Yellowfin 8.0.1 requires additional firewall ports for MS SQL Named Instance

Greg Michael shared this question 5 months ago
Answered

We are using the Yellowfin application within BMC's TrueSight Server Automation product for their Live Reporting application. Our environment has some unique security requirements. The Yellowfin web server and database exist outside a secured network. The data source requires access to the TrueSight Server Automation database, which exists inside the secure network. The database is hosted on a MS SQL Server 2012 instance, and the instance is using a specific port, and not the dynamic port option.


When we run the installer for Live Reporting (which is a wrapper around the Yellowfin v8.0.1 installer) the installation fails if we select the named instance option using the specific port for the instance. If we select the default instance, it succeeds. From what we've been able to determine, the installer is trying to reach out to the instance using the default port of 1433 even though we've specified a port for the instance.


Does anyone know and understand why the YF installer is using a port other than the specified port during the installation? And to be up front, I have already engaged BMC on this as well, but they are not coming up with any answers.

Best Answer
photo

Hi Greg,

Thanks for your response. Additional information certainly never hurts! Thanks for bringing this to our attention.

I've gone ahead and created a Knowledge Base Article for this, which you can reference here.

Please let me know if you have any further questions.

Regards,

Mike

Comments (2)

photo
1

Hi Greg,

Thanks for reaching out. Can you please provide a copy of the '...InstallLog' from your <InstallLocation> folder, so we can see if there are any additional details included within?


Thanks,

Mike

photo
1

I wish that I could. The installation was blown away due to corruption of files that were unpacked from the zip archive after the install completed "successfully." As a result, the logs that would have shown the failures were not kept. If necessary, I'm sure that we could reproduce the error, but it would take some time.

photo
1

We were able to recreate the error. The failure occurs when the installer attempts to connect to the BladeLogic database after it establishes the connection to the Yellowfin database server using the same named instance method.

photo
1

Hi Greg,

Thanks for your response. I'm going to guess you saw something like this:

/427cb41d44a16e4fdca168decbbbfd9b

I too can confirm I can reach my named instance if I keep the default of '1433' in there. However, what's important to determine is whether this is because of Yellowfin or some other outside (SQL Server/Firewall) configuration. The best way to test this would be to attempt a connection to your other static port you've configured via some other 3rd party db visualiztion tool, such as DbBeaver or DbVisualizer. I suspect you'd run into the same error on doing so.

I followed these steps (except the Firewall aspect) to specify a different port ('1435') for my Named Instance and couldn't connect to it using my chosen port there either, neither in DbViz or in Yellowfin (as you can see above).

Here's the failure in DbViz:

/9a8f584912538932057452736c003cd7

Based on the Microsoft documentation for Configure a Server to Listen on a Specific TCP Port, one of the required steps is that "when you are connecting to a named instance through a firewall, configure the Database Engine to listen on a specific port, so that the appropriate port can be opened in the firewall."

As such, I believe this is expected behavior that the new port has to be opened in the Firewall before this can work as intended. Please take a look through the referenced documentation and let me know if you have any follow-up questions regarding this from the Yellowfin side.

Regards,

Mike

photo
1

Is this something that is worth making a note of when installing Yellowfin in the installation documentation? Just for the sake of users who are not MS SQL DBAs and do not realize that the additional DAC port (UDP:1434) is required for communicating with the Instance across a firewall.

photo
1

Hi Greg,

Thanks for your response. Additional information certainly never hurts! Thanks for bringing this to our attention.

I've gone ahead and created a Knowledge Base Article for this, which you can reference here.

Please let me know if you have any further questions.

Regards,

Mike

photo
1

Hi Greg,

I just wanted to check in and see if you needed anything else or if we're okay to close this case out.

Thanks,

Mike

photo
photo
1

This should be OK to close.

Thanks.

From: Support Queue <support@Yellowfin.bi>

Sent: Thursday, February 13, 2020 13:27

To: Greg Michael <Greg_Michael@cpr.ca>

Subject: New Comment in "Yellowfin 8.0.1 requires additional firewall ports for MS SQL Named Instance"

photo
1

Hi Greg,

Thanks for confirming! Please don't hesitate to reach out with any other questions or concerns.

Regards,

Mike

photo