How to open the firewall port for SQL Server on Windows Server 2008

Symptoms
Windows Firewall on Windows Server 2008 helps prevent unauthorized access to computer resources. However, if the firewall is configured incorrectly, attempts to connect to an instance of Microsoft SQL Server may be blocked. To access an instance of SQL Server that is behind the firewall, you must configure the firewall on the computer that is running SQL Server.
This article helps you open the firewall ports for SQL Server on Windows Server 2008.
To have us fix this problem for you, go to the “Fix it for me”section. If you prefer to fix this problem yourself, go to the “Let me fix it myself” section.
Resolution
To fix this problem automatically, click the Fix this problem link. Click Run in the File Download dialog box, and then follow the steps in this wizard.

a.button {background: url(/library/images/support/KBGraphics/PUBLIC/cn/FixItButton.jpg) no-repeat 0 0;width: 139px;height: 56px;display:block;cursor:pointer;}a.button:hover {background-position: bottom right;}Fix this problem
Microsoft Fix it 50169

Note This wizard may be in English only, but the automatic fix also works for other language versions of Windows.
Note If you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.
Next, go to the “Did this fix the problem?” section.

Many 5159 events are logged in the Security event log after you disable Windows Firewall and enable the “Filtering Platform Connection” auditing policy

Symptoms
Consider the following scenario:On a computer that is running Windows Vista or Windows Server 2008, you disable Windows Firewall for the Domain profile, the Private profile and the Public profile.You enable the “Filtering Platform Connection” audit policy.In this scenario, the following Event ID 5159 is logged many times in the Security event log:

Log Name:Security Source:Microsoft-Windows-Security-Auditing Event ID:5159 Task Category: Filtering Platform Connection Level:Information Keywords:Audit Failure User:N/A Description: The Windows Filtering Platform has blocked a bind to a local port. Application Information:Process ID:process IDApplication Name:%path to some application%Network Information:Source Address:IP addressSource Port:port numberProtocol:17 Filter Information:Filter Run-Time ID:0Layer Name:Resource AssignmentLayer Run-Time ID:36These events quickly fill the Security event log. Because of the large number of entries in the Security event log, it is difficult to monitor audit failures.
Resolution
This issue occurs because the Windows Filtering Platform (WFP) incorrectly logs an audit event for a blocked bind to a local port. However,this bind is permitted.

SSL authentication fails and X.509 error occurs when a WCF-enabled application performs mutual authentication in Windows 7, in Windows Server 2008 R2, in Windows Vista, or in Windows Server 2008

Symptoms
Consider the following scenario:
You have a computer that is running one of the following operating systems:Windows VistaWindows Server 2008Windows 7Windows Server 2008 R2You have an application that enables Windows Communication Foundation (WCF) on the computer.The application relies on a client certificate in the store of a user to authenticate with a server.The application performs mutual authentication by using the client certificate.In this scenario, the authentication causes an exception intermittently, and you receive an error message that resembles the following:

The X.509 certificate CN=<Host> chain building failedThen, the application cannot authenticate with the server.
Note The client certificate is deleted from the store of the user when this issue occurs, and you have to reinstall the certificate for the application to work again.
Resolution
This issue occurs because the root certificate is deleted by lsass.exe during SSL communication in a WCF application.

Description of Group Policy Restricted Groups

Symptoms
This article provides a description of Group Policy Restricted groups.
Resolution
Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups: MembersMember Of The “Members” list defines who should and should not belong to the restricted group. The “Member Of” list specifies which other groups the restricted group should belong to. Using the “Members” Restricted Group Portion of Policy When a Restricted Group policy is enforced, any current member of a restricted group that is not on the “Members” list is removed with the exception of administrator in the Administrators group. Any user on the “Members” list which is not currently a member of the restricted group is added. Using the “Member Of” Restricted Group Portion of Policy Only inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box. Managing membership of Domain Groups by using Restricted Groups Microsoft does not support using Restricted Groups in this scenario. Restricted Groups is a client configuration means and cannot be used with Domain Groups. Restricted Groups is designed specifically to work with Local Groups. Domain objects have to be managed within traditional AD tools. Therefore, we do not plan currently to add or support using Restricted Groups as a way to manage Domain Groups.

The print operation is unsuccessful when you use the “Point and Print” feature on a client computer that is running Windows Server 2008, Windows Vista Service Pack 1, or Windows Server 2003

Symptoms
Consider the following scenario.A printer is hosted on acomputer that is running Windows Server 2008, Windows Vista Service Pack 1 (SP1), or Windows Server 2003.Youuse the Point and Print feature to print to the printer from a client computer that is part of a workgroup.The client computer is running Windows Server 2008, Windows Vista SP1, or Windows Server 2003.The printer is set as the default printer on the client computer.You log off and then log on again.In this scenario,the print operationfrom the client computer is unsuccessful.
Additionally, if you try toprint again or try to add a port,the following event is logged in the Application log on the client computer:
Log Name: Application
Source: SpoolerWin32SPL
Event ID: 4
Level: Error
Description: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable Additionally, no data is displayed on the printer’s Ports tab or Sharing tabin Control Panel.
Resolution
This issue occurs if you are not manually defined in the Microsoft Management Console (MMC) Local Users and Groups snap-in on both the computer that hosts the printer and the client computer. In this scenario, the print settings are lost when youlog off from the client computer.

SQL Server Questions and Answers, SQL QA