Today, security is more important than ever. Because of this, system administrators are constantly working to ensure their environments are as secure as they can be. Skype for Business Server and SQL Server are no exception, and some administrators immediately go to work changing SQL’s default ports after installing a new instance.

Is this supported?

Yes – running SQL server on non-default (1433) ports is supported by both Microsoft support, and Skype for Business server (both 2015 and 2019). Changing the default SQL server port is a Microsoft recommended step too, to harden your SQL server security.

Default vs Named Instance

Generally speaking whenever a new Instance of SQL is installed, an administrator will choose a Named Instance over a Default Instance. This is vitally important as if you want to run SQL server on a non-standard port, one will work with Skype for Business, and the other won’t.

Using an SQL Default Instance

If SQL Server has been installed as a Default Instance, you must use the default SQL server ports if you want to use the instance to store Skype for Business backend databases.

This means that the SQL server port must remain as port 1433. Changing this port to any other port will cause the Skype for Business database installation process to fail.

To test this, I changed the default instance port from 1433 to 6100

After restarting the SQL service, I then ran:

Install-CSDatabase -DatabaseType Mirroring -SQLServerFQDN sfb-sql.chiffers.com -UseDefaultSqlPaths -Clean -Verbose

The above command installs the Skype for Business Monitoring Database on SQL server sfb-sql.chiffers.com

The below screenshot shows the error that the install-csdatabase command spits back:

Error 40 – could not open a connection to SQL Server. Message: Access is denied.

Changing the SQL server port back to 1433 allowed the database to install successfully after another restart of the SQL services, and a re-run of the same above command:

Using an SQL Named Instance

Although we can set any SQL port we wish regardless of if the SQL server is running a default instance or named instance, Skype for Business will only allow non-default SQL ports if a named instance is used.

To test this, I updated the port for my SQL named instance: SFBSQL from 1433 to 6100:

Once the port has been changed and the SQL services restarted, I ran the below command:

Install-CSDatabase -DatabaseType Mirroring -SQLServerFQDN sfb-sql.chiffers.com -SQLServerInstance SFBSQL -UseDefaultSqlPaths -Clean -Verbose

As you can see from the above screenshot, the installation was successful.

So, what’s happening here?

In short, it would appear that there’s a bug with the Skype for Business database installer.

If the installer detects a default instance, it assumes that port 1433 is in use and will not try any other port.

If however a named instance is used, the database installer utilises the SQL Browser service, locates the correct instance name and port, connects and deploys the database.

Summary

In short, if you want to use the non-default SQL server (1433) port, you must use a named instance for your SQL Server database. This includes if you’re using SQL Availability Groups. This appears to affect Skype for Business Server 2015 and 2019.

 

Category:
Skype For Business

Leave a Reply