| title | Network Protocols and Network Libraries | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| description | A server can be configured to monitor multiple network protocols. You can change the configuration using the SQL Server Configuration Manager. | ||||||||||
| author | rwestMSFT | ||||||||||
| ms.author | randolphwest | ||||||||||
| ms.date | 09/07/2025 | ||||||||||
| ms.service | sql | ||||||||||
| ms.subservice | install | ||||||||||
| ms.topic | how-to | ||||||||||
| helpviewer_keywords |
|
[!INCLUDE SQL Server -Windows Only]
A server can listen on, or monitor, multiple network protocols at one time. However, each protocol must be configured. If a particular protocol isn't configured, the server can't listen on that protocol. After installation, you can change the protocol configurations using the [!INCLUDE ssNoVersion] Configuration Manager.
A default instance of [!INCLUDE ssNoVersion] is configured for TCP/IP port 1433, and named pipe \\.\pipe\sql\query. [!INCLUDE ssNoVersion] named instances are configured for TCP dynamic ports, with a port number assigned by the operating system.
If you can't use dynamic port addresses (for example, when [!INCLUDE ssNoVersion] connections must pass through a firewall server configured to pass through specific port addresses). Select an unassigned port number. Port number assignments are managed by the Internet Assigned Numbers Authority and are listed at https://www.iana.org.
To enhance security, network connectivity isn't fully enabled when [!INCLUDE ssNoVersion] is installed. To enable, disable, and configure network protocols after Setup is complete, use the [!INCLUDE ssNoVersion] Network Configuration area of the [!INCLUDE ssNoVersion] Configuration Manager.
Servers in the perimeter network should have all unnecessary protocols disabled, including Server Message Block (SMB). Web servers and Domain Name System (DNS) servers don't require SMB. This protocol should be disabled to counter the threat of user enumeration.
Disabling SMB blocks the [!INCLUDE ssNoVersion] or Windows Cluster service from accessing the remote file share. Don't disable SMB if you do or plan to do one of the following:
- Use Windows Cluster Node and File Share Majority Quorum mode
- Specify an SMB file share as the data directory during [!INCLUDE ssNoVersion] installation
- Create a database file on an SMB file share
-
On the Start menu, point to Settings, and then select Network and Dial-up Connections.
Right-click the Internet-facing connection, and then select Properties.
-
Select the Client for Microsoft Networks check box, and then select Uninstall.
-
Follow the uninstall steps.
-
Select File and Printer Sharing for Microsoft Networks, and then select Uninstall.
-
Follow the uninstall steps.
- In the Local Area Connection properties, use the Transmission Control Protocol/Internet Protocol (TCP/IP) properties dialog box to remove File and Printer Sharing for Microsoft Networks and Client for Microsoft Networks.
[!INCLUDE ssNoVersion] introduces a new concept for [!INCLUDE ssNoVersion] connections; the connection is represented on the server end by a [!INCLUDE tsql] endpoint. Permissions can be granted, revoked, and denied for [!INCLUDE tsql] endpoints. By default, all users have permissions to access an endpoint unless the permissions are denied or revoked by a member of the sysadmin group or by the endpoint owner. The GRANT, REVOKE, and DENY ENDPOINT syntax uses an endpoint ID that the administrator must get from the endpoint's catalog view.
[!INCLUDE ssNoVersion] Setup creates [!INCLUDE tsql] endpoints for all supported network protocols, and for the dedicated administrator connection.
[!INCLUDE tsql] endpoints created by [!INCLUDE ssNoVersion] Setup are as follows:
For more information about endpoints, see Configure the Database Engine to listen on multiple TCP ports and Endpoints Catalog Views.
For more information about [!INCLUDE ssNoVersion] network configurations, see Server network configuration.