Is it dangerous if I expose UDP 1434 port of SQL 2008R2 server in Azure VM to the Internet ?

Similar Messages

• BIzTalk schema exposed as wcf service deployment in WIndows server which dont have bizTalk installed

   Hi All,
  I am deploying my Biztalk wcf service (exposed from Schema) in SIT environment which dont have BizTAlk installed. But BizTalk is installed in One server and Webservices are there in another server.
  When I browse the service, it is throwing errors as below.
  Retrieving the COM class factory for component with CLSID {9D0E435E-4CCE-4536-83FA-4A5040674AD6} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
  [COMException (0x80040154): Retrieving the COM class factory for component with CLSID {9D0E435E-4CCE-4536-83FA-4A5040674AD6} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).]
     Microsoft.BizTalk.Adapter.Wcf.Runtime.TransportProxySingleton..cctor() +23
  So please advise me on this. Am I going in correct way? Is it possible like this or do we need to install BizTalk for BizTAlk wcf services also in that environment?
  Thanks in Advance

  Hi,
  If you wish to deploy BizTalk WCF services onto another server, you can do so but you need to install BizTalk
  there. This is needed because some dlls are needed for the BizTalk WCF services such that it can point effieciently to the receive location in another server (where actual BizTalk application is running). Also the BizTalk runtime is needed in the other server
  and hence you need to just install BizTalk on the other server.
  Now if your other server is in the DMZ, then you might not go with the above option of installing BizTalk
  over there. In that case you need to install Microsoft ISA server (Internet Security and Application Server) and configure your DMZ with that. In that case you can host your BizTalk WCF services over there and make it point to the actual receive locations
  on your BizTalk server.
  Rachit
  Please mark as answer or vote as helpful if my reply does

• Best practices for exposing BPEL as web service on the Internet

  Hello can anyone tell me if there are any best practices to exposing a BPEL process to the Internet using SOA Suite 11g. We want to create a separate domain that will contain the few processes that will be need to be accessed by external services. We obviously have to do this in a secure manner, so any help in this area on how to do so would be greatly appreciated.
  Thanks in advance.
  Jim

  Hello can anyone tell me if there are any best practices to exposing a BPEL process to the Internet using SOA Suite 11g. We want to create a separate domain that will contain the few processes that will be need to be accessed by external services. We obviously have to do this in a secure manner, so any help in this area on how to do so would be greatly appreciated.
  Thanks in advance.
  Jim

• ASA PAT UDP source port

  Is there a way to preserve the source port for UDP packets that use a PAT pool?
  Here is what I need:
  The client (1.1.1.1) sends a UDP packet from port 5060 to port 5060 on our external 2.2.2.2. This packet is port forwarded to our internal server 10.10.10.10 with the original source and destination port. The server then sends a UDP response to the client from port 5060 to port 5060. The server is in a PAT pool that only contains the address 2.2.2.2. The ASA changes the source port and our client ends up rejecting the packet because the source port is not what it expected.
  How can I preserve the original source port when the packet goes through the PAT pool?
  Thanks,
  Steven

  Hi,
  Well you could probably make this work for the outbound direction BUT in the inbound direction from the Internet I dont think the is really a way to use the same public IP address and public UDP port.
  I mean, the ASA doesnt have any way to determine what traffic on destination port UDP5060 to destination IP 2.2.2.2 would have to be forwarded to which internal IP.
  It would simply use the first rule matched always.
  But as I said for the outbound direction it might work.
  You would simply add another similiar NAT statement with different source object with different source IP address. ASA would again accept the command but give an warning about rule overlap.
  I guess the below added would work for the outbound direction IN THEORY
  object network HOST-1
  host 10.10.11.11
  object network HOST-2
  host 10.10.11.12
  nat (inside,outside) source static HOST-1 interface service UDP5060 UDP5060
  nat (inside,outside) source static HOST-2 interface service UDP5060 UDP5060
  But not for inbound, though if I understood correctly, the inbound traffic should only even go to a single virtual IP
  I would imagine this is as close as you can get to "implementing" something wierd on the ASA
  - Jouni

• I am using iphoto 6.0.6 and after opening the application it drops below the dock.  I can see it when I use expose to reveal all open windows but once selected it drops below the dock.

  I am using iphoto 6.0.6 and after opening the application it drops below the dock.  I can see it when I use expose to reveal all open windows but once selected it drops below the dock.

  Try trash the com.apple.iPhoto.plist file from the HD/Users/ Your Name / library / preferences folder.
  (On 10.7: Hold the option (or alt) key while clicking on the Go menu in Finder to access the User Library)
  (Remember you'll need to reset your User options afterwards. These include minor settings like the window colour and so on. Note: If you've moved your library you'll need to point iPhoto at it again.)
  What's the plist file?
  For new users: Every application on your Mac has an accompanying plist file. It records certain User choices. For instance, in your favourite Word Processor it remembers your choice of Default Font, on your Web Browser is remembers things like your choice of Home Page. It even recalls what windows you had open last if your app allows you to pick up from where you left off last. The iPhoto plist file remembers things like the location of the Library, your choice of background colour, whether you are running a Referenced or Managed Library, what preferences you have for autosplitting events and so on. Trashing the plist file forces the app to generate a new one on the next launch, and this restores things to the Factory Defaults. Hence, if you've changed any of these things you'll need to reset them. If you haven't, then no bother. Trashing the plist file is Mac troubleshooting 101.

• Please,I want to stop users from visiting particular wensites while connected to the internet. How do I configure Firefox to automatically stop users from visiting such dangerous sites?

  Please,I want to stop users from visiting particular wensites while connected to the internet. How do I configure Firefox to automatically stop users from visiting such dangerous sites?

  Thanks, Ronda! I haven't been able to try your suggestion because I fried my router! So I need to get a new wireless router before proceeding.
  (I may start a new thread about getting a new router, but I will look for answers first to my questions and only start one if I cannot find answers.)
  After I get a new router, I will try what you suggested and report back here.

• Anybody know what tcp or udp port # is used by Server Monitor?

  Hi everyone. I've been lookin' all over ****'s half-acre to find out what port # is required for Server Monitor with no luck. Sure, I can access the local IP address on the LAN, but for LOM to be truly useful...I need to access from WAN. Since my public IP takes me direct to the server itself (and other ports on that ip do other things), I really need to know what port # is used to forward Server Monitor traffic. Anyone?
  Thanks!
  Ed

  Ed LaComb-
  I do have this link to well known TCP and UDP ports used by Apple software products.
  I am fairly certain the answer lies within.
  Luck-
  -DaddyPaycheck

• A single UDP port in a multithreaded server

  I'm trying to write a server application that creates a thread for every client. The server/client communication is a combination of TCP and UDP, and I want to use a fixed TCP/UDP port on the server side to make it easier to use behind NAT routers. Here's a summary of what I have done and what I want to achieve:
  - The server creates a TCP and UDP channel (I'm using the NIO interface) on the specified ports
  - The server waits for incoming clients by calling accept() on the TCP channel
  - The server creates a new thread for the new client, and gives the TCP and UDP channels as arguments
  - The client informs the server about its UDP port over the TCP connection
  - The new server thread connect()s the UDP channel to the IP:port pair received over the TCP connection
  I believed that connecting the UDP socket to the IP:port of the client in each thread would make it possible to use a single UDP port for the multithreaded application, but it seems that the connect() call affects the parent thread as well. The next client that tries to connect() gets a "Connect already invoked" error. I tried calling clone() on the UDP channel argument I passed to the new thread, but was not allowed to call clone() because it's protected.
  Can someone tell me if what I'm trying to do is possible, and if so, how to achieve it?

  Peter__Lawrey wrote:It sounds like you want to bind a UDP socket to a listening port and the sender as well. So you can have a thread per sending IP:port. (Not sure why you would want to...)
  To my knowledge you can only bind a socket based on the listening port. You could have a dispatcher thread which passes these packets to the thread for that sender.
  To me, client/server means a request/response based interaction with a request from the client and the response from the server back to the client. This interaction is typically point to point and lossless.-I wanted one thread per client because it's the simplest thing to implement. For example, I don't have to create data structures for storing state information for each individual client (e.g., bitrate, block size, duration, etc), since each thread has only one single client. Still, I don't want to use hacks like having a dispatcher thread, so if it is correct that UDP ports can't be used in the same way as TCP ports, I guess I'll just have to implement the server as a single-threaded process. :(
  As for client/server, a better description would be master/slave (and that's what I'm using in my program), but I thought I'd make it simple and use the more common client/server terms in this thread since it doesn't matter for the question I'm asking.

• Exposing port 3389 RDP directly to the internet.

  1. Why would a company expose port 3389 directly to the internet without VPN or a RDP Gateway?
  2. Is there a Microsoft Scenario where one would expose 3389 even with encryption and not wrap it in a SSL or VPN tunnel?
  Please provide supporting documentation for your argument.

  only for a home PC:
  http://windows.microsoft.com/en-CA/windows7/allow-remote-desktop-connections-from-outside-your-home-network
  as for corporate, it's certainly high risk, but if you want to cut out all the complications of VPNs, proxies, certificate exchanges or other dual form-factor authentications and just have a back door if the rest of your network infrastructure was to have
  issues in case of an emergency, you would use a port for direct RDP to a locked down standalone workstation in a DMZ or something, even then I would use a different port # other than 3389.
  not something that an organization would normally do, although you can have direct RDP if using smart card authentication and that adds some additional security.
  when you really think about it, RDweb is almost the same thing, it just puts a web front in there.

• UDP DatagramSocket Port 3658 Not Connecting

  Hey, I've created a server and client for an online space game I'm creating. I have all important stuff being sent on TCP, and all movement on UDP. I test it on my lan network, and it works wonderfully.I got 3658 port forwarded for both UDP and TCP. TCP and UDP works for the person hosting the server, though only TCP works for people across the internet.
  Any suggestions on how to fix this?
  -Gandolf

  (1) I've never used Flush before, why flush? Is it similar to print line to send the data?See [BufferedOutputStream.flush()|http://java.sun.com/javase/6/docs/api/java/io/BufferedOutputStream.html#flush()]. It flushes your buffers. If you're using a BufferedOutputStream or any stream or writer that buffers you should be calling flush() at the end of every every transaction.
  (2) How do you turn off the algorithm[Socket.setTcpDoDelay()|http://java.sun.com/javase/6/docs/api/java/net/Socket.html#setTcpNoDelay(boolean)]. As I mentioned above, TCP can delay packets for up to 200ms, with the aim of coalescing them into larger packets, which is normally a really good idea, because the TCP packet overhead is 40 bytes, so sending single bytes around gets expensive. In this case turning it off will help your timing.
  (4) WIll this give me as good results as UDP in a speed test?Again, you don't have any UDP results to compare to, do you?
  (5) Are there any down sides?It's a space/time tradeoff. As mentioned above, normally the Nagle algorithm is left alone as it optimizes space on the network, at a very slight time cost which you only see in highly interactive applications like this. The X Window System is another example..

• Time Capsule don't connect alarm system to the internet by UDP ports

  I have installed an Airport Time Capsule and connected to the ethernet port an Joblatron Alarm system.
  The alarm systems gets a IP-adres(reserved by DHCP reservation ip:192.168.1.110) from the Time Capsule Buth doesn't connect to the internet. When i send a ping to the ip adres 1 get a ping result so there is an connection between Time Capsule and alarm system.
  After communication with the service desk from the alarm system i have forwarde the next UDP ports: 7070, 8080,8081,8082,8083,8084,8085,8086,8087,8088,8089. The alarm system must make connetion with the server from jablotron(gsmlink.cz) and send my ip-adres to the server. From this site I can make connection to my alarm system and managed it.
  What can I do to fixing this problem?

  I don't see anything wrong with the setup. This is just typical apple being difficult.
  Are all names SMB standard.. ie short, no spaces and pure alphanumeric. Do not use apple naming.
  What model TC and what firmware are you running??
  I strongly recommend earlier firmware. 7.6.1 for later Gen4 and 7.5.2 for earlier ones.
  No luck it is much easier to bridge out the TC and use a standard router that has real controls.. and use that. TC can still do wireless and network backups for your Mac.. but it is hopeless when you mix in other brands.

• RAC interconnect using UDP - default ports?

  Is there a default port used by each cluster member to listen for connections over UDP? We use IPTABLES firewalls on our hosts, and I need to ensure the cluster heartbeat traffic gets through the firewall properly.
  Thanks in advance.
  Jeff

  user2528460 wrote:
  I understood the UPD ports that are going to be used on the interconnect (clearly without a firewall). Is there a set of default ports?I did a quick count (using <i>lsof</i> to list UDP ports opened on the Interconnect interface) that showed over 185 UDP ports in use.. E.g.
  [root ~]# lsof -n -i | grep UDP | grep "10.0.1.1"
  oracle     5577  oracle   10u  IPv4   130938       UDP 10.0.1.1:22747
  oracle     5577  oracle   15u  IPv4   130941       UDP 10.0.1.1:64265
  oracle     5579  oracle   10u  IPv4   130948       UDP 10.0.1.1:39566
  oracle     5579  oracle   15u  IPv4   130951       UDP 10.0.1.1:55454
  oracle     5579  oracle   21u  IPv4   130970       UDP 10.0.1.1:27897
  oracle     5581  oracle   10u  IPv4   130973       UDP 10.0.1.1:14118
  oracle     5581  oracle   15u  IPv4   130976       UDP 10.0.1.1:13774
  oracle     5583  oracle   10u  IPv4   130983       UDP 10.0.1.1:33277
  oracle     5583  oracle   15u  IPv4   130986       UDP 10.0.1.1:6886
  ..snipped..I would not be concerned about what ports are in use. The important decisions are do you use bonding for the Interconnect, do you use jumbo or super-jumbo frames (MTU sizes), and so on. The actual ports being used has no real bearing as firewalling is not applicable.

• Expose Orchestration as RESTful service in Biztalk Server 2013

  Hello all,
  I am having BizTalk application (orchestration)where I am receiving few info and sending it back some info to requestor.
  I want to expose this orchestration as RESTful service, to do that I know we can use BiztTalk WCF Publishing wizard and select "WCF Web Http" but what needs to add in other fields ? can some one tell me ?
  or point me to some example...
  Note : I tried this example but no use ......http://seroter.wordpress.com/2012/11/12/exploring-rest-capabilities-of-biztalk-server-2013-part-1-exposing-rest-endpoints/
  Thanks,
  Nilesh Thakur.
  Thanks and Regards, Nilesh Thakur.

  Hi Nilesh,
  I have do it by following way .Links are listed below
  http://code.msdn.microsoft.com/BizTalk-Server-2013-WCF-e3e4a4f9
  http://vikasbhardwaj15.blogspot.co.uk/2014/01/publish-rest-service-from-biztalk-server.html#!/2014/01/publish-rest-service-from-biztalk-server.html
  Thanks
  Abhishek

• JTAPI + UDP = ICMP Port Unreachable

  Hi,
  We're writing an IVR application which register itself as a CTI Route Point. This CTI RP has one line, 2000, which receive the external call (PSTN) from a voice gateway. A customer calls 0800 number, then flows thru PSTN->E1->Gateway->CallManager (2000)->CTI RP.
  JTAPI triggers an incoming call event (TermConnRingingEv), I answer this call (terminalConnection.answer()), I receive a TermEv event (CiscoRTPOutputStartedEv), get remote address and port by rtpOutStarted.getRTPOutputProperties() (getRemoteAddress and getRemotePort properties) and start sending RTP audio (CiscoRTPPayload.G711ULAW64K, 160).
  Here begins my problems. Testing this scenario with internal calls only, it was 100% perfect! But using external calls (E1->gateway), all the time getRemoteAddress answers the same IP Address (of course, gateway address). But each time there's a different port, one for each call. Usually we have success and the audio comes to final destination: the mobile phone on PSTN; but sometimes the DatagramSocket.send(DatagramPacket) method throws exception "ICMP Port Unreachable" and the call remains active but mute.
  There's no pattern for this problem, sometimes it works, sometimes doesn't.
  Our CUCM version is 7.1, there's no Unity or IPCC on environment, just CallManager, Gateway and application.
  StackTrace:
  java.net.PortUnreachableException: ICMP Port Unreachable
  at java.net.PlainDatagramSocketImpl.send(Native Method)
  at java.net.DatagramSocket.send(DatagramSocket.java:612)
  Thanx!

  It means there is no UDP connectivity between whatever host gets the exception and whatever host that socket is connected to. Typically a firewall problem.
  The addresses of 0.0.0.0 just mean that the socket is bound to all interfaces, it's not a problem.

• Exposing specific modules to the internet

  Hi all
  I'm using R12 which currently is only accessible on the companies intranet.
  We would like to allow some external users and clients to access some of the EBS modules - such as timecard.
  Is it possible to configure it so that users could access only a specific URL and get to only certain modules ?
  Thanks

  Thanks
  it seems that url_fw.conf is included as part of ssl.conf, which in turn is included by httpd.conf.
  From what I understand, in the configuration I want to achieve, I will have to
  1. set up additional Network interface on each of the nodes in the middle tier, to act as the external facing NIC.
  2. Clone the primary context file to a new context file (for external) on each node in middle tier.
  3. Run autoconfig which should, I believe, generate the new .env files, and httpd.conf files etc for the new external web
  server service listenering on the new port. It is, I guess, this httpd.conf which will use ssl.conf and url_fw.conf to
  control external URL's. I guess this has to be in a new location somewhere of $INST_TOP so as not to conflict with the
  existing config files under $INST_TOP. I then modify the new url_fw.,conf to allow those apps that I want to expose ?
  Does that sound about right ?
  Best regards