Active/Passive mode, let say A node and P node. I already install 1 CRM instance on this cluster before. Now I wanna to install a second 2-node cluster on these...

Below is the error that SSIS is throwing when trying to connect to a NAMED SSAS instance on a windows CLUSTER

A connection cannot be made to redirector. Ensure that 'SQL Browser' service is running.

The issue still isn't fixed when running Windows 2008 Ent Server w/SP2 and SQL 2008 Ent w/SP1 and CU1.  We're running sql with 2 VLANs (1 for Production and 1 for Backups) and we're still getting the infamous "The SQLBrowser service was unable to process a client request." error.  It's crippling our website and causing a lot of pain.  You mention adding the port to our connection string as a workaround which may help, but it doesn't help SQL Server Agent.  SQL Server Agent jobs (mostly T-Log backups) fail constantly with the SNAC error above.  I'm guessing it's b/c they log in via one VIP then write the backups down the 2nd VIP?    

I should note we recently upgraded the servers in-place from SQL 2005 w/SP2 and CU9 (OS stayed the same).  We never experienced this issue on SQL 2005 which is ironic b/c it seems it's been a chronic problem since the Browser's inception.  Now when it's supposed to be fixed we finally get burned.  

Please don't let this drag out like the security cache fix for SQL 2005....took multiple tries/hotfixes to finally resolve it.  

We ran into this as well.  We solved the problem by adding a firewall exception rule to the Vista Client box that allowed all traffic / all ports between the client PC and the Server IP Address.  We figured if the SQL Cluster got hacked we would have bigger problems than it attacking the clients.

Linked Server from SQL Server 2005 (on cluster) and to SQL Server (web edition) 2008 - not on cluster.

SQL 2008 has a server\dbInstanceName using SQL Server security (username & password) for a WebData database.

I am trying enterprise manager from 2005 to connect to the 2005 db - and get SQL Network Interfaces, error: 28 - server doesn't support requested protocol

Do I need to turn on a port?

Is there a sequesnce to connect?

e.g. 10.1.2.1\dbInstance  

I have strange issue where in I am unable to connect to SQL server over local LAN. However I do not have any issue

a) if RDP to other server and try to connect from it. b) if I am on VPN then I do not have any issue.

c) if I try to connect <IPAddress>,<Port> then I am able to connect over local LAN through desktop.

Note:- IP Address of server has been changed recently and person who is in same subnet as me is able to connect to server without any issue.

Any help on it would be appreciated.

Hi i have the same issue sometime ago and i just start Sql Server Browser in services

hope it works for anotherones of you

Hi,

My installattion is on my Local Machine.

I reinstalled SQL Server 2005 and am unable to connect to the server.

I am using Windows authentication Mode. My computer Name is NINJA.

So I used the server name as NINJA\SQLEXPRESS.

It is giving Error 26.

TITLE: Connect to Server

The problem for us was the binding order on the NIC's as we had recently enabled new ones. Correct the binding order in network connections then reboot.