Push Subscription Connection Fails

I cannot get internet connection to work for push subscription to transactional publication.

Publisher/distributor: SQL Server 2000
Subscriber: SQL Server 2000
Connection: TCP/IP, SQL Authentication. Works fine from SQLEM or Query Analyzer.
Subscription: push, transactional, schema/data already initialized.

When I run distributor agent fails with "The process could not connect to subscriber 'TEST'", error "Server does not exist or access denied".

Agent output does not give anything more specific. It fails after...
Connecting to Subscriber 'TEST'
Connecting to Subscriber 'TEST.REPL'

Profiler shows nothing happening at all.

If change subscriber setup on distributor to use trusted connection instead of SQL Auth it works fine.

Any ideas?OK, so all the replication experts are on vacation this week but I eventually managed to figure it out myself.

When defining subscribers (through 'distributor properties') use the subscriber TCP/IP address directly and not a server alias like I was doing. Silly Billy!

Push over the Internet?

Is it possible to have a push subscription for merge replication over the Internet?
If so, how?
If not, does anybody know why not?
Hi,
Have a look into the below article.
http://support.microsoft.com/?id=321822
FYI, I have never tried replication over internet.
Thanks
Hari
MCDBA
"Kyle" <Kyle@.discussions.microsoft.com> wrote in message
news:9B38B0BC-8700-46A9-A456-9432F24CFBAF@.microsoft.com...
> Is it possible to have a push subscription for merge replication over the
Internet?
> If so, how?
> If not, does anybody know why not?
|||Hari,
Thanks for the reply. Since writing my post I have become VERY familiar with that article. From what I understand, you can push over the Internet if the subscriber already has the schema. To get the initial schema, however, the subscriber must have a snap
shot agent that is configured to pull via FTP. While this is not my ideal solution, I may be able to make it work. Some of my subscribers will be using MSDE though so I don't know how well that will work.
Thanks,
Kyle
"Hari" wrote:

> Hi,
> Have a look into the below article.
> http://support.microsoft.com/?id=321822
> FYI, I have never tried replication over internet.
> --
> Thanks
> Hari
> MCDBA
> "Kyle" <Kyle@.discussions.microsoft.com> wrote in message
> news:9B38B0BC-8700-46A9-A456-9432F24CFBAF@.microsoft.com...
> Internet?
>
>
|||you can't push over the internet.
Hilary Cotter
Looking for a book on SQL Server replication?
http://www.nwsu.com/0974973602.html
"Kyle" <Kyle@.discussions.microsoft.com> wrote in message
news:7682CF86-87D4-4D5B-A9D1-6765278FEA62@.microsoft.com...
> Hari,
> Thanks for the reply. Since writing my post I have become VERY familiar
with that article. From what I understand, you can push over the Internet if
the subscriber already has the schema. To get the initial schema, however,
the subscriber must have a snapshot agent that is configured to pull via
FTP. While this is not my ideal solution, I may be able to make it work.
Some of my subscribers will be using MSDE though so I don't know how well
that will work.[vbcol=seagreen]
> Thanks,
> Kyle
>
> "Hari" wrote:
the[vbcol=seagreen]
|||Hilary,
I clicked on your book link and was disappointed to see that you wrote a book on transactional and snapshot replication but not merge. I then checked out the nwsu site and was delighted to see that you are devoting an ENTIRE book on merge replication. THA
TS GREAT! because so far, I have not been able to find a book that deals with the subject in depth. Usually I just see a chapter on replication that just repeates the Microsoft BOL. Please let me know when it is released.
That said, I HAVE been able to push over the Internet. It's not easy, it's not obvious and it's not well documented but it IS possible. I'm still working on my application but here's what I have learned so far which has enabled me to push over the Interne
t with dynamic filtering:
1. The publication must be saved to an FTP site that is available to the subscribers.
2. You must make a server alias (with Client Network Utility) of the subscriber on the publisher server that MATCHES the actual NetBIOS computer name of the subscriber. It seems dumb that you have to do this but it works.
3. For a dynamic filter to work with a push subscription, you must filter on HOST_NAME() and put a -hostname [somename] parameter in the Run Agent step of the subscription.
If I've got something wrong in my head or you have any other tips, I'd love to hear about it. Also, if I can be of any help with your upcoming book, please let me know.
Thanks,
Kyle
"Hilary Cotter" wrote:

> you can't push over the internet.
> --
> Hilary Cotter
> Looking for a book on SQL Server replication?
> http://www.nwsu.com/0974973602.html
>
> "Kyle" <Kyle@.discussions.microsoft.com> wrote in message
> news:7682CF86-87D4-4D5B-A9D1-6765278FEA62@.microsoft.com...
> with that article. From what I understand, you can push over the Internet if
> the subscriber already has the schema. To get the initial schema, however,
> the subscriber must have a snapshot agent that is configured to pull via
> FTP. While this is not my ideal solution, I may be able to make it work.
> Some of my subscribers will be using MSDE though so I don't know how well
> that will work.
> the
>
>
|||Hilary,
I clicked on your book link and was disappointed to see that you wrote a book on transactional and snapshot replication but not merge. I then checked out the nwsu site and was delighted to see that you are currently working on a book devoted to merge repl
ication. Selfishly, I'm hoping you don't have good surf conditions for the next few months. Please let me know when it is released.
That said, I HAVE been able to push subscriptions over the Internet. It's not obvious or easy but it IS possible. I'm still working on my application but here's what I have learned so far which has enabled me to push a merge subscription over the internet
with dynamic filtering:
1. The publication must be put on an FTP site that is accessable to the subscribers.
2. The publishing server must have an alias to the subscriber that matches the actual NetBIOS computer name of the subscriber machine. This seems really dumb to me but it's the only way I could get it to work.
3. To enable dynamic filtering with a push subscription, you must filter on HOST_NAME() and you must put a -hostname [somename] parameter in the Run Agent step of the merge agent. This allows you to specify a particular subset of data to each subscriber i
ndependant of the subscriber's actual name or user (although, as I mentioned in point 2, you do have to know the subscriber's computer name).
If I've got something wrong or you have any other tips for me, please let me know. Also, if I can be of any help with your upcoming book, I'd be glad to contribute.
Thanks,
Kyle
"Hilary Cotter" wrote:

> you can't push over the internet.
> --
> Hilary Cotter
> Looking for a book on SQL Server replication?
> http://www.nwsu.com/0974973602.html
>
> "Kyle" <Kyle@.discussions.microsoft.com> wrote in message
> news:7682CF86-87D4-4D5B-A9D1-6765278FEA62@.microsoft.com...
> with that article. From what I understand, you can push over the Internet if
> the subscriber already has the schema. To get the initial schema, however,
> the subscriber must have a snapshot agent that is configured to pull via
> FTP. While this is not my ideal solution, I may be able to make it work.
> Some of my subscribers will be using MSDE though so I don't know how well
> that will work.
> the
>
>
|||But if FTP is in the mix you are using a pull.
You don't have to register you Netbios name of the Subscriber on the
publisher. It can be any name as long as that name matches the ip address of
your subscriber and this name is entered in your hosts file.
Hilary Cotter
Looking for a book on SQL Server replication?
http://www.nwsu.com/0974973602.html
"Kyle" <Kyle@.discussions.microsoft.com> wrote in message
news:39C08D3F-D3FC-47E2-BB32-1AB5C04C8919@.microsoft.com...
> Hilary,
> I clicked on your book link and was disappointed to see that you wrote a
book on transactional and snapshot replication but not merge. I then checked
out the nwsu site and was delighted to see that you are devoting an ENTIRE
book on merge replication. THATS GREAT! because so far, I have not been able
to find a book that deals with the subject in depth. Usually I just see a
chapter on replication that just repeates the Microsoft BOL. Please let me
know when it is released.
> That said, I HAVE been able to push over the Internet. It's not easy, it's
not obvious and it's not well documented but it IS possible. I'm still
working on my application but here's what I have learned so far which has
enabled me to push over the Internet with dynamic filtering:
> 1. The publication must be saved to an FTP site that is available to the
subscribers.
> 2. You must make a server alias (with Client Network Utility) of the
subscriber on the publisher server that MATCHES the actual NetBIOS computer
name of the subscriber. It seems dumb that you have to do this but it works.
> 3. For a dynamic filter to work with a push subscription, you must filter
on HOST_NAME() and put a -hostname [somename] parameter in the Run Agent
step of the subscription.
> If I've got something wrong in my head or you have any other tips, I'd
love to hear about it. Also, if I can be of any help with your upcoming
book, please let me know.[vbcol=seagreen]
> Thanks,
> Kyle
> "Hilary Cotter" wrote:
familiar[vbcol=seagreen]
Internet if[vbcol=seagreen]
however,[vbcol=seagreen]
well[vbcol=seagreen]
over[vbcol=seagreen]
|||I see your point about the FTP but I don't think I'm creating a pull subscription. For the initial data... on the publisher I must tell the subscribers how to get to the FTP site (IP, login, password, folder). This is done via the Snapshot Location tab on
the publisher properties form, but this information does not show up anywhere (that I can find) on the subscriber. The subscriber shows that it has one subscription and that it is a push type. From the subscriber, I cannot modify or delete the subscripti
on - meaning that the publisher has complete control (as long as the connection remains in tact). Maybe internally there is an invisible pull subscription but from both sides all I see is push and the publisher maintains complete control (which is what I
want). Also, on the Subscription Options tab of the publication properties, I have un-checked the Allow pull subscriptions checkbox further convincing me that there are no pull subscriptions (even while moving the initial snapshot).
I tried using the lmhosts file instead of registering an alias with the Client Network Utility to map the subscriber IP to a name other than it's actual NetBIOS name. That allowed me to connect and it allowed me to push the initial snapshot. The merge age
nt failed, however, giving me the following error:
The subscription to publication 'TestPush1' is invalid.
(Source: Merge Replication Provider (Agent); Error number: -2147201019)
-----
The remote server is not defined as a subscription server.
(Source: SACRAMENTO (Data source); Error number: 14010)
-----
SACRAMENTO is the name in the lmhost file that is mapped to the subscriber's IP address. It IS defined as a subscription server. The same publication 'TestPush1' works fine with the other subscription (where the alias = the actual NetBIOS name).
This is all pretty much consistent with the KB article 321822 except that the article implies that you can't move the initial schema and data without a pull subscription. It does say, however, that you need to use the actual NetBIOS name although I would
sure like to find a way around this requirement.
Kyle
"Hilary Cotter" wrote:

> But if FTP is in the mix you are using a pull.
> You don't have to register you Netbios name of the Subscriber on the
> publisher. It can be any name as long as that name matches the ip address of
> your subscriber and this name is entered in your hosts file.
> --
> Hilary Cotter
> Looking for a book on SQL Server replication?
> http://www.nwsu.com/0974973602.html
>
> "Kyle" <Kyle@.discussions.microsoft.com> wrote in message
> news:39C08D3F-D3FC-47E2-BB32-1AB5C04C8919@.microsoft.com...
> book on transactional and snapshot replication but not merge. I then checked
> out the nwsu site and was delighted to see that you are devoting an ENTIRE
> book on merge replication. THATS GREAT! because so far, I have not been able
> to find a book that deals with the subject in depth. Usually I just see a
> chapter on replication that just repeates the Microsoft BOL. Please let me
> know when it is released.
> not obvious and it's not well documented but it IS possible. I'm still
> working on my application but here's what I have learned so far which has
> enabled me to push over the Internet with dynamic filtering:
> subscribers.
> subscriber on the publisher server that MATCHES the actual NetBIOS computer
> name of the subscriber. It seems dumb that you have to do this but it works.
> on HOST_NAME() and put a -hostname [somename] parameter in the Run Agent
> step of the subscription.
> love to hear about it. Also, if I can be of any help with your upcoming
> book, please let me know.
> familiar
> Internet if
> however,
> well
> over
>
>
|||Can you script out your publication so we can see exactly what you have
done. It is possible you did a no sync push which can be done over the
internet.
FTP information is stored on the publisher not the subscriber in SQL 2000,
on SQL 7 IIRC it was also stored on the subcriber. The subscriber connects
to the publisher (using pull) to get ftp information.
Don't modify the lmhosts file, but the hosts file. LMhosts is primarily used
during netbios name resolution and if you are using TCPIP in the client
network utiltity it will use cache-hosts-DNS resolution to get the IP
address. It may then do a broadcast and consult the LMHosts files (IIRC).
You have to enable Sacremento as an enabled subscriber which won't work over
the internet. So you should be using anonymous.
Please contact me offline so we can resolve this quickly and I can get a
handle on what you are doing.
Hilary Cotter
Looking for a book on SQL Server replication?
http://www.nwsu.com/0974973602.html
"Kyle" <Kyle@.discussions.microsoft.com> wrote in message
news:985B1BF9-2345-4DB0-A803-FF5F4EBA7D80@.microsoft.com...
> I see your point about the FTP but I don't think I'm creating a pull
subscription. For the initial data... on the publisher I must tell the
subscribers how to get to the FTP site (IP, login, password, folder). This
is done via the Snapshot Location tab on the publisher properties form, but
this information does not show up anywhere (that I can find) on the
subscriber. The subscriber shows that it has one subscription and that it is
a push type. From the subscriber, I cannot modify or delete the
subscription - meaning that the publisher has complete control (as long as
the connection remains in tact). Maybe internally there is an invisible pull
subscription but from both sides all I see is push and the publisher
maintains complete control (which is what I want). Also, on the Subscription
Options tab of the publication properties, I have un-checked the Allow pull
subscriptions checkbox further convincing me that there are no pull
subscriptions (even while moving the initial snapshot).
> I tried using the lmhosts file instead of registering an alias with the
Client Network Utility to map the subscriber IP to a name other than it's
actual NetBIOS name. That allowed me to connect and it allowed me to push
the initial snapshot. The merge agent failed, however, giving me the
following error:
> The subscription to publication 'TestPush1' is invalid.
> (Source: Merge Replication Provider (Agent); Error number: -2147201019)
> ----
--
> The remote server is not defined as a subscription server.
> (Source: SACRAMENTO (Data source); Error number: 14010)
> ----
--
> SACRAMENTO is the name in the lmhost file that is mapped to the
subscriber's IP address. It IS defined as a subscription server. The same
publication 'TestPush1' works fine with the other subscription (where the
alias = the actual NetBIOS name).
> This is all pretty much consistent with the KB article 321822 except that
the article implies that you can't move the initial schema and data without
a pull subscription. It does say, however, that you need to use the actual
NetBIOS name although I would sure like to find a way around this
requirement.[vbcol=seagreen]
> Kyle
> "Hilary Cotter" wrote:
address of[vbcol=seagreen]
a[vbcol=seagreen]
checked[vbcol=seagreen]
ENTIRE[vbcol=seagreen]
able[vbcol=seagreen]
a[vbcol=seagreen]
me[vbcol=seagreen]
it's[vbcol=seagreen]
has[vbcol=seagreen]
the[vbcol=seagreen]
computer[vbcol=seagreen]
works.[vbcol=seagreen]
filter[vbcol=seagreen]
via[vbcol=seagreen]
work.[vbcol=seagreen]
replication[vbcol=seagreen]
|||Kyle, thanks for sending me your scripts off line.
Yes! You are successfully doing a push over the internet, and yes, it is
possible to do a push over the internet.
The reason it is working for you is that you are connecting over DSL (I did
a tracert to the IP address you provided me with and found out you are using
pacbell DSL). The reason it is working is that the you have the netbios
ports open. On most corporate internets this is locked down as it is a
security risk.
I assumed you were on a corporate network, or behind a firewall, and that
these ports will be blocked.
So my advise to you is to use a personal firewall, and some form of internet
security software, and migrate to a pull subscription.
Hilary Cotter
Looking for a book on SQL Server replication?
http://www.nwsu.com/0974973602.html
"Hilary Cotter" <hilaryk@.att.net> wrote in message
news:%237wZnlSYEHA.4092@.TK2MSFTNGP11.phx.gbl...
> Can you script out your publication so we can see exactly what you have
> done. It is possible you did a no sync push which can be done over the
> internet.
> FTP information is stored on the publisher not the subscriber in SQL 2000,
> on SQL 7 IIRC it was also stored on the subcriber. The subscriber connects
> to the publisher (using pull) to get ftp information.
> Don't modify the lmhosts file, but the hosts file. LMhosts is primarily
used
> during netbios name resolution and if you are using TCPIP in the client
> network utiltity it will use cache-hosts-DNS resolution to get the IP
> address. It may then do a broadcast and consult the LMHosts files (IIRC).
> You have to enable Sacremento as an enabled subscriber which won't work
over
> the internet. So you should be using anonymous.
> Please contact me offline so we can resolve this quickly and I can get a
> handle on what you are doing.
> --
> Hilary Cotter
> Looking for a book on SQL Server replication?
> http://www.nwsu.com/0974973602.html
>
> "Kyle" <Kyle@.discussions.microsoft.com> wrote in message
> news:985B1BF9-2345-4DB0-A803-FF5F4EBA7D80@.microsoft.com...
> subscription. For the initial data... on the publisher I must tell the
> subscribers how to get to the FTP site (IP, login, password, folder). This
> is done via the Snapshot Location tab on the publisher properties form,
but
> this information does not show up anywhere (that I can find) on the
> subscriber. The subscriber shows that it has one subscription and that it
is
> a push type. From the subscriber, I cannot modify or delete the
> subscription - meaning that the publisher has complete control (as long as
> the connection remains in tact). Maybe internally there is an invisible
pull
> subscription but from both sides all I see is push and the publisher
> maintains complete control (which is what I want). Also, on the
Subscription
> Options tab of the publication properties, I have un-checked the Allow
pull[vbcol=seagreen]
> subscriptions checkbox further convincing me that there are no pull
> subscriptions (even while moving the initial snapshot).
> Client Network Utility to map the subscriber IP to a name other than it's
> actual NetBIOS name. That allowed me to connect and it allowed me to push
> the initial snapshot. The merge agent failed, however, giving me the
> following error:
> ----
> --
> ----
> --
> subscriber's IP address. It IS defined as a subscription server. The same
> publication 'TestPush1' works fine with the other subscription (where the
> alias = the actual NetBIOS name).
that
> the article implies that you can't move the initial schema and data
without[vbcol=seagreen]
> a pull subscription. It does say, however, that you need to use the actual
> NetBIOS name although I would sure like to find a way around this
> requirement.
> address of
wrote[vbcol=seagreen]
> a
> checked
> ENTIRE
been[vbcol=seagreen]
> able
see[vbcol=seagreen]
> a
let[vbcol=seagreen]
> me
easy,[vbcol=seagreen]
> it's
> has
> the
> computer
> works.
> filter
Agent[vbcol=seagreen]
I'd[vbcol=seagreen]
upcoming[vbcol=seagreen]
pull[vbcol=seagreen]
> via
> work.
how
> replication
>

Pull subscription and ISA server

Hi
Can anyone point me in the right direction, I am trying to do an anonymous
pull subscription across the internet. I have created a publisher and created
the snapshot ok. On the subscriber server I can FTP by IP ( the ISA servers
external IP address ) or by the servers name and can see the folders created
in the repldata\ftp directory. I can create a new SQL server registration on
the subscription server and get a connection into the publisher, I can run
sql queries against the publisher ok.
When I try and create a pull subscription, I get to the last page on the
wizard and get
SQL Server enterprise Edition could not create a pull subscription to
publication 'MyDB'
Error 21776: [SQL-DMO] The name 'MyDB' was not found in the TransPublications
collection
Any help greatly appreciated
Having reinstalled and rebooted several times yesterday I was getting nowhere
hence my post in this NG
Come back to it today and the pull subscription worked first time without
any errors on yesterdays configuration. Wierd ?
Anyway, if any one can shed any light on what was going on when it was
failing, please let me know.
thanks

publish sql on the internet

Hi,
I need to publish my computer on the internet which is on a company network.
in the network we have a server that connects to the internet and gives
internet access to all the company computers.
I'm running a sql server on my compuer and I need to access it through the
internet.
Also, I need to know how do I secure the connection to my
server/computer/company.
Any info on this would be great!!Tomer,
Don't cross post, answered in .server.
You really MUST read this page:
http://www.aspfaq.com/5003
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> I need to publish my computer on the internet which is on a company networ
k.
> in the network we have a server that connects to the internet and gives
> internet access to all the company computers.
> I'm running a sql server on my compuer and I need to access it through the
> internet.
> Also, I need to know how do I secure the connection to my
> server/computer/company.
> Any info on this would be great!!
>

Publish Sql on the internet

Hi,
I need to publish my computer on the internet which is on a company network.
in the network we have a server that connects to the internet and gives
internet access to all the company computers.
I'm running a sql server on my compuer and I need to access it through the
internet.
Also, I need to know how do I secure the connection to my
server/computer/company.
Any info on this would be great!!
Tomer,
I had a bit of trouble understanding what you are asking, I will recap.
You have a corporate network connected to the internet via a proxy
server (let's call this PROXY1). You want to "publish" your computer on
the internet, which resides behind PROXY1. What do you mean by
"publish"? Is it a web site, an FTP site, a database, remote desktop
connection, what?
You are running SQL Server on "my computer". Is this in the corporate
network or on the internet at home? Please clarify these points very
carefully (take a bit of time) as they will have a significant bearing
on the accuracy of the responses you will get.
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> I need to publish my computer on the internet which is on a company network.
> in the network we have a server that connects to the internet and gives
> internet access to all the company computers.
> I'm running a sql server on my compuer and I need to access it through the
> internet.
> Also, I need to know how do I secure the connection to my
> server/computer/company.
> Any info on this would be great!!
>
|||Hi,
My computer is part of the company computer network and connects to the
internet through the company server which connects to the internet with an
adsl modem installed on it.
I have a sql server 2000 installed on my computer and I wish to access it
from 'outside' through the internet and access its databases.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...[vbcol=seagreen]
> Tomer,
> I had a bit of trouble understanding what you are asking, I will recap.
> You have a corporate network connected to the internet via a proxy
> server (let's call this PROXY1). You want to "publish" your computer on
> the internet, which resides behind PROXY1. What do you mean by
> "publish"? Is it a web site, an FTP site, a database, remote desktop
> connection, what?
> You are running SQL Server on "my computer". Is this in the corporate
> network or on the internet at home? Please clarify these points very
> carefully (take a bit of time) as they will have a significant bearing
> on the accuracy of the responses you will get.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
network.[vbcol=seagreen]
the[vbcol=seagreen]
|||Tomer,
You will need to use NAT to allow your computer to act as a server. I
would only do this sort of thing at home and never on a corporate network.
On a corporate network you should have a demilitarised zone (DMZ) that
allows incoming connections from the internet. I really do not recommend
allow people from the public internet to connect directly to your LAN,
you are asking for trouble. The DMZ should not be able to initiate
connections to your LAN.
I would go further and not even allow any form of direct access to a
database server from the internet. Use a web server in a DMZ to connect
to your db server (also in a separate DMZ) to serve information. If you
need to manage a SQL Server from the internet you could use the web
administrator (http://tinyurl.com/3cuzt) or even MyLittleTools
(http://www.mylittletools.net).
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> My computer is part of the company computer network and connects to the
> internet through the company server which connects to the internet with an
> adsl modem installed on it.
> I have a sql server 2000 installed on my computer and I wish to access it
> from 'outside' through the internet and access its databases.
>
> "Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
> news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...
>
> network.
>
> the
>
>
|||Hi,
First thing, thanks alot for the info! I know that this is a problematic
issue in security, but I need to connect a pocket pc device with a gprs
modem directly to the sql server, and I'd rather not use a web service
application.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:OOIKLZsfEHA.1424@.tk2msftngp13.phx.gbl...[vbcol=seagreen]
> Tomer,
> You will need to use NAT to allow your computer to act as a server. I
> would only do this sort of thing at home and never on a corporate network.
> On a corporate network you should have a demilitarised zone (DMZ) that
> allows incoming connections from the internet. I really do not recommend
> allow people from the public internet to connect directly to your LAN,
> you are asking for trouble. The DMZ should not be able to initiate
> connections to your LAN.
> I would go further and not even allow any form of direct access to a
> database server from the internet. Use a web server in a DMZ to connect
> to your db server (also in a separate DMZ) to serve information. If you
> need to manage a SQL Server from the internet you could use the web
> administrator (http://tinyurl.com/3cuzt) or even MyLittleTools
> (http://www.mylittletools.net).
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
an[vbcol=seagreen]
it[vbcol=seagreen]
|||OK,
What you need to do is NOT allow connections into your LAN. Create a DMZ
and place the SQL Server there. Do not allow the DMZ to initiate
connections into the LAN. Only allow connections from the LAN TO the DMZ.
Do not allow SQL Server to connect to anything else on your network.
Remember, if this machine is compromised, you could be in trouble. On
the firewall, only open one port to the SQL Server, and make sure this
is not 1433. Make it a high port number such as 56378 (or whatever).
Ensure SQL Server is listening on this port.
This will put you out of range of port scanners that are only looking
for common ports such as 139, 1433, etc, however will not protect you
from someone scanning every port on your machine, but then there are
intrusion detection tools available to protect you from this.
Another way to do this is to use a VPN tunnel from the client on the
internet, through a VPN server in a DMZ on your corporate network, and
then you can use the entire LAN. This might be easier to set up and
configure, then again it might not.
Whatever you do, do not allow direct connections from the public
internet, unencrypted into your LAN.
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> First thing, thanks alot for the info! I know that this is a problematic
> issue in security, but I need to connect a pocket pc device with a gprs
> modem directly to the sql server, and I'd rather not use a web service
> application.
>
|||Thanks a bunch!! this helps alot
Tomer.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:u$IWGX4fEHA.632@.TK2MSFTNGP12.phx.gbl...[vbcol=seagreen]
> OK,
> What you need to do is NOT allow connections into your LAN. Create a DMZ
> and place the SQL Server there. Do not allow the DMZ to initiate
> connections into the LAN. Only allow connections from the LAN TO the DMZ.
> Do not allow SQL Server to connect to anything else on your network.
> Remember, if this machine is compromised, you could be in trouble. On
> the firewall, only open one port to the SQL Server, and make sure this
> is not 1433. Make it a high port number such as 56378 (or whatever).
> Ensure SQL Server is listening on this port.
> This will put you out of range of port scanners that are only looking
> for common ports such as 139, 1433, etc, however will not protect you
> from someone scanning every port on your machine, but then there are
> intrusion detection tools available to protect you from this.
> Another way to do this is to use a VPN tunnel from the client on the
> internet, through a VPN server in a DMZ on your corporate network, and
> then you can use the entire LAN. This might be easier to set up and
> configure, then again it might not.
> Whatever you do, do not allow direct connections from the public
> internet, unencrypted into your LAN.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:

Publish Sql on the internet

Hi,
I need to publish my computer on the internet which is on a company network.
in the network we have a server that connects to the internet and gives
internet access to all the company computers.
I'm running a sql server on my compuer and I need to access it through the
internet.
Also, I need to know how do I secure the connection to my
server/computer/company.
Any info on this would be great!!Tomer,
I had a bit of trouble understanding what you are asking, I will recap.
You have a corporate network connected to the internet via a proxy
server (let's call this PROXY1). You want to "publish" your computer on
the internet, which resides behind PROXY1. What do you mean by
"publish"? Is it a web site, an FTP site, a database, remote desktop
connection, what?
You are running SQL Server on "my computer". Is this in the corporate
network or on the internet at home? Please clarify these points very
carefully (take a bit of time) as they will have a significant bearing
on the accuracy of the responses you will get.
--
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> I need to publish my computer on the internet which is on a company networ
k.
> in the network we have a server that connects to the internet and gives
> internet access to all the company computers.
> I'm running a sql server on my compuer and I need to access it through the
> internet.
> Also, I need to know how do I secure the connection to my
> server/computer/company.
> Any info on this would be great!!
>|||Hi,
My computer is part of the company computer network and connects to the
internet through the company server which connects to the internet with an
adsl modem installed on it.
I have a sql server 2000 installed on my computer and I wish to access it
from 'outside' through the internet and access its databases.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...[vbcol=seagreen]
> Tomer,
> I had a bit of trouble understanding what you are asking, I will recap.
> You have a corporate network connected to the internet via a proxy
> server (let's call this PROXY1). You want to "publish" your computer on
> the internet, which resides behind PROXY1. What do you mean by
> "publish"? Is it a web site, an FTP site, a database, remote desktop
> connection, what?
> You are running SQL Server on "my computer". Is this in the corporate
> network or on the internet at home? Please clarify these points very
> carefully (take a bit of time) as they will have a significant bearing
> on the accuracy of the responses you will get.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
network.[vbcol=seagreen]
the[vbcol=seagreen]|||Tomer,
You will need to use NAT to allow your computer to act as a server. I
would only do this sort of thing at home and never on a corporate network.
On a corporate network you should have a demilitarised zone (DMZ) that
allows incoming connections from the internet. I really do not recommend
allow people from the public internet to connect directly to your LAN,
you are asking for trouble. The DMZ should not be able to initiate
connections to your LAN.
I would go further and not even allow any form of direct access to a
database server from the internet. Use a web server in a DMZ to connect
to your db server (also in a separate DMZ) to serve information. If you
need to manage a SQL Server from the internet you could use the web
administrator (http://tinyurl.com/3cuzt) or even MyLittleTools
(http://www.mylittletools.net).
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> My computer is part of the company computer network and connects to the
> internet through the company server which connects to the internet with an
> adsl modem installed on it.
> I have a sql server 2000 installed on my computer and I wish to access it
> from 'outside' through the internet and access its databases.
>
> "Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
> news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...
>
> network.
>
> the
>
>
>|||Hi,
First thing, thanks alot for the info! I know that this is a problematic
issue in security, but I need to connect a pocket pc device with a gprs
modem directly to the sql server, and I'd rather not use a web service
application.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:OOIKLZsfEHA.1424@.tk2msftngp13.phx.gbl...[vbcol=seagreen]
> Tomer,
> You will need to use NAT to allow your computer to act as a server. I
> would only do this sort of thing at home and never on a corporate network.
> On a corporate network you should have a demilitarised zone (DMZ) that
> allows incoming connections from the internet. I really do not recommend
> allow people from the public internet to connect directly to your LAN,
> you are asking for trouble. The DMZ should not be able to initiate
> connections to your LAN.
> I would go further and not even allow any form of direct access to a
> database server from the internet. Use a web server in a DMZ to connect
> to your db server (also in a separate DMZ) to serve information. If you
> need to manage a SQL Server from the internet you could use the web
> administrator (http://tinyurl.com/3cuzt) or even MyLittleTools
> (http://www.mylittletools.net).
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
an[vbcol=seagreen]
it[vbcol=seagreen]|||OK,
What you need to do is NOT allow connections into your LAN. Create a DMZ
and place the SQL Server there. Do not allow the DMZ to initiate
connections into the LAN. Only allow connections from the LAN TO the DMZ.
Do not allow SQL Server to connect to anything else on your network.
Remember, if this machine is compromised, you could be in trouble. On
the firewall, only open one port to the SQL Server, and make sure this
is not 1433. Make it a high port number such as 56378 (or whatever).
Ensure SQL Server is listening on this port.
This will put you out of range of port scanners that are only looking
for common ports such as 139, 1433, etc, however will not protect you
from someone scanning every port on your machine, but then there are
intrusion detection tools available to protect you from this.
Another way to do this is to use a VPN tunnel from the client on the
internet, through a VPN server in a DMZ on your corporate network, and
then you can use the entire LAN. This might be easier to set up and
configure, then again it might not.
Whatever you do, do not allow direct connections from the public
internet, unencrypted into your LAN.
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> First thing, thanks alot for the info! I know that this is a problematic
> issue in security, but I need to connect a pocket pc device with a gprs
> modem directly to the sql server, and I'd rather not use a web service
> application.
>|||Thanks a bunch!! this helps alot
Tomer.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:u$IWGX4fEHA.632@.TK2MSFTNGP12.phx.gbl...[vbcol=seagreen]
> OK,
> What you need to do is NOT allow connections into your LAN. Create a DMZ
> and place the SQL Server there. Do not allow the DMZ to initiate
> connections into the LAN. Only allow connections from the LAN TO the DMZ.
> Do not allow SQL Server to connect to anything else on your network.
> Remember, if this machine is compromised, you could be in trouble. On
> the firewall, only open one port to the SQL Server, and make sure this
> is not 1433. Make it a high port number such as 56378 (or whatever).
> Ensure SQL Server is listening on this port.
> This will put you out of range of port scanners that are only looking
> for common ports such as 139, 1433, etc, however will not protect you
> from someone scanning every port on your machine, but then there are
> intrusion detection tools available to protect you from this.
> Another way to do this is to use a VPN tunnel from the client on the
> internet, through a VPN server in a DMZ on your corporate network, and
> then you can use the entire LAN. This might be easier to set up and
> configure, then again it might not.
> Whatever you do, do not allow direct connections from the public
> internet, unencrypted into your LAN.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:

Publish Sql on the internet

Hi,
I need to publish my computer on the internet which is on a company network.
in the network we have a server that connects to the internet and gives
internet access to all the company computers.
I'm running a sql server on my compuer and I need to access it through the
internet.
Also, I need to know how do I secure the connection to my
server/computer/company.
Any info on this would be great!!Tomer,
I had a bit of trouble understanding what you are asking, I will recap.
You have a corporate network connected to the internet via a proxy
server (let's call this PROXY1). You want to "publish" your computer on
the internet, which resides behind PROXY1. What do you mean by
"publish"? Is it a web site, an FTP site, a database, remote desktop
connection, what?
You are running SQL Server on "my computer". Is this in the corporate
network or on the internet at home? Please clarify these points very
carefully (take a bit of time) as they will have a significant bearing
on the accuracy of the responses you will get.
--
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> I need to publish my computer on the internet which is on a company network.
> in the network we have a server that connects to the internet and gives
> internet access to all the company computers.
> I'm running a sql server on my compuer and I need to access it through the
> internet.
> Also, I need to know how do I secure the connection to my
> server/computer/company.
> Any info on this would be great!!
>|||Hi,
My computer is part of the company computer network and connects to the
internet through the company server which connects to the internet with an
adsl modem installed on it.
I have a sql server 2000 installed on my computer and I wish to access it
from 'outside' through the internet and access its databases.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...
> Tomer,
> I had a bit of trouble understanding what you are asking, I will recap.
> You have a corporate network connected to the internet via a proxy
> server (let's call this PROXY1). You want to "publish" your computer on
> the internet, which resides behind PROXY1. What do you mean by
> "publish"? Is it a web site, an FTP site, a database, remote desktop
> connection, what?
> You are running SQL Server on "my computer". Is this in the corporate
> network or on the internet at home? Please clarify these points very
> carefully (take a bit of time) as they will have a significant bearing
> on the accuracy of the responses you will get.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
> > Hi,
> > I need to publish my computer on the internet which is on a company
network.
> > in the network we have a server that connects to the internet and gives
> > internet access to all the company computers.
> > I'm running a sql server on my compuer and I need to access it through
the
> > internet.
> > Also, I need to know how do I secure the connection to my
> > server/computer/company.
> >
> > Any info on this would be great!!
> >
> >|||Tomer,
You will need to use NAT to allow your computer to act as a server. I
would only do this sort of thing at home and never on a corporate network.
On a corporate network you should have a demilitarised zone (DMZ) that
allows incoming connections from the internet. I really do not recommend
allow people from the public internet to connect directly to your LAN,
you are asking for trouble. The DMZ should not be able to initiate
connections to your LAN.
I would go further and not even allow any form of direct access to a
database server from the internet. Use a web server in a DMZ to connect
to your db server (also in a separate DMZ) to serve information. If you
need to manage a SQL Server from the internet you could use the web
administrator (http://tinyurl.com/3cuzt) or even MyLittleTools
(http://www.mylittletools.net).
--
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> My computer is part of the company computer network and connects to the
> internet through the company server which connects to the internet with an
> adsl modem installed on it.
> I have a sql server 2000 installed on my computer and I wish to access it
> from 'outside' through the internet and access its databases.
>
> "Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
> news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...
>>Tomer,
>>I had a bit of trouble understanding what you are asking, I will recap.
>>You have a corporate network connected to the internet via a proxy
>>server (let's call this PROXY1). You want to "publish" your computer on
>>the internet, which resides behind PROXY1. What do you mean by
>>"publish"? Is it a web site, an FTP site, a database, remote desktop
>>connection, what?
>>You are running SQL Server on "my computer". Is this in the corporate
>>network or on the internet at home? Please clarify these points very
>>carefully (take a bit of time) as they will have a significant bearing
>>on the accuracy of the responses you will get.
>>--
>>Mark Allison, SQL Server MVP
>>http://www.markallison.co.uk
>>Looking for a SQL Server replication book?
>>http://www.nwsu.com/0974973602.html
>>
>>Tomer wrote:
>>Hi,
>>I need to publish my computer on the internet which is on a company
> network.
>>in the network we have a server that connects to the internet and gives
>>internet access to all the company computers.
>>I'm running a sql server on my compuer and I need to access it through
> the
>>internet.
>>Also, I need to know how do I secure the connection to my
>>server/computer/company.
>>Any info on this would be great!!
>>
>
>|||Hi,
First thing, thanks alot for the info! I know that this is a problematic
issue in security, but I need to connect a pocket pc device with a gprs
modem directly to the sql server, and I'd rather not use a web service
application.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:OOIKLZsfEHA.1424@.tk2msftngp13.phx.gbl...
> Tomer,
> You will need to use NAT to allow your computer to act as a server. I
> would only do this sort of thing at home and never on a corporate network.
> On a corporate network you should have a demilitarised zone (DMZ) that
> allows incoming connections from the internet. I really do not recommend
> allow people from the public internet to connect directly to your LAN,
> you are asking for trouble. The DMZ should not be able to initiate
> connections to your LAN.
> I would go further and not even allow any form of direct access to a
> database server from the internet. Use a web server in a DMZ to connect
> to your db server (also in a separate DMZ) to serve information. If you
> need to manage a SQL Server from the internet you could use the web
> administrator (http://tinyurl.com/3cuzt) or even MyLittleTools
> (http://www.mylittletools.net).
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
> > Hi,
> >
> > My computer is part of the company computer network and connects to the
> > internet through the company server which connects to the internet with
an
> > adsl modem installed on it.
> > I have a sql server 2000 installed on my computer and I wish to access
it
> > from 'outside' through the internet and access its databases.
> >
> >
> > "Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
> > news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...
> >
> >>Tomer,
> >>
> >>I had a bit of trouble understanding what you are asking, I will recap.
> >>You have a corporate network connected to the internet via a proxy
> >>server (let's call this PROXY1). You want to "publish" your computer on
> >>the internet, which resides behind PROXY1. What do you mean by
> >>"publish"? Is it a web site, an FTP site, a database, remote desktop
> >>connection, what?
> >>
> >>You are running SQL Server on "my computer". Is this in the corporate
> >>network or on the internet at home? Please clarify these points very
> >>carefully (take a bit of time) as they will have a significant bearing
> >>on the accuracy of the responses you will get.
> >>--
> >>Mark Allison, SQL Server MVP
> >>http://www.markallison.co.uk
> >>
> >>Looking for a SQL Server replication book?
> >>http://www.nwsu.com/0974973602.html
> >>
> >>
> >>
> >>Tomer wrote:
> >>
> >>Hi,
> >>I need to publish my computer on the internet which is on a company
> >
> > network.
> >
> >>in the network we have a server that connects to the internet and gives
> >>internet access to all the company computers.
> >>I'm running a sql server on my compuer and I need to access it through
> >
> > the
> >
> >>internet.
> >>Also, I need to know how do I secure the connection to my
> >>server/computer/company.
> >>
> >>Any info on this would be great!!
> >>
> >>
> >
> >
> >|||OK,
What you need to do is NOT allow connections into your LAN. Create a DMZ
and place the SQL Server there. Do not allow the DMZ to initiate
connections into the LAN. Only allow connections from the LAN TO the DMZ.
Do not allow SQL Server to connect to anything else on your network.
Remember, if this machine is compromised, you could be in trouble. On
the firewall, only open one port to the SQL Server, and make sure this
is not 1433. Make it a high port number such as 56378 (or whatever).
Ensure SQL Server is listening on this port.
This will put you out of range of port scanners that are only looking
for common ports such as 139, 1433, etc, however will not protect you
from someone scanning every port on your machine, but then there are
intrusion detection tools available to protect you from this.
Another way to do this is to use a VPN tunnel from the client on the
internet, through a VPN server in a DMZ on your corporate network, and
then you can use the entire LAN. This might be easier to set up and
configure, then again it might not.
Whatever you do, do not allow direct connections from the public
internet, unencrypted into your LAN.
--
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> First thing, thanks alot for the info! I know that this is a problematic
> issue in security, but I need to connect a pocket pc device with a gprs
> modem directly to the sql server, and I'd rather not use a web service
> application.
>|||Thanks a bunch!! this helps alot
Tomer.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:u$IWGX4fEHA.632@.TK2MSFTNGP12.phx.gbl...
> OK,
> What you need to do is NOT allow connections into your LAN. Create a DMZ
> and place the SQL Server there. Do not allow the DMZ to initiate
> connections into the LAN. Only allow connections from the LAN TO the DMZ.
> Do not allow SQL Server to connect to anything else on your network.
> Remember, if this machine is compromised, you could be in trouble. On
> the firewall, only open one port to the SQL Server, and make sure this
> is not 1433. Make it a high port number such as 56378 (or whatever).
> Ensure SQL Server is listening on this port.
> This will put you out of range of port scanners that are only looking
> for common ports such as 139, 1433, etc, however will not protect you
> from someone scanning every port on your machine, but then there are
> intrusion detection tools available to protect you from this.
> Another way to do this is to use a VPN tunnel from the client on the
> internet, through a VPN server in a DMZ on your corporate network, and
> then you can use the entire LAN. This might be easier to set up and
> configure, then again it might not.
> Whatever you do, do not allow direct connections from the public
> internet, unencrypted into your LAN.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
> > Hi,
> >
> > First thing, thanks alot for the info! I know that this is a problematic
> > issue in security, but I need to connect a pocket pc device with a gprs
> > modem directly to the sql server, and I'd rather not use a web service
> > application.
> >

Publish Reports Server to Internet

Hi all,
I have an external IP for my server and I tried to connect it from out side,
I notice that the link address appear on Status bar is my localhost's name
link ... and that's why it can be accessed to view reports. It just work if I
re-config my IP setting following external IP. Who can expalin me or show me
some addresses to study more about this problem ?
--
Thnx lots,
NgocYour local machine has its IP address and the server has its IP address
accessible from the Internet? Assuming you have configured security so that
the server is accessible from outside, you just need to do
http://<serverIPaddress>/Reports or https://<serverIPaddress>/Reports, right?
If you are doing http://<yourmachine>/Reports, then you will see the local
report server, unless you have used rsconfig.exe to point your local server
to the external server URL. Books Online has details on using rsconfig.exe.
Charles Kangai, MCDBA, MCT
"Phi Ngoc" wrote:
> Hi all,
> I have an external IP for my server and I tried to connect it from out side,
> I notice that the link address appear on Status bar is my localhost's name
> link ... and that's why it can be accessed to view reports. It just work if I
> re-config my IP setting following external IP. Who can expalin me or show me
> some addresses to study more about this problem ?
> --
> Thnx lots,
> Ngoc|||I am having the same problem where I go here http://(fqdn.external.name)
/Reports
The reports are viewable externally, but if I try to export them it reverts
to the computer name (Which happens to be MISERY) like this
http://misery/Reports/Pages/Reports.aspx..etc.etc
Does anyone know how to change this?
Thanks.
--
Message posted via http://www.sqlmonster.com|||Open the RSWebApplication.config file and check the URL inside the
<ReportServerURL> element. Do the same with RSReportServer.config file. The
files are located in the folders <SQL Server Installation>\Reporting
Services\ReportManager and <SQL Server Installation>\Reporting
Services\ReportServer, respectively.
Charles Kangai, MCDBA, MCT
"David Benedict via SQLMonster.com" wrote:
> I am having the same problem where I go here http://(fqdn.external.name)
> /Reports
> The reports are viewable externally, but if I try to export them it reverts
> to the computer name (Which happens to be MISERY) like this
> http://misery/Reports/Pages/Reports.aspx..etc.etc
> Does anyone know how to change this?
> Thanks.
> --
> Message posted via http://www.sqlmonster.com
>