Connecting to Named Instances through firewalls

This document lists learned lessons from trying to connect to named instances. The scenario is like this:
• Client connects to a remote SQL Server 2005 Named Instance
• The host where the Named Instance runs is behind a network firewall
• The host is running Windows Server 2003 or 2008
• The host (Windows) firewall allows only inbound connections that match a rule.

Note that host and Named Instance are generic references. Replace them with your specific names.
On the server side
1. Identify an available port (not in use) on the host. From a DOS session, netstat –no would list all TCP ports in use; choose one that is not listed, and that is not 1433 even if not in use. It is a good practice to reserve 1433 for the Default Instance.
2. First enable the SQL Browser:
a. Start SQL Browser service
3. Set port number for Named Instance. On the SQL Server Configuration Manager:
a. Under Protocols for NamedInstance
i. Enable TCP/IP
ii. Right-click TCP/IP and edit properties as follows:
1. On the Protocol tab, note whether Listen All is set to Yes or No
2. On the IP Addresses tab, if Listen All was set to Yes, then go to the bottom and change the IPAll ? TCP Dynamic Ports to blank. Then change IPAll ? TCP Port to the available port.
3. If Listen All was set to No, then you need to perform the changes described above on each IPn section of the IP Addresses tab.
4. Save changes (click OK)
b. Restart the SQL Server (Named Instance) service
4. Open firewalls for the SQLBrowser and the NamedInstance:
a. Create an inbound rule in the Windows Firewall for Port 1434 UDP
b. Create an inbound rule in the Windows Firewall for port availableport TCP
c. Create an inbound rule in the network firewall to host on port 1434 UDP
d. Create an inbound rule in the network firewall to host on port availableport TCP
On the client side
1. Connection string from clients should be servername\instancename