Enabling Remote SQL Express 2008 Network Connections on Vista

Today I spent way too long trying to enable remote network connections on my SQL 2008 Express database running on my Vista development machine so I thought I’d post the steps here. Please note that these settings may NOT be appropriate for your production environments. I’m a developer ;-), hence this is what I did to get the development environment working. If you need to set up production environments I’d read the SQL Server Books online.

Normally when developing code I always use the local SQL Express instance on my box and the default install takes care of everything so local connections via Visual Studio work fine. But what I was doing today was trying to connect a VPC to SQL 2008 Express on my host development machine in order to test some apps, simulating a network. When installing SQL 2005 or 2008 Express it locks out remote access to be on the safe side. Here’s the basic steps you need to do to get it working:

1. Open up the SQL Server Configuration Manager. Programs / Microsoft SQL Server 2008 / Configuration Tools / SQL Server Configuration Manager.

2. Expand the SQL Server Network Configuration node and select the Protocols for SQLEXPRESS

3. Enable TCP/IP by right-clicking and selecting Enable, then OK.

4. Click on the SQL Server Services node and in the right panel right-click SQL Server (EXPRESS) and select restart to restart the service.

5. Right-click on the SQL Server Browser and select start to start the browser service if it isn’t started already. This will allow you to access the SQL Express instance by the computer name.

6. Open up SQL Server Management Studio as Administrator. (If you don’t have SSMS installed, get it here)

7. In the Object Explorer under the Security node, add a new user for the account that will be connecting by right-clicking and selecting “New User”. This opens the Login Properties page. If you’re on a domain then use Windows Authentication. For my VPC scenario it wasn’t connected to a domain so I added a SQL Server login and password. (To enable SQL logins you need to first right-click on the SQL Express instance at the top, select Properties and under Security select “SQL Server and Windows Authentication mode”.)

8. Select User Mapping on the Login Properties and check off the database you want to connect to. If you’re just testing then you can select db_owner in the role membership to grant all access to the database, including altering the schema. Please note that this is not secure but it works for development and testing.

If you want to be secure you can go and specifically grant permissions under the Security node for the specific database back up in the Object Explorer. But if you’re on a domain then I would recommend creating a least privileged Windows Security Group on your domain and adding that to a SQL Server Role that you can configure explicit permissions on (i.e. GRANT EXECUTE on your CRUD stored procs and GRANT SELECT on tables, don’t let DELETE, INSERT and UPDATE directly). Then you can just use normal Windows security to add users on the domain to the group. This also lets you use integrated security in the connection strings which is much more secure.

9. Configure the Firewall. This is the step that I forgot and was banging my head on the wall 4-EV-R! Open up Windows Firewall and select Change Settings, select the Exceptions Tab and click Add Program. You’ll need to select the SQLservr.exe in Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\ and the SQLBrowser.exe in Program Files\Microsoft SQL Server\90\Shared\. Then select Properties for each of them and select the “Change Scope” button. Then select the proper scope. For development and testing you could specify the remote computer’s IP address or widen it to your network subnet. I recommend not allowing Internet users. ;-)

10. Configure the connection string. Now back in Visual Studio you can configure your connection string settings in your Project Settings (app.config). If you used Windows Authentication then it’s really easy:

Data Source=SERVERNAME\sqlexpress;Initial Catalog=MyDatabase;Integrated Security=True

If you used a SQL Login then you need to supply a less secure connection string with the username and password:

Data Source=SERVERNAME\sqlexpress;Initial Catalog=MyDatabase;User ID=username;Password=password

I hope that works for you, it did for me. If you’re still having trouble please see these troubleshooting tips in the library or ask a question on the SQL Server forums. I’m by no means an expert in SQL Server configuration or networks.