alwayson listener connection granted regardless specified listener port

Jiong AN 146 Reputation points
2021-10-24T08:37:19.947+00:00

My sql server service is running on default port 1433. set up alwayson AG listener on port 12345. Interesting thing is when client connection via listener, both ports 1433 and 12345 are granted. Question is should listener only allow connection through port 12345? where 1433 should only allowed by connection the server hostname service directly.

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,756 questions
Windows Server Clustering
Windows Server Clustering
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Clustering: The grouping of multiple servers in a way that allows them to appear to be a single unit to client computers on a network. Clustering is a means of increasing network capacity, providing live backup in case one of the servers fails, and improving data security.
959 questions
Transact-SQL
Transact-SQL
A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.
4,554 questions
0 comments
Accepted answer
  1. CathyJi-MSFT 21,096 Reputation points Microsoft Vendor
    2021-10-25T07:22:31.333+00:00

    Hi @Jiong AN ,

    > When u trying to connect through the listener name, you only allowed by the specifed port number right?

    Yes, you are right. I also mentioned this in my first reply.

    I did a test to help you understood your issue.

    Server A AG primary replica Instance number port number 1433
    Server B AG secondary replica instance number port number 36888

    AG listener DNS name---AGlistenertest AG listener port number 12345

    1. Server A is primary replica, server B is secondary replica.
      1)Using AGlistenertest,12345, the connection is successful.
      2)Using AGlistenertest,1433, the connection is successful.
    2. Failover the AG primary replica from server A to server B. Then the new primary replica is server B.
      1)Using AGlistenertest,12345, the connection is successful.
      2)Using AGlistenertest,1433, the connection failed.
      3)Using AGlistenertest,36888, the connection is successful.

    When you successfully connected, it happened that the port number of the primary replica SQL instance port is 1433. We can use the primary replica instance port number to connect, but if AG failover, you need to change the port number in the connection string to the port number of new primary replica port number, but if you use AG listener port number, no matter which replica is primary replica and how the port number of the instance is changed , it will not affect the connection of you AG.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

5 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CathyJi-MSFT 21,096 Reputation points Microsoft Vendor
    2021-10-25T02:35:07.89+00:00

    Hi @Jiong AN ,

    You can configure port 1433, the default SQL Server instance port, for the Availability Group Listener. In that case, you don’t have to specify the port number explicitly in a connection string or client connection. If you specify a custom port, the client must explicitly specify the port. Refer to MS document Listener port.

    >Question is should listener only allow connection through port 12345?

    Yes, you are right. If you specify a custom port, then AG listener only allow connection through this port.

    >where 1433 should only allowed by connection the server hostname service directly.

    An availability group listener is a virtual network name (VNN) that clients can connect to in order to access a database in a primary or secondary replicas of an Always On availability group.

    The SQL instance port 1433 is for the standard alone SQL server instance connection.

    The AG listener port and SQL server instance port are different.

    > Interesting thing is when client connection via listener, both ports 1433 and 12345 are granted.

    It is due to your primary replica SQL instance port is 1433. If you failover AG to another replica that SQL server port is not 1433, then the AG listener connection failed through port 1433.

    I did a test in my environment.

    143263-screenshot-2021-10-25-101450.jpg

    143233-screenshot-2021-10-25-102055.jpg

    143234-screenshot-2021-10-25-101420.jpg

    143224-screenshot-2021-10-25-103434.jpg

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Jiong AN 146 Reputation points
    2021-10-25T04:48:13.7+00:00

    Hi Cathy
    Thanks for reply with details. in my case looks different.
    -1. make sure my listener is on 12345
    143196-capture1.jpg

    -2. connecting on port 12345
    143284-capture3.jpg
    -3. connected successfully on port 12345

    143207-capture2.jpg

    -4. now try to connecting with the default port via listener
    143285-capture4.jpg

    -5. it successful

    143197-capture5.jpg

    -6. try to connect port 1433 via listener
    143269-capture6.jpg
    -7. success again
    143286-capture7.jpg

  3. Jiong AN 146 Reputation points
    2021-10-25T06:37:45.107+00:00

    No. From what I understand, you do not need to. As long as your listener is a different port. When u trying to connect through the listener name, you only allowed by the specifed port number right? pls correct me, if i am wrong.

    0 comments
  4. Jiong AN 146 Reputation points
    2021-10-25T09:54:06.823+00:00

    ok. thats much clear now. It actually means there are two open ports for connect via any listener port. 1. connect with the listener port number, 2. connect with the sql service port. both are granted via a listener.

    0 comments