SQL Server Connectivity Roadmap.

Preliminary Information Collection

1. Named instance or Default instance
2. The exact error message returned to the client.
3. How often does the connectivity issue occur? (always, sporadically, peak hours etc.)
4. Is the problem specific to a particular client or application?
5. What protocol is the client using to connect to SQL Server (Named Pipes, TCP/IP etc.)
6. Are the SQL Server and the client in the same domain? Or are they in a workspace?
7. Are there any firewalls in this environment?
8. Are they using Windows authentication or SQL authentication?
9. Version and Service Pack. (patch for slammer virus? Latest security patch?)

Preliminary Troubleshooting
1. Look at the latest SQL Errorlog (Located in MSSQL\LOG folder or
MSSQL$XXXX\LOG folder) and look for entries similar to the following
2003-02-11 11:53:32.37 spid3 Server name is ‘SERVERABC’
or
2003-02-11 20:36:30.85 spid3 Server name is ‘SERVERABC\INST1’
and
2003-02-11 11:53:32.54 server SQL server listening on 62.58.65.150: 1433.
2003-02-11 11:53:34.54 server SQL server listening on TCP, Shared Memory, Named Pipes.

Based on the above determine the following

a. Is it a default or a Named instance? Named instance has ‘\’ in the server name.
b. Is SQL Server listening on Named Pipes?
c. Is SQL Server listening on TCP\IP, if so, note down the port number and IP
address? Are there any messages indicating that SQL Server was not able to bind
to the specified port? This can prevent SQL Server from listening on TCP/IP.
d. Is SQL Server listening on the protocol, the client us using to connect? Is the
client using the correct port number to connect to SQL Server?

2. On the problematic client, Check the Client Network Utility (Start | run | cliconfg) and
make sure TCP/IP and Named Pipes are listed in the enabled Protocol list. Also check if
any aliases exist for the SQL Server. If aliases exist, note them down and delete them.

3. Check the MDAC version on the client machine by using the Component Checker tool.
Component checker can be downloaded from
http://msdn.microsoft.com/library/default.asp?url=/downloads/list/dataaccess.asp

4. Use the netstat command on the server to confirm that SQL Server is indeed listening on
the tcp port specified. (Use netstat –a and netstat –n )

5. Check if SSL Encryption is being used. Check the Client Network utility and the Server
Network utility to see if the “Force protocol encryption” option is checked.

6. General troubleshooting: Try the following troubleshooting from the problematic client
a. Ping the SQL Server by name and make sure the proper IP address is returned
b. Ping the SQL Server by IP address (use Ping -a)
c. Try to connect using just the Server Name
 d. Try to connect using the just the IP address
e. Try to connect using Server Name,1433 (or the port being used)
f. Try to connect using IP address,1433 (or the port being used)
g. Create an alias to use Named Pipes and test connection using that alias
h. Create an alias to used TCP/IP and dynamically determine port and test
connection using that alias
i. Create an alias to use TCP/IP and specify the port number. Test the
connection using that alias.
j. Ask for a copy of the following registry hives.
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLS
erver\Client -For Client side configuration
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLS
erver\MSSQLServer\SuperSocketNetLib –For server side
configuration for default instances
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
SQL Server\ <Instance
Name>\MSSQLServer\SuperSocketNetLib –For server side
configuration for named instances

7. Next try the following troubleshooting depending on whether you have a Named instance
or default instance and the port on which SQL Server is listening on.

• Troubleshooting for Default Instances

a. If it is a default instance, listening on any port other than port 1433, clients will
have to specify the port number while connecting to SQL Server using TCP/IP.
This can be done by specifying the server name in the form of ServerName,Port
(For example SERVERABC,1500) or creating an alias for the Server Name by
specifying the port.
b. If it is a default instance, listening on port 1433, the port number does not have to
be specified when connecting to SQL Server.
c. When connecting to default instances, the MDAC version on the client computer
should not make any difference.

• Troubleshooting for Named Instances

a. If it is a Named Instance of SQL Server, make sure that you are trying to connect
using the server name which is in the form SERVERNAME\INSTANCE name.
b. If the client has MDAC 2.5 (or lower), clients will have to specify the port
number while connecting to SQL Server using TCP/IP. This can be done by
specifying the server name in the form of ServerName,Port (For example
SERVERABC,1046) or creating an alias for the Server Name by specifying the
port.
c. If the client has MDAC 2.6, test the following, check to see if UDP port 1434 on
the SQL Server machine is open for the clients to connect to.
d. Use the netstat command on the server to confirm that SQL Server is indeed
listening on the UDP port 1434. (Use netstat –a and netstat –n )
Troubleshooting for specific scenarios
1. From the above steps if you determine that the connectivity issue is specific to TCP/IP
a. Check if SQL Server is listening on TCP/IP. Check if there any failures when
binding to the port.
b. Try to connect using IP address. Check for name resolution
c. Try to access a share on the SQL Server and make sure this works fine.
d. If a firewall exists, make sure the required ports are open. Use the following
articles
• 287932 INF: TCP Ports Needed for Communication to SQL Server Through
a Firewall
• 216415 INF: How to Set Up SQL Server with Microsoft Proxy Server
• 299673 HOWTO: Configure ISA Server 2000 and Enterprise Manager to
Connect
e. Check for aliases on the client side. Check the connection string or the DSN for
the application.
f. Obtain a netmon trace from the client and the server when attempting to make the
connection. Use the netmon trace to determine where the traffic is being blocked.
g. Check if they may be running into any of the following issues.
• 306865 BUG: SQL Server May Not Listen on TCP/IP Sockets
• 308766 FIX: Enabling TCP/IP Through the Server Network Utility May Not
Enable

2. From the above steps if you determine that the connectivity issue is specific to Named
Pipes
a. Check for name resolution
b. Check if SQL Server is listening on Named Pipes
c. Check the pipename in the SQL Errorlog and the server network utility
d. Check the pipename in the Client network utility.
e. Use readpipe and makepipe for testing (68941 INF: Procedure for Testing
Named Pipes)
f. With Named Pipes, database clients must be authenticated by Windows NT
before establishing a connection.
g. Some known issues and related articles
• 818806 Some Named Pipes Features Are Not Disabled After You Disable
the Named
• 831127 Named Pipes cannot be removed on Virtual SQL Server Running
SP3.
• 823492 "Connection Could Not Be Established" Error Message When You
Connect to
• 110905 INF: Readpipe Return Codes
• Pipename for a Virtual SQL Server - SOX020930700092

3. From the above steps if you determine that there exists a name resolution issue.
a. Ping by name and IP address and note how the name resolution works (no name
resolution, NetBIOS name, Fully qualified domain name)
b. Check lmhost and host file for any entries. Entries can be added here to force
name resolution.
c. Involve active directory or the domains group to help with any DNS or WINS
issues.
4. SQL Server failed to bind on a particular port
a. Determine if another application was using the port when SQL Server started.
b. Use utilities like findport, PortQry or Fport for this purpose.
• findport (usage findport portnumber).
• Fport tool gives all the applications along with their port numbers. Can be
sorted by port number using the /p switch
c. If the port is no longer being used by any application, try to restart SQL Server
and check if SQL Server is able to bind to the port on starup.
d. Check for the following issues.
• 293107 PRB: Unable to Release TCP\IP Port 1433 for Client
Communication
• 312935 FIX: SQL Server Fails to Bind TCP/IP Port at Startup
• 319578 PRB: Error Message:"Bind Failed" Occurs After IP Address
Changes on a cluster

5. From the above steps if you determine that the issue is specific to a particular application.
a. Determine how the application connects to SQL Server
• DSN Vs DNS less connection
• ODBC Vs OLE DB
• Any 3rd party driver/provider being used?
b. Check the connection string
c. Check the driver version.
d. You may have to involve the Webdata team if you find that the issue is driver
specific.
e. The following articles may be useful
• 289573 PRB: Configuring DSNs with SQL Server Net-Libraries
• 175671 PRB: 80004005 ConnectionOpen (CreateFile()) Error Accessing
SQL
• 328383 INF: SQL Server Clients May Change Protocols When They Try
to Connect
• 238949 HOWTO: Set the SQL Server Network Library in an ADO
Connection String
• 313295 HOW TO: Use the Server Name Parameter in a Connection
String to Specify
• 307002 PRB: ASP/ODBC/SQL Server Error 0x80040E4D Login Failed
for User
• 830267 Guide to Initial Data Collection for GNE Errors

6. From the above steps if you determine that the error encountered is “Cannot generate
SSPI context.”, sometimes accompanied by “Login failed for user ‘null’”
a. Check for name resolution (should resolve to the fully qualified domain name)
b. Check the SPNs (use SSPITest, the setspn utility or ADSIEdit). SETSPN can be
downloaded from
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-
o.asp
 c. What account does the MSSQLSERVER service use? (Only local system and
Domain admin account have permissions to create or delete SPN)
d. The following articles give more information on troubleshooting this issue.
• 267588 "Cannot Generate SSPI Context" Error Connecting to SQL 2000
• 269541 INF: "Cannot Generate SSPI Context"
• 267550 BUG: "Assertion Failed" When You Connect to SQL Thru TCP/IP
• 319723 INF: SQL Server 2000 Kerberos Support Including SQL Server Virtual
• 811889 HOW TO: Troubleshoot the "Cannot Generate SSPI Context" Error
Message
• 817384 HOWTO: Use Kerberos Authentication for Microsoft SQL Server 2000
• 326138 HOW TO: Troubleshoot SSPI Context Errors
• SOX030217700145 What does the SSPITest output mean?
• SOX030805700091 SPNs: What They Are And How SQL Server Uses Them

7. From the above steps if you determine that the connectivity issue is specific to Named
Instances
a. Check the instance name is being specified properly with ‘\’
b. Check if UDP port 1434 is blocked (utilities like PortQry can be used)
c. Check the client MDAC version
d. Obtain a netmon trace from the client and the server and check for UDP traffic.
e. Check if you are able to make a connection when you specify the port number.
f. The following article may be useful
• 308091 BUG: Hide Server Option Cannot Be Used on Multiple Instances of SQL
• 286303 INF: Behavior of SQL Server 2000 Network Library During Dynamic
Port
• 265808 INF: How to Connect to an SQL Server 2000 Named Instance with the
• 260414 INF: Frequently Asked Questions - SQL Server 2000 - Multiple
Instances

8. Unable to connect to a Virtual SQL Server (SQL Failover Cluster)

a. Make sure the Virtual SQL Server name is being used and not the node name or
the windows cluster name.
b. Check for the following issue
• 319578 PRB: Error Message:"Bind Failed" Occurs After IP Address Changes on
a cluster
• 319723 INF: SQL Server 2000 Kerberos Support Including SQL Server Virtual
• 306985 RPC Errors When Connecting a Cluster Virtual Server with Named
Pipes
• SOX020930700092 Pipename for a Virtual SQL Server
c. Treat is like a regular connectivity issue.

9. The connectivity issue occurs only when the “Force protocol encryption” option is
checked.
a. Check whether they are using server side or client side encryption.
b. For server side authentication, make sure the certificate is valid. It should be
issued to a fully qualified domain name of the server on which SQL Server is
 running. Also the Enhanced key Usage property should show "Server
Authentication(1.3.6.1.5.5.7.3.1)"
c. Use the following articles
• 318605 INF: How SQL Server Uses a Certificate When the Force Protocol
• 276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
Server
• 309398 PRB: SQL Server 2000 Installation or Local Connections Fail with "SSL
• 322144 FIX: SECDoClientHandShake Cannot Connect to SQL Server

10. The error indicates that Connection Timeout expired.

a. Check if there is a difference between connecting using IP address and
servername
b. Try to map a drive to the server.
c. Check for the following issue
• Q300420 FIX: Connection to SQL DB Using IP Address Is Unusually Slow

11. Max user connections reached.

a. Check the sqldiag and make sure user connections is not set to 1
b. Check the for the following issue
• Q308820 FIX: SQL Srv. May Fail to Start If Affinity Values Misconfigured

Involve the Windows networking group if you determine that

• The server does not respond to ping requests
• Issues with firewall or a blocked port
• Cannot map a drive to the server
• There seem to be DNS or WINS issues. You may also have to involve Domains or the
Active Directory group in this case.
• If you require assistance when setting up Network monitor or interpreting the output from
one.

Useful articles (This list also contains some articles referred above)

Commonly used articles

328306 INF: Potential Causes of the "SQL Server Does Not Exist or Access
830267 Guide to Initial Data Collection for GNE Errors
286303 INF: Behavior of SQL Server 2000 Network Library During Dynamic Port
287932 INF: TCP Ports Needed for Communication to SQL Server Through a Firewall
265808 INF: How to Connect to an SQL Server 2000 Named Instance with the
260414 INF: Frequently Asked Questions - SQL Server 2000 - Multiple Instances

Articles for specific issues

823492 "Connection Could Not Be Established" Error Message When You Connect to
818806 Some Named Pipes Features Are Not Disabled After You Disable the Named
831127 Named Pipes cannot be removed on Virtual SQL Server Running SP3.
823492 "Connection Could Not Be Established" Error Message When You Connect to
110905 INF: Readpipe Return Codes
318605 INF: How SQL Server Uses a Certificate When the Force Protocol
Q308820 FIX: SQL Srv. May Fail to Start If Affinity Values Misconfigured
Q300420 FIX: Connection to SQL DB Using IP Address Is Unusually Slow
276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate Server
309398 PRB: SQL Server 2000 Installation or Local Connections Fail with "SSL
322144 FIX: SECDoClientHandShake Cannot Connect to SQL Server

216415 INF: How to Set Up SQL Server with Microsoft Proxy Server
299673 HOWTO: Configure ISA Server 2000 and Enterprise Manager to Connect

294453 INF: Set Up SQL 2000 to Listen on Multiple Static TCP Ports
235987 Virtual SQL Server Only Supports the Use of One TCP/IP Address
286303 INF: Behavior of SQL Srv. 2000 Network Library
279526 FIX: SQL Server ODBC Driver Ignores Authentication Setting
258939 Recommendations for Connecting to Databases Through Internet Information

822642 INFO: Configuring SQL Server Network Libraries Using SQL-DMO

109787 INF: SQL Communication Errors 17832, 17824, 1608, 232, and 109
137983 INF: How to Troubleshoot Orphaned Connections in SQL Server
239894 INF: How to Establish Encrypted Multiprotocol Connections with SQL 7.0
138541 HOW TO: Odbcping.exe to Verify ODBC Connectivity to SQL Server
247641 FIX: Trusted TCP/IP Socket Connection May Fail with Error Message 18452
306865 BUG: SQL Server May Not Listen on TCP/IP Sockets
308766 FIX: Enabling TCP/IP Through the Server Network Utility May Not Enable

Useful Tools/Commands/Logs
• Logs (SQL Errorlog, Event logs, ODBC log)
• Ping, pathping, odbcping –To test basic connectivity
• Component checker (http://msdn.microsoft.com/library/default.asp?
url=/downloads/list/dataaccess.asp)
• net view \\YourServerNameHere
• netstat –a, netstat –n
• telnet <server> <port>
• PortPing, PortQry, Fport, FindPort –Utilities to check for valid, open ports.
• Setspn, xpSSPItest, SSPIclient
• MPSReports –To get the event logs and Registry keys
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-
30b0bd915706/MPSRPT_SQL.exe
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-
30b0bd915706/MPSRPT_SQL_Readme.txt
• NetDiag
• Netmon trace –To capture complete network traffic.
124028 Sending Network Monitor to Microsoft Customers
ftp://ftp.microsoft.com/pss/tools/netmon