Configure Windows Firewall for Database Engine Access

Configure Windows Firewall for Database Engine Access

This topic describes how to configure a Windows firewall for Database Engine access in SQL Server 2016 by using SQL Server Configuration Manager. Firewall systems help prevent unauthorized access to computer resources. To access an instance of the SQL Server Database Engine through a firewall, you must configure the firewall on the computer running SQL Server to allow access.

For more information about the default Windows firewall settings, and a description of the TCP ports that affect the Database Engine, Analysis Services, Reporting Services, and Integration Services, see Configure the Windows Firewall to Allow SQL Server Access. There are many firewall systems available. For information specific to your system, see the firewall documentation.

The principal steps to allow access are:

  1. Configure the Database Engine to use a specific TCP/IP port. The default instance of the Database Engine uses port 1433, but that can be changed. The port used by the Database Engine is listed in the SQL Server error log. Instances of SQL Server Express, SQL Server Compact, and named instances of the Database Engine use dynamic ports. To configure these instances to use a specific port, see Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager).
  2. Configure the firewall to allow access to that port for authorized users or computers.Note
    The SQL Server Browser service lets users connect to instances of the Database Engine that are not listening on port 1433, without knowing the port number. To use SQL Server Browser, you must open UDP port 1434. To promote the most secure environment, leave the SQL Server Browser service stopped, and configure clients to connect using the port number.Note
    By default, Microsoft Windows enables the Windows Firewall, which closes port 1433 to prevent Internet computers from connecting to a default instance of SQL Server on your computer. Connections to the default instance using TCP/IP are not possible unless you reopen port 1433. The basic steps to configure the Windows firewall are provided in the following procedures. For more information, see the Windows documentation.

As an alternative to configuring SQL Server to listen on a fixed port and opening the port, you can list the SQL Server executable (Sqlservr.exe) as an exception to the blocked programs. Use this method when you want to continue to use dynamic ports. Only one instance of SQL Server can be accessed in this way.

In This Topic

Before You Begin


Opening ports in your firewall can leave your server exposed to malicious attacks. Make sure that you understand firewall systems before you open ports. For more information, see Security Considerations for a SQL Server Installation

Using SQL Server Configuration Manager

The following procedures configure the Windows Firewall by using the Windows Firewall with Advanced Security Microsoft Management Console (MMC) snap-in. The Windows Firewall with Advanced Security only configures the current profile. For more information about the Windows Firewall with Advanced Security, see Configure the Windows Firewall to Allow SQL Server Access

To open a port in the Windows firewall for TCP access

  1. On the Start menu, click Run, type WF.msc, and then click OK.
  2. In the Windows Firewall with Advanced Security, in the left pane, right-click Inbound Rules, and then click New Rule in the action pane.
  3. In the Rule Type dialog box, select Port, and then click Next.
  4. In the Protocol and Ports dialog box, select TCP. Select Specific local ports, and then type the port number of the instance of the Database Engine, such as 1433 for the default instance. Click Next.
  5. In the Action dialog box, select Allow the connection, and then click Next.
  6. In the Profile dialog box, select any profiles that describe the computer connection environment when you want to connect to the Database Engine, and then click Next.
  7. In the Name dialog box, type a name and description for this rule, and then click Finish.

To open access to SQL Server when using dynamic ports

  1. On the Start menu, click Run, type WF.msc, and then click OK.
  2. In the Windows Firewall with Advanced Security, in the left pane, right-click Inbound Rules, and then click New Rule in the action pane.
  3. In the Rule Type dialog box, select Program, and then click Next.
  4. In the Program dialog box, select This program path. Click Browse, and navigate to the instance of SQL Server that you want to access through the firewall, and then click Open. By default, SQL Server is at C:Program FilesMicrosoft SQL ServerMSSQL13.MSSQLSERVERMSSQLBinnSqlservr.exe. Click Next.
  5. In the Action dialog box, select Allow the connection, and then click Next.
  6. In the Profile dialog box, select any profiles that describe the computer connection environment when you want to connect to the Database Engine, and then click Next.
  7. In the Name dialog box, type a name and description for this rule, and then click Finish.

See Also
How to: Configure Firewall Settings (Azure SQL Database)


Prepare Windows Cluster SharePoint

This part demonstrate how to configure windows cluster for two server, to be used as SQL Cluster.

Before you start

· You need to have two network adapters on each node, one Public and one Private(for heartbeat communication).

· Shared storage (like SAN storage) should be present and connected to both cluster nodes  with at least:

  • Quorum Disk (5GB)
  • DTC Disk (1GB)
  • SQL data files and log file disk(s)

· domain user account (SPSadmin): add SPSadmin user as administrator on both servers

· Prepare a preserved static IP and Cluster Name to be used.

· Prepare a preserved static IP and DTC Name to be used.

Windows Cluster Configuration

1. Install latest windows updates on all server nodes.

2. Install Application role and IIS role on both SQL DB server nodes

3. Install Fail over clustering feature on both SQL DB server nodes.

4. Provide a Cluster Name and Cluster IP for the database nodes:

Note: make sure that the public network is used here not the private (heartbeat)

5. Below are the servers info

6. Cluster Disk files are configured as the following:

7. Configure DTC as clustered service , this is a pre requisite for SQL Cluster installation

8. DTC cluster configuration

9. Assign the DTC a cluster disk

10. Create SQL Group which is a logical group to include all SQL resources in :

Parallel Query Processing

  • SQL Server provides parallel queries to optimize query execution and index operations for computers that have more than one microprocessor (CPU). Because SQL Server can perform a query or index operation in parallel by using several operating system threads, the operation can be completed quickly and efficiently.
  • During query optimization, SQL Server looks for queries or index operations that might benefit from parallel execution.

  • For these queries, SQL Server inserts exchange operators into the query execution plan to prepare the query for parallel execution. 

  • An exchange operator is an operator in a query execution plan that provides process management, data redistribution, and flow control. The exchange operator includes the Distribute Streams, Repartition Streams, and Gather Streams logical operators as subtypes, one or more of which can appear in the Show plan output of a query plan for a parallel query.

  • After exchange operators are inserted, the result is a parallel-query execution plan.

  • A parallel-query execution plan can use more than one thread. A serial execution plan, used by a nonparallel query, uses only one thread for its execution. The actual number of threads used by a parallel query is determined at query plan execution initialization and is determined by the complexity of the plan and the degree of parallelism.

  • Degree of parallelism determines the maximum number of CPUs that are being used; it does not mean the number of threads that are being used. The degree of parallelism value is set at the server level and can be modified by using the sp_configure system stored procedure.

  • You can override this value for individual query or index statements by specifying the MAXDOP query hint or MAXDOP index option.

The SQL Server query optimizer does not use a parallel execution plan for a query if any one of the following conditions is true:

  • The serial execution cost of the query is not high enough to consider an alternative, parallel execution plan.
  • A serial execution plan is considered faster than any possible parallel execution plan for the particular query.
  • The query contains scalar or relational operators that cannot be run in parallel. Certain operators can cause a section of the query plan to run in serial mode, or the whole plan to run in serial mode.

To configure the max degree of parallelism option

  1. In Object Explorer, right-click a server and select Properties.

  2. Click the Advanced node.

  3. In the Max Degree of Parallelism box, select the maximum number of processors to use in parallel plan execution.

How to Fix SharePoint 2013 Slow Performance

You may have noticed that the hardware requirements for SharePoint 2013 Server are quite hefty. Many SharePoint 2013 performance issues have been attributed to lack of resources.  Although meeting the minimum performance specs is highly recommended, you can tweak SharePoint 2013 to work with less resources.

The following tips are some that I have collected while looking for ways to improve SharePoint 2013 performance. Some of these will help SharePoint’s performance however, my experience has been that unless you have a server that meets the minimum SharePoint 2013 requirements, the Search function will still bring your SharePoint server to a crawl.

The only way that I have been able to run SharePoint efficiently on a less than ideal server is to completely disable the search feature.

If however, you want to try and tweak SharePoint before completely turning off the search service, be aware that performance results will vary depending on your server’s RAM and CPU speed.

Before You Begin: Stop/Disable the SharePoint 2013 Search Service

If your SharePoint 2013 is running like a 3 legged turtle, temporarily disable the Search Host Controller and the Search Server. This will render your SharePoint Server usable until you complete these tasks. Note: The SharePoint Timer Service will re-start both the Search Host Controller and the Server Search service, so you may want to temporarily disable the Timer Service as well.

The services to disable are SharePoint Search Host Controller and SharePoint Server Search 15. You can find these services by running services.msc from a command prompt. Once you have finished, don’t forget to enable them again.

Here are the steps to fix SharePoint 2013 performance issues

1. Update SharePoint 2013 March patch update

2. Reduce the search crawl time interval and properly configure SharePoint 2013 Search

3. Reduce Noderunner’s RAM utilization

4. Clear the search database and re-initialize the SharePoint 2013 search crawler

Update SharePoint with March 2013 Patch Update KB2767999

Updating SharePoint with the March 2013 Patches fixes search-related performance problems. Note that you should disable the SharePoint Timer Service first, then SharePoint Search Host Controller and the SharePoint Server Search before installing the updates. (Detailed instructions here)

· SharePoint Server 2013:

· SharePoint Foundation 2013:

How to Reduce the Search Feature Crawl Time Interval and Configure SharePoint 2013 Search

By default, the search feature is set to crawl every 20 minutes. This is nice if you have a monster server, but if you are not so lucky, reducing the crawl rate will yield much better performance. If the SharePoint server hosts a large content database, it may take more than 20 minutes to index. By the time the crawler is finished, it’s time to start again! This leaves you with a perpetually crawling indexing function.

To reduce the search index time interval:

Open Central Administration > General Application Settings > Farm Search Administration

Click on Search Service Application and then on the Content Sources menu link.



Locate your site, click on the drop down menu and then select edit. In the start address, make sure that you have entries for your FQDN, your default Web as well as the SPS3 Protocol Handler. For example: if your SharePoint server’s NetBIOS name is SP01, then you should have an entry for http://SP01 and SPS3://SP01 in addition to your Web site FQDN. This is necessary for the search feature to properly work. If the search index does not properly work, continual searches will damper performance. Once search is working properly, server performance will greatly increase.


Next, set a full and incremental crawl schedule so that the crawl takes place during off-peak usage times. The older your server, the less frequent you may want to make the crawls.


Once you have finished, click OK to save the changes.

How to Reduce noderunner.exe’s RAM Utilization

On the SharePoint 2013 server, open Server Manager -> Tools -> Windows PowerShell ISE


Click File -> Open and navigate to

C:Program FilesMicrosoft Office Servers15.0SearchRuntime1.0

Open noderunner.exe.config

If you cannot see noderunne.exe.config, click on the drop down next to file name and select All Files (.)


Modify the following line:


Noderunner.exe is set to “0” by default, which means unlimited memory usage. Change the “0” to a number in megabytes to limit the total amount of ram that it can use.

For example:

Click save and exit. Restart the SharePoint server.

You can greatly increase SharePoint 2013 server performance by stopping the following services:

· SharePoint Search Host Controller

· SharePoint Search Server 15

Of course, this should be done if you are not using the search service. If you are, this may not be an option.

If that’s the case, your best option may be to increase your server’s available RAM to meet or exceed the minimum requirements. You can also mitigate the performance effects caused by the search service if you reduce the amount of Ram available to noderunner.exe however this is less desirable than stopping the search services.

Reset the Search Index and Initialize a Full Crawl

Finally, re-initialize the search index to clear out the database and re-initialize the crawl. To do this, go to Central administration –> General Application Settings –> Farm Search Administration –> Search Service Application. Select Index Reset from the crawling menu and then click on the reset now button.

Once you have reset the index, click on content sources and select start all crawls.


storage related performance issues sharepoint

Here are five storage-related issues in SharePoint that can kill performance, with tips on how to resolve or prevent them.

Problem #1:

Unstructured data takeover. The primary document types stored in SharePoint are PDFs, Microsoft Word and PowerPoint files, and large Excel spreadsheets. These documents are usually well over a megabyte.

SharePoint saves all file contents in SQL Server as unstructured data, otherwise known as Binary Large Objects (BLOBs). Having many BLOBs in SQL Server causes several issues. Not only do they take up lots of storage space, they also use server resources.

Because a BLOB is unstructured data, any time a user accesses a file in SharePoint, the BLOB has to be reassembled before it can be delivered back to the user – taking extra processing power and time.


Move BLOBs out of SQL Server and into a secondary storage location – specifically, a higher density storage array that is reasonably fast, like a file share or network attached storage (NAS).

Problem #2:

An avalanche of large media. Organizations today use a variety of large files such as videos, images, and PowerPoint presentations, but storing them in SharePoint can lead to performance issues because SQL Server isn’t optimized to house them.

Media files, especially, cause issues for users because they are so large and need to be retrieved fairly quickly. For example, a video file may have to stream at a certain rate, and applications won’t return control until the file is fully loaded. As more of this type of content is stored in SharePoint, it amplifies the likelihood that users will experience browser timeout, slow Web server performance, and upload and recall failures.


For organizations that make SharePoint “the place” for all content large and small, use third-party tools specifically designed to facilitate the externalization of large media storage and organization. This will encourage user adoption and still allow you to maintain the performance that users demand.

Problem #3:

Old and unused files hogging valuable SQL Server storage. As data ages, it usually loses its value and usefulness, so it’s not uncommon for the majority of SharePoint content to go completely unused for long periods of time. In fact, more than 60 to 80 percent of content in SharePoint is either unused or used only sparingly in its lifespan. Many organizations waste space by applying the same storage treatment for this old, unused data as they do for new, active content, quickly degrading both SQL Server and SharePoint performance.


Move less active and relevant SharePoint data to less expensive storage, while still keeping it available to end users via SharePoint. In the interface, it helps to move these older files to different parts of the information architecture, to minimize navigational and search clutter. Similarly, we can “unclutter” the storage back end.

A third-party tool that provides tiered storage will enable you to easily move each piece of SharePoint data through its life cycle to various repositories, such as direct attached storage, a file share, or even the cloud. With tiered storage, you can keep your most active and relevant data close at hand, while moving the rest to less expensive and possibly slower storage, based on the particular needs of your data set.

Problem #4:

Lack of scalability. As SharePoint content grows, its supporting hardware can become underpowered if growth rates weren’t accurately forecasted. Organizations unable to invest in new hardware need to find alternatives that enable them to use best practices and keep SharePoint performance optimal. Microsoft guidance suggests limiting content databases to 200GB maximum unless disk subsystems are tuned for high input/output performance. In addition, huge content databases are cumbersome for backup and restore operations.


Offload BLOBs to the file system – thus reducing the size of the content database. Again, tiered storage will give you maximum flexibility, so as SharePoint data grows, you can direct it to the proper storage location, either for pure long-term storage or zippy immediate use.

It also lets you spread the storage load across a wider pool of storage devices. This approach keeps SharePoint performance high and preserves your investment in existing hardware by prolonging its useful life in lieu of buying expensive hardware. It’s simpler to invest in optimizing a smaller SQL Server storage core than a full multi-terabyte storage footprint, including archives.

Problem #5:

Not leveraging Microsoft’s data externalization features. Microsoft’s recommended externalization options are Remote BLOB Storage (RBS), a SQL Server API that enables SharePoint 2010 to store BLOBs in locations outside the content databases, and External BLOB Storage (EBS), a SharePoint API introduced in SharePoint 2007 SP1 and continued in SharePoint 2010.

Many organizations haven’t yet explored these externalization capabilities, however, and are missing out on significant storage and related performance benefits. However, native EBS and RBS require frequent T-SQL command-line administration, and lack flexibility.


Use a third-party tool that works with Microsoft’s supported APIs, RBS, and EBS, and gives administrators an intuitive interface through SharePoint’s native Central Administration to set the scope, rules and location for data externalization.

In each of these five problem areas, you can see that offloading the SharePoint data to more efficient external storage is clearly the answer. Microsoft’s native options, EBS and RBS, only add to the complexity of managing SharePoint storage, however, so the best option to improve SharePoint performance and reduce costs is to select a third-party tool that integrates cleanly into SharePoint’s Central Administration. This would enable administrators to take advantage of EBS and RBS, choosing the data they want to externalize by setting the scope and rules for externalization and selecting where they want the data to be stored.