Risk and Rollback to assigning Static ports.

Similar Messages

• SQL Server 2012 - 3 SQL clustered instances - one default/ two named instances - how assign/should assign static ports for named instances

  We have two physical servers hosting 3 SQL 2012 clustered instances, one default instance and two named instances.
  The default instance is using port 1433 and the two named instances are using dynamic port assignment.
  There is discussion about assigning static port numbers to the two named clustered SQL instances.
  What is considered best-practice?  For clustered named instances to have dynamic or static ports?
  Are there any pitfalls to assigning a static port to a named instance that is a cluster?
  Any help is greatly appreciated

  Hi RobinMCBC,
  In SQL server the default instance has a listener which listens on the fixed port which is TCP port 1433. And for the named instance the port on which the SQL server listens is random and is dynamically selected when the named instance of the SQL server
  starts.
  For Standalone instance of the SQL server we can change the dynamic port of the named instance to the static port by using SQL server configuration manager as other post, however, in case of the cluster, when we change the port no. of the named instance
  to the static port using the method described above, the port no. again changes back to the dynamic port after you restart the services. I recommend you changing the Dynamic port of the SQL Server to static port 
  on all the nodes , disabling and enabling the checkpointing to the quorum.
  For more information, you can review the following article about how to change the dynamic port of the SQL Server named instance to an static port in a SQL Server 2005 cluster.
  http://blogs.msdn.com/b/sqlserverfaq/archive/2008/06/02/how-to-change-the-dynamic-port-of-the-sql-server-named-instance-to-an-static-port-in-a-sql-server-2005-cluster.aspx
  Regards,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• Assigning static port address

  Hello All,
  We are having a standalone BOE server. I have a doubt about assigning static port addresses to servers. We had a standard deployment of BusinessObjects 4.0 SP2. Our admin has assigned static request port address to APS, CMS, FRS, Crystal report servers and Dashboard server instead of using "Auto assign".
  Does it necessary to assign static port address to these servers and does it necessary to open these ports on firewall?
  What are the advantages of assigning static port address instead of using "Auto assign"?
  As per my understanding, request port of APS, FRS and other servers are used to communicate those with CMS. And CMS and all other servers are hosted on the same server. Then why do we need to open those ports on firewall in a server.
  Appreciate your help and suggestions.
  Thanks and Regards,
  Aashutosh

  Hi,
  if you dont have a Firewall in between your Client PCs and the BOE Server you dont need to assign static ports. You only need this if a Firewall is controlling the communication between these two parts.
  Most of the Services communicate only with the CMS - thats correct.
  But if you use the BI LaunchPad only for vieweing and creating Reports like WebI you need to open the Port 8080 for the Application Server.
  If you are using Front- End Clients for viewing and or editing Reports you need to open the CMS Port 6400 and assign a static Port to the IFRS and OFRS and open these ports too.
  Regards
  -Seb.

• Assigning static request ports

  Hi,
  Due to our firewall deployment, we have to assign static request ports for serveral servers in the CMC in BI 4.0. This can be done manually, but we would like to script; we plan to use silent install so one wrapper script to do the install and then assign the ports would be great!
  Note this is BI 4.0 on windows... so my feeling is this is not possible (windows is not great for scripting), but would be really happy to be proven wrong!
  Thanks,
  Tadhg

  First and foremost, this definitely belongs in Idea Place.  Whether it be setting command line arguments via the BIP SDK, or setting default firewall configuration for new services, this behavior would be useful in a number of scenarios, including onboarding new tenants in a multi-tenant environment.  In the XIR2 days you could have accomplished this through a simple .reg file that modified the service parameters in the Windows registry.  Since the SIA now controls the relevant services they read their command lines from the system database like Graham mentions.
  I do have a couple of thoughts on this, though I admit I haven't tested any of this so can't guarantee it would work.
  Set your requestport properties in a test environment, and use the BIAR command line option (see section 15.5 on Page 520 of the FP03 admin guide) to backup the relevant server instances.  You could use a query like:
  select si_id, si_kind, si_current_command_line from ci_systemobjects where si_kind = 'server'
  Since the default servers should always have the same SI_ID you could script the LCMCLI to update your server objects with the appropriate command line immediately following the installation.
  Again not entirely sure this would work but perhaps something worth trying...

• Administration Panel Error and a Question about Static IPs

  Since there appears to be no other place to report errors within the latest generation of Linksys router firmwares, I thought the forums may be the best place.
  If you use remote access to your router's Administration management console, upon saving any changes you are sent to the
  "Your settings have been successfully saved." page. Upon clicking cancel it successfully attempts to route to the appropriate hostname but does not consider the port being used; therefore, unless you have your management console hosted on port 80 it does not bring you back to the right place.
  This is mostly an annoyance.
  My question is I'm wondering if it's possible to assign static IP addresses from the router.
  On my older (much older) Linksys routers (before Cisco bought them out) you could easily assign static IPs.
  I cannot seem to find a way to do with newer generations.  All suggestions recommend assigning static IPs from the
  network devices themselves, however that poses problems on modern mobile devices which don't let you do that,
  and for laptops that are brought into a lot of different networks it becomes an annoyance to change those settings manually.
  I have a EA4500 router.
  Solved!
  Go to Solution.

  You want to assign a specific ip address to your computers/network devices thru the router? You can use the DHCP reservation feature of this router.
  "A DHCP Reservation is a permanent IP address assignment.  It is a specific IP address within a DHCP scope that is permanently reserved for leased use to a specific DHCP client."
  Please check this link:
  http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&docid=71dac52653fa4944ae5e4f94ebdf9586_17362.xml&pid=80&...

• Trying to install WSUS role on Windows Server 2012 R2 using dedicated SQL Instance with static port on remote SQL Server 2012 SP1 CU7 on Windows Server 2012 R2.

  I am trying to install WSUS role on Windows Server 2012 R2 using dedicated SQL Instance with static port on remote SQL Server 2012 SP1 CU7 on Windows Server 2012 R2.
  It verifies the connection and then throws the error:
  The request to add or remove features on the specified server failed. The operation cannot be completed, because the server you specified requires a restart.
  WSUS Server : Windows Server 2012 R2
  Remote SQL Server: 2012 SP1 CU7 hosted on Windows Server 2012 R2
  Please let me know if anyone has experienced this issue.

  We were trying to install WSUS role on Windows Server 2012 R2 using dedicated SQL Instance with static port on remote SQL Server 2012 SP1 CU7 on Windows Server 2012 R2.
  It verifies the connection and then throws the error:
  The request to add or remove features on the specified server failed. The operation cannot be completed, because the server you specified requires a restart.
  Same error even after rebooting the server multiple times.
  WSUS Server : Windows Server Standard2012 R2
  Remote SQL Server: Windows Server 2012 SP1 CU7 hosted on Windows Server 2012 R2
  Event ID 7000:
  The Windows Internal Database service failed to start due to the following error:
  The service did not start due to a logon failure.
  Event ID 7041
  The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
  Logon failure: the user has not been granted the requested logon type at this computer.
  Service: MSSQL$MICROSOFT##WID
  Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
  This service account does not have the required user right "Log on as a service."
  User Action
  Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user
  right is assigned to the Cluster service account on all nodes in the cluster.
  If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated
  with this node might be removing the right.
  I found following article:
  "MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID" error when you install WID in Windows Server 2012
  http://support.microsoft.com/kb/2832204/en-us
  To work around the issue, use one of the following methods:
  Assign the Log on as a service user right to NT SERVICE\ALL SERVICES in the GPO that defines the user right.
  Exclude the computer from the GPO that defines the user right.
  We moved the SCCM server to OU where no policies were getting applied and then applied the new GPO to that OU. Restarted the server and we were able to install WSUS role.
  Regards
  PR

• Assigning Static IP (not local static, internet) to server

  I use linksys router in my office. WRT54GS V4
  I have T1 line and my ISP provides 5 Static IP address.
  DHCP option is turned on in my router. My server is connected to the router.
  If I configure my server with static IP that my ISP provided, my server will not connect to internet.
  It seems to me that only way to assign static IP to my server is to get a switch/hub
  and connect server and my router to this switch/hub.
  Or turn off DHCP option and configure networksetting for each PC n my office. For this case,
  I have to assign some with local IP and some with static IP. Can it work?
  If you have any suggestion, let me know. 
  Thanks.
  Solved!
  Go to Solution.

  The WRT54GS is a consumer router. It does not support multiple public IP addresses.
  The only way it will work is the way you already found: connect a switch to the internet line and then connect the server and the internet port of the WRT to the switch. Of course, you should make sure to configure the firewall on the server very well as it is fully exposed to the internet.
  Otherwise you have to get a business router which supports multiple public IP addresses, e.g. the Cisco Small Business series or better.

• What is the recommended static port range for SQL Server 2008 to SQL Server 2014 named instance?

  I want to assign a static port to SQL Server 2008 to SQL Server 2014 named instance.   Should the port be greater than 49151?  The following links give contradicting information:
  https://msdn.microsoft.com/en-us/library/ms177440(v=sql.105).aspx
  Avoid numbers greater than 49151 which Windows might select for other purposes.
  https://technet.microsoft.com/en-us/library/ms345327(v=sql.100).aspx
  Port numbers should be assigned from numbers 49152 through 65535
  Thanks..

  I would still pick a port number below the ephemeral list (dynamic port usage [41952-65535]) as it'll reduce the chances of having a port collision when SQL Server starts up.
  Also, I'd stick to lower numbers if possible (<25,000) as some firewalls skew higher port numbers to be more malicious (if heuristics are used).
  -Sean
  The views, opinions, and posts do not reflect those of my company and are solely my own. No warranty, service, or results are expressed or implied.

• Remote debug application static port

  Hi!
  I wonder if is it possible to assing static port to remote debuggable application? I know that NI Service Locater manage the dynamic port that the application will be using, but than I have to open all the ports on firewall, because I don't know which port the remote debuggable application is using currently.
  Thanks, andrej

  Hi all,
  has this ever been solved ?
  I have the same problem. A stand-alone firewall prevents opening up the complete high port range.
  So port 3580 has been opened and the NI service locator can be contacted, I see the debuggable applications on the remote machine.
  But the Debuggable application gets a "random" port assigned by the NI service locator (?), which cannot be reached through the dedicated FW.
  So can I restrict the NI service locator or Labview application to use a specific port ?
  Thx & br
  Martin

• Troubles with configuring static port for Certsrv.msc

  I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes.  Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
  I configured a static DCOM port by following this article, including bouncing the service and also rebooting the CA box:
  http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
  The static port was opened in the firewall from my workstation to the CA.  We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open.  Sniffing the firewall
  showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.  On the CA I ran netstat & 'netstat -a' and am not seeing the static port
  listed anywhere.
  It does not appear to me that the static dcom endpoint is working properly & that it is still randomly assigning ports.  We would greatly prefer to not have the whole range opened for random port assignment.  Any suggestions?  Thanks in
  advance!

  On Fri, 7 Feb 2014 15:28:32 +0000, Steve        F wrote:
  I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes
  This is not the correct forum for this question. You should repost to:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity
  Paul Adare - FIM CM MVP
  "If you think you can have a nice network with ms-windows machines on it,
  you
  haven't run tcpdump yet." -- Alan Rosenthal

• How do I assign static ip address on time capsule

  I want to assign static ip addresses to certain devices in my home but not sure how to do it through the iMac and Air Port/time capsule

  Not sure as I don't own an Apple router but on mosdt modern routers there is a way to set, that is SET, a constant IP for devices by their MAC address, that is Mac, Media Access Control address not Mac computer.
  I would think Apple has included that feature in their Airport routers.

• Step by Step to Set up DFSR port to Static port

  Is there any guide for Step by step guide to implement DFSR ports to static.  

  It’s easy: use the dfsrdiag staticRPC command. You can verify the static RPC port change by using the
  dfsrdiag dumpmachinecfg command. (Note: the default value of the StaticRPC parameter is 0. This indicates a dynamic port assignment.)
  Will this setting last across reboots? You bet. According to DFS Replication guru Rob Post, when you specify a static port, the server-specific DFS Replication configuration file (stored in %SYSTEMDRIVE%\System Volume Information\DFSR\Config\DfsrMachineConfig.XML)
  is updated with the port information. This allows the setting to hold across reboots and service starts and stops.  If someone ever deleted the configuration file, the configuration file would be reset to defaults, though this should be extremely rare. 
  If it did occur, you will see event 6702 in the DFS Replication event log notifying you that the custom server configuration settings have been erased.
  http://blogs.technet.com/b/filecab/archive/2006/05/26/429364.aspx

• Can you configure a static port to use with certsrv.msc?

  I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes.  Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
  I configured a static DCOM port for certsvc by following this article, including bouncing the service and also rebooting the CA box:
  http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
  The static port was opened in the firewall from my workstation to the CA.  We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open.  Sniffing the firewall
  showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.
  I am wondering if there is a way to configure a static port for this high-level random port to use with certsrv.msc as I was able to do with the certsvc dcom port?  I am trying to avoid having tens of thousands of network ports wide open going to my
  CA...  Thanks in advance!

  Hi Steve,
  I am sorry that I wasn’t able to find references about restricting certificate services only use one port in the random port range.
  However, we can configure RPC dynamic ports allocation to restrict port range. In the meantime, we should keep at least 100 ports open to keep necessary system services running.
  More information for you:
  How to configure RPC dynamic port allocation to work with firewalls
  http://support.microsoft.com/kb/154596/en-us
  Service overview and network port requirements for Windows
  http://support.microsoft.com/kb/832017/en-au
  Firewall Rules for Active Directory Certificate Services
  http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
  Best Regards,
  Amy Wang

• How to assign static ip address to the server having solaris 10. i.e. nge0

  hi,
  how to assign static ip address to the server having solaris 10. i.e. nge0 i.e. 192.168.3.125 ipshold be persistantt across reboots. what steps do i need to follow to put all information including gateway,netmask etc..Also i want to integrate one init script ..can i integrate it using /etc/init.d/<service name> like linux. and do chkconfig on it?i am not getting complex procedure of SPF and FMRI etc..can u help me?

  Create a file in your /etc directory called hostname.nge0. Add the hostname of your system to this file. In your /etc/hosts file, assign the static IP address you want to the same hostname. You can then disable and enable the network-physical service to configure the network interface:
  svcadm disable network-physical
  svcadm enable network-physical

• [SOLVED] NFS Static Ports

  Hi, I just switched over to Arch a couple of days ago.  I have been extremely pleased with this distro, but am confused on one part.  I have an IPCOP firewall setup with dmz pinholes from blue to green for a couple of nfs shares.  For this I have to have the nlockmgr, status, and mountd on static IP's.  In other distros I have followed these steps:
  1. Create the file "/etc/sysconfig/nfs" and add the following contents:
  STATD_PORT=4001
  LOCKD_TCPPORT=4002
  LOCKD_UDPPORT=4002
  MOUNTD_PORT=4003
  2. Append the following to the file "/etc/services":
  rquotad 4004/tcp # rpc.rquotad tcp port
  rquotad 4004/udp # rpc.rquotad udp port
  3. Restart the nfs services
  This does not seem to work in Arch though.  Can someone point me in the right direction to setting these ports to static??
  Thanks
  Last edited by oiad (2010-06-18 04:47:03)

  Yes it works fine. The nfs server, on ipcop's green subnet, has the following in /etc/modprobe.d/* :
  # Static ports for NFS lockd
  options lockd nlm_udpport=2232 nlm_tcpport=2232
  as well as the /etc/conf.d/* settings, which results in this:
  $ rpcinfo -p
  program vers proto port service
  100000 4 tcp 111 portmapper
  100000 3 tcp 111 portmapper
  100000 2 tcp 111 portmapper
  100000 4 udp 111 portmapper
  100000 3 udp 111 portmapper
  100000 2 udp 111 portmapper
  100024 1 udp 2231 status
  100024 1 tcp 2231 status
  100021 1 udp 2232 nlockmgr
  100021 3 udp 2232 nlockmgr
  100021 4 udp 2232 nlockmgr
  100021 1 tcp 2232 nlockmgr
  100021 3 tcp 2232 nlockmgr
  100021 4 tcp 2232 nlockmgr
  100003 2 tcp 2049 nfs
  100003 3 tcp 2049 nfs
  100003 4 tcp 2049 nfs
  100003 2 udp 2049 nfs
  100003 3 udp 2049 nfs
  100003 4 udp 2049 nfs
  100005 3 udp 2233 mountd
  100005 3 tcp 2233 mountd
  'rpcinfo -p <server>' on the client, which is on ipcop's blue subnet', gives the same output. I have setup pinholes for the five ports listed.
  See if the modprobe settings work for you.