07 March 2022

Configure SQL Server Firewall Ports with PowerShell

 I recently had to rebuild the Configuration Manager server. As I was running the prerequisite tool, it showed it could not communicate with the SQL server that is separate from the Configuration Manager Server. The issue ended up being ports needed to be opened up. 

This PowerShell script will configure the correct ports. It also adds to the description as to what services the port is opened up for in Configuration Manager. If the rule is already present, it skips over. If you open up a rule after the script is executed, you will see it says This is a predefined rule and some of its properties cannot be modified. This was caused by me adding the rule to the group Configuration Manager. If -Group is removed from the cmdlet, this message disappears. 

You can download the script from here.


 If ((Get-NetFirewallRule -Name "ConfigMgr Port 135 UDP" -ErrorAction SilentlyContinue) -eq $null) {  
 New-NetFirewallRule -Name "ConfigMgr Port 135 UDP" -DisplayName "ConfigMgr Port 135 UDP" -Description "Site Server" -Group "Configuration Manager" -Profile "Domain" -Protocol UDP -LocalPort 135 -Enabled True  
 }  
 If ((Get-NetFirewallRule -Name "ConfigMgr Port 135 TCP" -ErrorAction SilentlyContinue) -eq $null) {  
   New-NetFirewallRule -Name "ConfigMgr Port 135 TCP" -DisplayName "ConfigMgr Port 135 TCP" -Description "Site Server" -Group "Configuration Manager" -Profile "Domain" -Protocol TCP -LocalPort 135 -Enabled True  
 }  
 If ((Get-NetFirewallRule -Name "ConfigMgr Port 1433 TCP" -ErrorAction SilentlyContinue) -eq $null) {  
   New-NetFirewallRule -Name "ConfigMgr Port 1433 TCP" -DisplayName "ConfigMgr Port 1433 TCP" -Description "Asset Intelligence Synchronization Point, App Catalog Web Service Point, Endpoint Protection, Enrollment Point, MP, Reporting point, Site Server, SMS Provider, SQL Server, SMP" -Group "Configuration Manager" -Profile "Domain" -Protocol TCP -LocalPort 1433 -Enabled True  
 }  
 If ((Get-NetFirewallRule -Name "ConfigMgr Port 4022 TCP" -ErrorAction SilentlyContinue) -eq $null) {  
   New-NetFirewallRule -Name "ConfigMgr Port 4022 TCP" -DisplayName "ConfigMgr Port 4022 TCP" -Description "SQL Server" -Group "Configuration Manager" -Profile "Domain" -Protocol TCP -LocalPort 4022 -Enabled True  
 }  
 If ((Get-NetFirewallRule -Name "ConfigMgr Port 445 TCP" -ErrorAction SilentlyContinue) -eq $null) {  
   New-NetFirewallRule -Name "ConfigMgr Port 445 TCP" -DisplayName "ConfigMgr Port 445 TCP" -Description "Site Server" -Group "Configuration Manager" -Profile "Domain" -Protocol TCP -LocalPort 445 -Enabled True  
 }  
   

Related Posts:

  • MDT: Defining and Implementing Make and Model in the SQL Database This is a very easy, but also tricky process. The first thing you will need to do of course is setup your SQL database if it has not already been done. Next, you will need to obtain the how the make and model of the machine … Read More
  • MDT: Renaming the Task Sequence ID Once a task sequence has been created, it is grayed out not allowing for it to be changed. There is an easy workaround to accomplish this. Open up the TaskSequences.xml file. Search for the task sequence ID. Change that t… Read More
  • SMS 2003: Deploying apps from a network share You have software already on a network share and want to deploy it to everyone within the local network. You don't have to waste time and space, especially if it is an enormous application, by populating the distribution poi… Read More
  • Cleaning up old task sequences If you ever go into the Control folder of the deployment share, you will see every task sequence that has ever been created in there. They are listed by sub-folder names. MDT does not delete these when you delete a… Read More
  • Deploying Photoshop Elements 11 Deploying Photoshop Elements is different from the rest of the Adobe CS6 applications. The MSI file cannot be executed independently. The setup.exe file must be run. The setup.ini is the key to distributing the software in e… Read More

0 comments:

Post a Comment