Firewall Settings needed for AGRIS Client connections to MSQL datasets

If you need to access your AGRIS SQL clients to connect through a firewall 

Step-by-step guide

Firewall Settings needed for AGRIS Client connections to SQL datasets:

1. If you encounter an error similar to the following:

    

   
   

   
   

2. You will need to set Inbound rules to open UDP ports 1433* and 1434 and add a custom rule for the SQL Server (AGRIS) service. 

In addition to the ports needed for SQL communications, here is a listing of the primary ports that must be opened on a software firewall in order to allow AGRIS clients access:

Primary Ports: 

DNS: 53 (UDP, TCP) 
COM+ (a.k.a. Enterprise Services): 135 (TCP) + random ports between 1024-65534 (TCP)**

Additional ports that may be required depending upon the system configuration: 
Terminal Services: 3389 (TCP) 
Citrix: 1494 (TCP) 
FTP: 21 (TCP) 

Please be aware that if Windows Firewall is in place on various machines in the environment, the port exceptions may need to be configured on different machines.  The ports required for SQL Server communication need to be opened on the SQL server itself, whereas the COM+ ports need to be opened on the COM Server, which may likely be on a separate server instance than SQL Server.  

*A different TCP port may be used for SQL server communication if desired by updating the connection strings in the AGRIS\Bin\DBConnections.config file to include a comma immediately followed by the port number for the server= parameter.  In the following example, we are instructing our connection to the SQL server to use port 555 in place of the default 1433:
<ConnectionString>Server=server\named_instance,555;Database=GR_AGRIS;Trusted_Connection=True;Min Pool Size=25;Max Pool Size=1000;</ConnectionString>

**By default, COM+ utilizes a large range of ports (TCP: 1024-65534).  It is possible to configure a smaller port range for COM+ by completing the following steps:

1. Go to Start > Settings > Control Panel > Administrative Tools > Component Services
2. Double-click on Component Services > Computers
3. Right-click on My Computer and go to Properties
4. Click on the Default Protocols tab
5. Highlight Connection-oriented TCP/IP and click Properties
6. For the Port range assignment and Default dynamic port allocation options, move the radio buttons to Intranet range
7. Remove the existing entries by clicking the Remove All button
8. Enter in the desired port range using the following format: 5000-5020  (NOTE:  Enter in the port range with no spaces and a hyphen separating the 2 numbers.  The example shown above would restrict COM+ to using a range of 21 ports between 5000 and 5020.  This number of ports should work successfully for most networks running AGRIS.  It may be necessary to implement a larger port range in certain environments, though it is unlikely that COM+ would ever need to access more than 100 ports.)
9. Click Add > OK > OK to save the changes from the previous step
10. Reboot the computer to ensure the changes are successfully applied
11. Adjust the software firewall settings to allow inbound connections to the port range specified above 

Please consult the Microsoft website (http://www.microsoft.com) for additional information regarding limiting the range of ports used by COM+ Applications.

Related articles

• Page:
  MSSQL Server and Client Configuration Recommendations and Requirements
• Page:
  How to remove MSSQL records associated with a failed dataset migration or dataset copy - Generate Delete Data from All Tables by TenantID
• Page:
  PSQL ZEN14 and higher Wire Encryption
• Page:
  MSSQL How To find the active connections to the database. (system or users)
• Page:
  MSSQL Transaction Timeout and Rollback