Tim Elhajj

Off the Microsoft stack!

Workaround Error TF255049: Punching a hole through Windows Firewall


I was setting up a TFS server farm and I got this error when trying to connect to SQL Server.

I knew SQL Server 2012 was up and ready to take connections because I had just installed it and the original instance of TFS, but for some reason the TFS Add an AT wizard was unable to find the SQL Server. I suspect some default settings in Windows Server 2012, or possibly a change in group policy at my work.

To troubleshoot, I did exactly what it says to do in the error message. I checked that SQL Server was configured to allow remote connections, that TCP/IP was enabled, and I determined the port SQL Server was configured to use (port 1433, the default). All that stuff checked out.

The problem was Windows Firewall was blocking access to the port.

In the past, TFS added a local exception to Windows Firewall that allowed incoming connections, *if* SQL Server and TFS were installed on the same computer. I have that configuration, but I am still blocked (as you can see).

I thought it might be helpful to review how to open a hole through Windows Firewall for SQL Server in case anyone else is having this same problem. I ran into this setting up a TFS Farm, but you might run into it if your SQL Server installation for TFS spans multiple computers and you enabled Windows Firewall (as it comes by default).

You need to create an inbound rule in Windows Firewall for SQL Server traffic. Here is how I did it:

1) Type wf.msc in the run box (To get to run, type Start +X and click Run).

2) In Windows Firewall, create an inbound rule (Click Inbound Rules, New Rules).

3) In the inbound rules wizard, create a port rule.

4) Select the protocol and port. I’m trying to create a rule for SQL Servers Database Engine that I installed on the default instance, so I want the TCP protocol and port 1433. If you’re using a named instance, SQL Server uses a different port. Same goes if you’re trying to punch a hole for Analysis Services or Reporting Services. Both those services use different default ports and the ports can change based on the type of instance you use.

Here is a guide on Technet that offers the details of each port assignment based on the instance and service. If you need to determine what type instance was used, look in the Windows Server Services control panel for the associated windows service (SQL Server service for the Database Engine; Analysis or reporting services service for the report server.)

5) Allow the connection.

6) Select all the networks that apply.

7) Give the rule a name and you’re done.

Author: Tim Elhajj

Tim is probably walking his dog.

3 thoughts on “Workaround Error TF255049: Punching a hole through Windows Firewall

  1. Pingback: SQL Server 2012 Installation for Team Foundation Server | Tim Elhajj

  2. thank you so much for sharing, its save my days

  3. Pingback: نصب اِس کیو اِل سرور برای تیم فاندیشن سرور | سامان.ا.مشتاقی

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s