Now I got a funny experience with the firewall. As I want it the
firewall is started and the proper ports is open.
For a reason on helping a co-worker I stopped the windows firewall
service on one node and what is happening is that the opened ports is
disabled and no SQL (1433), RDP (3389) or ICMP traffic is allowed.
That's fine but as I can't connect to my instance my wonder is, should
it not initiate a failover? I can manually move the group between the
nodes and where the firewall service is on I can connect.
I also moved the cluster group back and forward,
I get it that the heartbeat is working even with the firewall service
stopped and that's why the groups not fail.
Of course I will keep the firewall service running, but shouldn't
there not be a failover if the firewall service of any reason stops?
/Peter
Here is an enumeration of the binaries for SQL Server 2005. SQL 2008
binaries are similarly located but with "100" instead of "90" in the path.
http://weblogs.sqlteam.com/geoffh/archive/2008/06/11/Secure--Unusable.aspx
--
Geoff N. Hiten
Principal SQL Infrastructure Consultant
Microsoft SQL Server MVP
"Peter Lindberg" <plT...@AWAYlg.se> wrote in message
news:4b716dc4....@msnews.microsoft.com...
What I still don't get is why I don't get a group fail of the
sqlserver group when the sqlserver is not availibale because the
firewall service is stopped? For this to be recreated it doesn't
mather wich way I chose to open the firewall.
Here is what I expect to get and also get:
I get a fail if I lose the public network
I get no fail if I lose the heartbeat network. (internal thru public)
I get a fail if the server reboots or BSOD.
But if the windows firewall service has failed or been stopped I just
get an unaccessable SQL instance. Why can't the cluster identify it as
an error and fail the group?
/Peter
On Tue, 9 Feb 2010 11:10:14 -0500, "Geoff N. Hiten"
<SQLCra...@gmail.com> wrotc:
Windows firewall does not work like an external firewall. External
firewalls block ports and IP addresses. Windows firewall allows (or denies)
access to the network for specific signed executables. The blog post shows
how to add the the key SQL Executables to the allowed list.
--
Geoff N. Hiten
Principal SQL Infrastructure Consultant
Microsoft SQL Server MVP
"Peter Lindberg" <plT...@AWAYlg.se> wrote in message
news:4b75c98e....@msnews.microsoft.com...
My question has nothing to do with external FW.
My opinion is that high availability should mean that the SQL group
fail when it's inaccessable from outside. When the FW service is off
(doesn't matter why), SQL is inaccessable from outside and as I read
your answer it's meant to be so.
Thank you for trying to explain, but I don't think it's high
availability!
It's very easy to recreate, set up a W2K8 R2 cluster with SQL2K8 and
connect to sql via SSMS from outside. Stop FW on the cluster node
owning the SQL group and SSMS can no longer can access SQL. If you
move the group to the other node SSMS can connect again.
In my setup I have one public nic and one internal nic.
/Peter
On Mon, 15 Feb 2010 09:47:08 -0500, "Geoff N. Hiten"