Which ports to open for DB Mirroring

Question

We have two physical servers on the different area protected by firewalls. We need to use DB Mirroring for our purpose. So which ports we need to open between two area for using MS SQL 2008 DB Mirroring?

Answer 1

It depends on the endpoint authentication type used. The DBM endpoint itself will use only one port, typically configured at 5022 (TCP). But DBM supports two types of authentication: WINDOWS and CERTIFICATE. If CERTIFICATE is used then the DBM port is enough. However when WINDOWS authentication is used then a Kerberos or NTLM handshake has to succeed between the two servers and these require their own ports, see How to configure a firewall for domains and trusts. Typically you'll need 135 (TCP) and 88 (TCP/UDP), sometimes 445. Again, these are not required if the DBM authentication is configured to use CERTIFICATE.

Answer 2

There is no default port used for MS SQL database mirroring. It's set by the administrator. So, discuss with your SQL admin and your Firewall admin and choose an appropriate port.

See here and here.

Specific quote from the first technet document,

Database Mirroring

Administrator chosen port. To determine the port, execute the following query:

SELECT name, protocol_desc, port, state_desc FROM sys.tcp_endpoints WHERE type_desc = 'DATABASE_MIRRORING'

There is no default port for Database mirroring however Books online examples use TCP port 7022. It is very important to avoid interrupting an in-use mirroring endpoint, especially in high-safety mode with automatic failover. Your firewall configuration must avoid breaking quorum. For more information, see Specifying a Server Network Address (Database Mirroring).

Answer 3

In addition to ports required for endpoints(usually 5022,5023), UDP 137 is also needed to be open at both side of mirror. This port is used for network discovery and netbios which is the essential part of mirroring endpoints to be able to talk to each other. Hope this helps.