Blog Post

SQL Server Blog
2 MIN READ

SQL Server Ports

SQL-Server-Team's avatar
SQL-Server-Team
Former Employee
Mar 23, 2019
First published on TECHNET on Jul 03, 2012

Quick cheat sheet for port numbers used by SQL Server services or services that SQL Server may depend on:


21 TCP FTP (replication)
80 TCP HTTP endpoints, Reporting Services, HTTP replication
135 TCP & UDP RPC, WMI, MSDTC, SQL Agent file copy, and TSQL Debugger (RPC used for multiple purposes including SSIS and clustering.)
137 UDP File & Print Sharing (replication) and Cluster Admin
138 UDP File & Print Sharing (replication)
139 TCP FileStream and NetBIOS Session Service (clustering)
443 TCP HTTPS endpoints and Reporting Services
445 TCP & UDP FileStream, SMB (clustering), and File & Print Sharing
500 UDP IPSec
860 TCP iSCSI
1024-5000 TCP Original dynamic ports for named instances. (WinSock standard.)(See ports 49152-65535.) The DoD Database STIG requires static ports.
1433 TCP SQL Server database engine
1434 TCP & UDP SQL Server database engine, DAC, and SQL Server's "Browse" button.
2382 UDP Analysis Serviceswhen using dynamic ports with named instances
2383 TCP Analysis Services
2393-2394 TCP Analysis Services version 7
2725 TCP Analysis Services
3260 TCP iSCSI
3343 UDP Cluster network driver
3389 TCP Remote Desktop Protocol (RDP)
3882 TCP DTS/SSIS
4022 TCP Conventional port for the SQL Broker service
4500 UDP IPSec
5000-5099 UDP Clustering
5022 TCP AlwaysOn's default port for primary and secondary replicas
7022 TCP Conventional port for Database Mirroring
8011-8031 UDP Clustering internode RPC
49152-65535 TCP Latest dynamic ports for named instances. (WinSock standard.)(See ports 1024-5000.) The DoD Database STIG requires static ports.

Microsoft recommends non-default ports for maximum security.


Check ports in use: SELECT ServerProperty("ProcessID")
At a command prompt: "netstat -ano"


AlwaysOn Ports



  • Each instance w an Availability Group (AG) must have a database mirroring endpoint, and they endpoints bust be started (query sys.database_mirroring_endpoints and sys.tcp_endpoints).

  • Logins from a remote server must have CONNECT permission. Each instance must have access to ports on all partners.


Resources: http://msdn.microsoft.com/en-us/library/cc646023.aspx , http://www.sqlservercentral.com/articles/networking/75481/ , and http://support.microsoft.com/kb/968872


Updated Mar 23, 2019
Version 2.0
sqlserversecurity

1 Comment

Sort By
  • abdulrahman_alzaeem's avatar
    abdulrahman_alzaeem
    Copper Contributor
    Oct 28, 2021

    Hi SQL-Server-Team 

     

    I am IT security Eng and I'm managing NDR solution in my company . I found alert that some users have accessed some rpc ports on SQL Server which they are not allowed to do . And when I do my investigation I found that all what they did is to run SMSS  to connect to the database server . My question is : is it normal to SMSS to communicate with the DB server with the rpc ports ? and can we configure smss or server to not use rpc ports ?

    Thanks and Regards