How to open the firewall port for SQL Server on Windows Server 2008

Symptoms
Windows Firewall on Windows Server 2008 helps prevent unauthorized access to computer resources. However, if the firewall is configured incorrectly, attempts to connect to an instance of Microsoft SQL Server may be blocked. To access an instance of SQL Server that is behind the firewall, you must configure the firewall on the computer that is running SQL Server.
This article helps you open the firewall ports for SQL Server on Windows Server 2008.
To have us fix this problem for you, go to the “Fix it for me”section. If you prefer to fix this problem yourself, go to the “Let me fix it myself” section.
Resolution
To fix this problem automatically, click the Fix this problem link. Click Run in the File Download dialog box, and then follow the steps in this wizard.

a.button {background: url(/library/images/support/KBGraphics/PUBLIC/cn/FixItButton.jpg) no-repeat 0 0;width: 139px;height: 56px;display:block;cursor:pointer;}a.button:hover {background-position: bottom right;}Fix this problem
Microsoft Fix it 50169

Note This wizard may be in English only, but the automatic fix also works for other language versions of Windows.
Note If you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.
Next, go to the “Did this fix the problem?” section.

Many 5159 events are logged in the Security event log after you disable Windows Firewall and enable the “Filtering Platform Connection” auditing policy

Symptoms
Consider the following scenario:On a computer that is running Windows Vista or Windows Server 2008, you disable Windows Firewall for the Domain profile, the Private profile and the Public profile.You enable the “Filtering Platform Connection” audit policy.In this scenario, the following Event ID 5159 is logged many times in the Security event log:

Log Name:Security Source:Microsoft-Windows-Security-Auditing Event ID:5159 Task Category: Filtering Platform Connection Level:Information Keywords:Audit Failure User:N/A Description: The Windows Filtering Platform has blocked a bind to a local port. Application Information:Process ID:process IDApplication Name:%path to some application%Network Information:Source Address:IP addressSource Port:port numberProtocol:17 Filter Information:Filter Run-Time ID:0Layer Name:Resource AssignmentLayer Run-Time ID:36These events quickly fill the Security event log. Because of the large number of entries in the Security event log, it is difficult to monitor audit failures.
Resolution
This issue occurs because the Windows Filtering Platform (WFP) incorrectly logs an audit event for a blocked bind to a local port. However,this bind is permitted.

SSL authentication fails and X.509 error occurs when a WCF-enabled application performs mutual authentication in Windows 7, in Windows Server 2008 R2, in Windows Vista, or in Windows Server 2008

Symptoms
Consider the following scenario:
You have a computer that is running one of the following operating systems:Windows VistaWindows Server 2008Windows 7Windows Server 2008 R2You have an application that enables Windows Communication Foundation (WCF) on the computer.The application relies on a client certificate in the store of a user to authenticate with a server.The application performs mutual authentication by using the client certificate.In this scenario, the authentication causes an exception intermittently, and you receive an error message that resembles the following:

The X.509 certificate CN=<Host> chain building failedThen, the application cannot authenticate with the server.
Note The client certificate is deleted from the store of the user when this issue occurs, and you have to reinstall the certificate for the application to work again.
Resolution
This issue occurs because the root certificate is deleted by lsass.exe during SSL communication in a WCF application.

Description of Group Policy Restricted Groups

Symptoms
This article provides a description of Group Policy Restricted groups.
Resolution
Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups: MembersMember Of The “Members” list defines who should and should not belong to the restricted group. The “Member Of” list specifies which other groups the restricted group should belong to. Using the “Members” Restricted Group Portion of Policy When a Restricted Group policy is enforced, any current member of a restricted group that is not on the “Members” list is removed with the exception of administrator in the Administrators group. Any user on the “Members” list which is not currently a member of the restricted group is added. Using the “Member Of” Restricted Group Portion of Policy Only inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box. Managing membership of Domain Groups by using Restricted Groups Microsoft does not support using Restricted Groups in this scenario. Restricted Groups is a client configuration means and cannot be used with Domain Groups. Restricted Groups is designed specifically to work with Local Groups. Domain objects have to be managed within traditional AD tools. Therefore, we do not plan currently to add or support using Restricted Groups as a way to manage Domain Groups.

SQL Server Questions and Answers, SQL QA