Configure/open Firewall ports for MS SQL 2008 R2/Windows 2008 (R2)

By default, installing SQL Server 2008 R2 on a brand new Windows Server 2008 R2 server does not open the required Windows Firewall ports.
I always wonder why they don’t give you the option during the installation of SQL and let MS make the changes for you. Anyway, MS has a tool to “Fix It” but on my Windows Server 2008 it runs but doesn’t apply to the Windows 2008 R2 setup.

You can of course follow Microsoft’s KB articles and manually add the Windows Advanced Firewall rules. For me, a script to do this was the way to go. Don’t forget to run the script as Administrator in the CMD box.

@echo =========  SQL Server Ports  ===================
@echo Enabling SQLServer default instance port 1433
netsh firewall set portopening TCP 1433 "SQLServer" 
@echo Enabling Dedicated Admin Connection port 1434
netsh firewall set portopening TCP 1434 "SQL Admin Connection" 
@echo Enabling conventional SQL Server Service Broker port 4022  
netsh firewall set portopening TCP 4022 "SQL Service Broker" 
@echo Enabling Transact-SQL Debugger/RPC port 135 
netsh firewall set portopening TCP 135 "SQL Debugger/RPC" 
@echo =========  Analysis Services Ports  ==============
@echo Enabling SSAS Default Instance port 2383
netsh firewall set portopening TCP 2383 "Analysis Services" 
@echo Enabling SQL Server Browser Service port 2382
netsh firewall set portopening TCP 2382 "SQL Browser" 
@echo =========  Misc Applications  ==============
@echo Enabling HTTP port 80 
netsh firewall set portopening TCP 80 "HTTP" 
@echo Enabling SSL port 443
netsh firewall set portopening TCP 443 "SSL" 
@echo Enabling port for SQL Server Browser Service's 'Browse' Button
netsh firewall set portopening UDP 1434 "SQL Browser" 
@echo Allowing multicast broadcast response on UDP (Browser Service Enumerations OK)
netsh firewall set multicastbroadcastresponse ENABLE

Check if the ports are opened successfully (see the picture).



SCCM 2012 – Reporting and DPM rights on SQL

At a customer of ours we have installed a SQL 2012 R2 server for all System Center Products including DPM 2012.
After installing the SCCM 2012 Reporting functionality on the SQL server the eventviewer flooded with:

Log Name: Application
Event ID: 18456
Task Category: Logon
Level: Information
Login failed for user ‘NT AUTHORITY\SYSTEM’. Reason: Failed to open the explicitly specified database. [CLIENT:]

After some investigation we found that the SCCM 2012 reporting installation messed around with the security rights of the System Center SQL database.

The NT Authority\System account was removed from the SYSadmin role


Add the NT\Authority\System account to the Sysadmin role