Quick cheat sheet for port numbers used by SQL Server services or services that SQL Server may depend on:
| 21 | TCP | FTP (replication) |
| 80 | TCP | HTTP endpoints, Reporting Services, HTTP replication |
| 135 | TCP & UDP | RPC, WMI, MSDTC, SQL Agent file copy, and TSQL Debugger (RPC used for multiple purposes including SSIS and clustering.) |
| 137 | UDP | File & Print Sharing (replication) and Cluster Admin |
| 138 | UDP | File & Print Sharing (replication) |
| 139 | TCP | FileStream and NetBIOS Session Service (clustering) |
| 443 | TCP | HTTPS endpoints and Reporting Services |
| 445 | TCP & UDP | FileStream, SMB (clustering), and File & Print Sharing |
| 500 | UDP | IPSec |
| 860 | TCP | iSCSI |
| 1024-5000 | TCP | Original dynamic ports for named instances. (WinSock standard.)(See ports 49152-65535.) The DoD Database STIG requires static ports. |
| 1433 | TCP | SQL Server database engine |
| 1434 | TCP & UDP | SQL Server database engine, DAC, and SQL Server’s «Browse» button. |
| 2382 | UDP | Analysis Serviceswhen using dynamic ports with named instances |
| 2383 | TCP | Analysis Services |
| 2393-2394 | TCP | Analysis Services version 7 |
| 2725 | TCP | Analysis Services |
| 3260 | TCP | iSCSI |
| 3343 | UDP | Cluster network driver |
| 3389 | TCP | Remote Desktop Protocol (RDP) |
| 3882 | TCP | DTS/SSIS |
| 4022 | TCP | Conventional port for the SQL Broker service |
| 4500 | UDP | IPSec |
| 5000-5099 | UDP | Clustering |
| 5022 | TCP | AlwaysOn’s default port for primary and secondary replicas |
| 7022 | TCP | Conventional port for Database Mirroring |
| 8011-8031 | UDP | Clustering internode RPC |
| 49152-65535 | TCP | Latest dynamic ports for named instances. (WinSock standard.)(See ports 1024-5000.) The DoD Database STIG requires static ports. |
Microsoft recommends non-default ports for maximum security.
Check ports in use: SELECT ServerProperty(«ProcessID»)
At a command prompt: «netstat -ano»
AlwaysOn Ports
- Each instance w an Availability Group (AG) must have a database mirroring endpoint, and they endpoints bust be started (query sys.database_mirroring_endpoints and sys.tcp_endpoints).
- Logins from a remote server must have CONNECT permission. Each instance must have access to ports on all partners.