Home Forums Router firewall

I'm using AC in an internal network with one computer as the server. I'm still using SQL 2005 with AC v 6.3.3. The ISP installed a new wireless modem/router and the client computers could no longer access the AC SQL server. I tried to configure the router's firewall by port forwarding 61067 to the server IP and adding an exception for the AC program. Nothing worked. Do I need to forward another port for the SQL server? What else is needed to use AC with the firewall on the latest routers?

I wonder whether it may have to do with your IP addresses. Are the clients looking for "server" or 192.168.0.2? Perhaps with the change in the router the new IP address is 192.168.0.8 and they are not finding the correct information.
Another possibility is the permissions. With a new system could come a new network. Make sure the network is considered to be private or work. recheck the sharing permissions on the AC folder as well as the permissions on the AC databases(R click/properties, "everyone" should be in with full control in permissions.)

If you're not comfortable with this, perhaps call AC help

Wendell is likely correct. First, the router's firewall is designed to keep outside traffic from accessing your network. You shouldn't need to do any port forwarding.

The router is likely also your DHCP server and is assigning IP addresses to all of your computers. This is probably a different subnet than before. If your network were set up correctly before, you would have had a static IP on "main computer" with the others receiving their IP configuration from the router.

I would go to any computer and bring up a command prompt: Start -> Run -> type "cmd" without the quotes. Then at the command prompt type: ipconfig /all

This will show you the network configuration for the client as well as for the server. If they are on different subnets and/or the DNS are not pointing to the server IP, you will likely have issues.

If you need to do anything with firewalls, it would be with the server and the clients. The best way to do this is not to add things such as computers and ports but to just turn them off and see if you can connect. If you can, then you KNOW it is the firewall, and you can make the changes.

If you do not wish to do it this way, you can turn DHCP off on the router, and set static IPs on the clients, but DHCP is always better.

Bert, from a security perspective, the opposite is true.

When I ran corporate IT, we ALWAYS disabled DHCP, and managed the entire IP space.

We ran a network monitoring script internally that emailed and alerted us as soon as a device started broadcasting for DHCP - it was a dead giveaway that an unauthorized device had been inserted into the network.

From looking at which switch seeing the traffic, we knew which floor/suite the intruder was located, and I always dispatched my 6'5" systems admin to hunt down the intruder.

He would enter conference rooms like a tornado. If I happened to be on the same floor when I got the alert, I'd swing by just to watch him in action. Priceless.

The original revenge of the nerds LOL

HRTDoc,

While it may be more secure, best practices dictates that you use DHCP, hopefully from a server.

Actually the same can be done with DHCP. You can reserve IP's outside of your broadcast range. It's probably a lot easier for your average user to see a device pop up in a router's web interface. It could also be scripted.

The pinpointing is at the switch level anyways so static vs dynamic doesn't matter.

Also, it's probably non-issue for most doctor's offices who would probably notice someone unplugging one of their computers to hook their own into a LAN jack. So, I'm with Bert on this one, DHCP all the way.

Thanks for the responses. I understand now that it was not the new router's firewall but something about the new network's settings on the computers. The computers were on when the new router was installed, and they could still access the database on the main machine until they were restarted and the new network dialog came up. I did make sure that they were work networks and the advanced sharing was set up properly. After that, the clients could then access the main computer and its files, but AC kept giving them the "cannot locate SQL database" message. Navigating to the main computer's .xml file just kept returning the same error message.

When I bridged the modem and put in an older router, the clients could again access the SQL database. I'd like to try again to get the system to work with the new router/modem.

All computers including the main computer are set to obtain IP address and DNS servers automatically. What network error could allow the computers to see and access the main computer on the network, including changing files, but not connect to its SQL database? If IP adresses or subnet masks are wrong in ipconfig--how do I fix them?

Do I need to give the main computer a static IP? I haven't done that before. How should I do it? Can I just make it's current IP address fixed in its TCP settings?

OK, looks like you have done some pretty good troubleshooting. Let's go through some steps to see if everything is set up correctly. This is the way I like to do it. It isn't necessarily correct or secure, lol. Once it is working, you can make it more secure if you wish.

It would be very helpful to know the name and model of the modem. It would also be helpful to know what OS you are using for the clients and main computer. Hopefully, no one is using the "main computer" but that is a topic for a different day.

1. The main computer should have a static IP. When it goes to renew its IP address, there is always the chance the DHCP server will change its IP. If you are connecting via the name, this shouldn't necessarily matter, but the first thing to do is make it static.
2. How to do: If you are using Windows 7 Pro (hopefully and not Home), then go to Control Panel | Network and Sharing Center. Select Local Area Connect or you can select Change adapter settings and left click on the NIC. Once open, select Properties | (may as well make sure speed is 1.0 Gbps) before selecting Properties | Select TCP/IPv4 | Change to Use the following IP address. Enter an IP address which is on the same subnet as the other computers such as 192.168.1.2 or 16.2 or 0.2 (whatever the 3rd octet is for your subnet. Since your router will almost always be x.1, I like x.2 for the server (main computer). Subnet 255.255.255.0 and the Default gateway should be the LAN side of your router (probably 192.168.1.1, or again, whatever the subnet is. Set the DNS for the IP address you entered above. Click OK, OK and Close
3. On the AC folder on main computer, set the following permissions to Everyone for Share with full access and for Security, use Everyone and set to full. OK. The share settings is Microsoft's preference. Sure Everyone for the permissions is not the most secure setting, but who cares for now. Keep it simple.
4. Personally, I don't like using a modem as a router/firewall. It is not likely the issue, but if you are going to use the new modem/router/firewall, I would change the settings so it is just the modem, then use a separate decent router/firewall. I also use a switch and now all of the clients are using just the switch to connect. If you do this, make sure the switch is a 1 Gbps switch and if you are going to purchase one, get a Cisco or Linksys or Netgear and spend the extra bucks to get a managed one. If you are thinking of VoIP down the road, get PoE. But, make sure it is managed. Just will make things easier down the road.
5. The main rule in troubleshooting is to reduce the issue to as few problem points, i.e. connect one computer directly to the main computer either using a small switch or crossover cable. A lot of the newer patch cables will allow you to use it directly. If you do this, you have a wired connection that eliminated the modem/router/firewall/switch, etc. Once that is working, you can go backwards to the actual setup.
6. It sounds to me since you can access the main computer and, hopefully, the AC folder, it is probably the .xml file itself. In the main computer, find the .xml file "AmazingCharts.xml" and open in a text file by changing the extension to .txt. Make sure the database path is set to the local path of Amazing Charts, so it may be >C:\Program Files (x86)\Amazing Charts\AmazingCharts.mdf< in bold. Make sure the last part of it is the actual Amazingcharts.mdf database. Just glance at the port to insure it is 61067.
7. When you open AC on the clients and browse to the .xml file, MAKE SURE, you are browsing to the main computer's .xml file and not to the local .xml file. Sometimes they aren't even in there. I remove them if they are. Also be sure, that SQL Server Express 2005 is only on the main computer. Of course, if you were browsing to SQL on a local client by mistake, you would be connecting.
8. When you first open an AC client on a client computer, when it gets to the login screen (if you can get there), right click on the fairly large white strip at the top where your Practice Name is, and it will show you the path it is using. You can change the path from there if you wish. You can also do this with AmazingUtilities.

So change the permissions, be sure the .xml file in AC on main computer is set to the path of AC folder and the AC database .mdf database. Double check the port number which will most likely be correct. Start with one computer only. If you need to, get a small four-port cheap switch and connect directly from one client to the main computer.

Given you can browse to the main server and change files, your network settings are likely correct. That really only leaves the .xml file and permissions. I would be on permissions. When you browse to the main computer, can you change files IN THE AC FOLDER? If not, it is a permissions issue on the AC folder.

Hope this helps.

See PM.

In the spirit of simplicity, turn off the firewalls on your main computer and the client you are testing. If it works, then turn on one firewall at a time..

Thanks Bert for all the ideas. They will help when I give it a shot again. The main computer runs Win 7 Pro, the clients are 7 Home. I don't intend to "upgrade" from Win 7, ever. Have you written up before why you think that someone should not be working on the main computer? There is only myself--working on the main computer--and 2 client computers. Only one of the clients is in frequent use. I have done it this way for 10 years--since I started with Amazing Charts in early 2005.

Permissions and Windows firewalls are not the problem since the clients can connect to the SQL server on the main computer with the SMC router, but could not with the ISP's new modem/router. One computer could connect with the new router for some reason but the others couldn't. The clients could change files in the AC folder on the main computer too. I think that the problem must be in some sort of subtle networking issue like addresses. I have used DHCP on the router and the names of the computers. I keep things as simple as possible unless I have a reason to do otherwise.

The wireless modem/router is made by Actiontec http://www.actiontec.com/217.html. (I don't want/need wireless but I share the network with someone who does.) I tried every way I could think of to plug the main computer and others into it--shutting off everything, turning everything back on, using a switch, plugging all computers into the router, etc. The router that works fine with AC is an older SMC Barricade model. I've read that I can access the new modem/router's firmware page, even though bridged, if I connect it directly to a computer with a fixed IP and then enter the router's IP address. I'm going to give that a try before physically reseting it to get it out of bridged mode.

Thanks for getting back. And, you are very clear and concise which is helpful and, obviously, knowledgeable about these things. Here are some thoughts. I feel a bit funny offering them since things seemed to work for quite a while with no issues.

I agree with your assessment about if everything can access SQL and AC chart that permissions are fine. I just try to never say never, so making it Everyone and Everyone for share and permissions just takes that out of the equation. Making sure all firewalls are off on the clients and main computer is helpful too. Can always turn back on.

I think the biggest thing you have going for you is that you are betting on a network issue and not blaming it on AC or whatever. A lot of people would.

I understand your not wanting to upgrade the Win 7 Homes. As long as the main computer is Pro, then you should be and are fine.

While we are on the subject (and again it has been working in the past), but why do you share the wireless network with someone else. I think wireless is bad enough without sharing and causing more bandwidth plus other issues. My recommendation would be to let him use the wireless and set up an entirely different network, hopefully wired, but even if wireless, it would seem more secure if you weren?t using the same network. I am sure you aren?t on the same subnet and it is separate, but still.

It is actually more difficult to troubleshoot peer to peer than a client/server domain setup. As you said, likely a subtle issue, but as my networking guru friend always says, DNS, DNS, DNS. I am sure you are doing this as you stated you are doing one step at a time, but I would just be sure you are doing this one step at a time. Just one computer, make sure it is using the same subnet, same gateway, etc. I know that all these things would affect connectivity in general, but just to be sure. I am not sure if this would make a difference but please check the AmazingCharts.xml file in the folder of the database and make sure it is fine.

Why do I recommend not using that computer? For many reasons. Ironically, I was just working with Dell on my server doing some firmware updates, and the last time it had been rebooted was 283 days ago for some reason. Updates or something. Not only is it going to be more powerful in every way, it just does one basic thing. It is the database server for AC. I never touch it. If you are using the Win 7 Pro, you are using the processor, you are risking viruses on the main computer, it will ultimately freeze for god knows what. It will ask you to update Adobe and Flash and Java and every other little thing. And, who knows, it may even have McAfee or Symantec as an A/V which can cause issues. Even MSE can see AC as malware. I would temporarily disconnect it.

Microsoft just put out a very large SQL Server 2005 SP2. I have purposely stayed away from it. I don?t know if it affects Express or not. But, if it does, and it was installed, who know?

Again, I would start from main computer back. I would purchase a $25 Netgear unmanaged switch and connect a patch cable from one computer to the switch to the main computer. Eliminate ALL of the other networking parts. If that works, work backwards.

One trick I did on my network, which is a little different is the following: (And, I know I will get yelled at on here, since my switch costs more than three Cisco routers so I could have used a VLAN). But, I wanted one network for my LAN and one network for wireless guest access. I took the input from the modem and connected it to a small switch, and then ran a cable to one Cisco router and then another to a separate Cisco router, therefore assuring completely separate networks. Ran both routers to switches and used them. While you certainly can use your routers as a switch, I just prefer to use the router as a router/firewall and then have a separate switch. This again, keeps things simple as the switch would not be used as your DHCP server.

In the end, it will be something simple. Always is. I also always suggest using Experts Exchange, www.experts-exchange.com. You will get comment after comment from worldwide experts who will respond to your troubleshooting steps. I didn?t even take much of a look at your Actiontek, but not only will Sandeep know it, but most of the experts who comment will know everything.

I think you are close. If you don?t figure it out, my suggestion is to PM or email Sandeep and have him remote in and fix it. That?s pretty much a given.

Good luck. Keep us posted. Networking issues can be frustrating. Make sure no IPs are the same. And, while DHCP is generally the way to go, as you won?t tend to get error sin settings, there is no reason you can?t do static.

Please do an ipconfig /all on EVERY computer (I guess there are only two, lol), and on the main computer, and copy to text files or directly to your post. This will be very helpful to those smarter than I on here.

Bert

It's possible that the server has a static address, on the private network 192.168..., with the clients on DHCP and the new router is assigning a private network of 10.1...

This happened to us when we changed ISPs.

So it's important to know what private network addresses the router is set to use.

So the very first thing I would do is set a machine to DHCP see what IP it gets assigned. Then you will know the private network addresses the router is set to use.

Good point. It all depends on DNS and other settings. This is why I have asked for ipconfig /all on every machine. This would help know about that. He seems rather savvy. He has also stated he can browse the server, etc.

Again, go backwards. Look at the network settings on the server, then make one client the same in static or reservation and go with that.

Personally, I think you have to stop sharing the router. The ISP can't be that expensive. If he can afford it, just tell the other guy he has to get his own.

If you can't figure it out, I can remote in to help you out. Just send me a PM.

Are you sure the problem isn't with permissions? Are you using the same account on all computers?