What firewall rules are necessary for SQL Server Multi-Server Administration

Question

What firewall rules are necessary for SQL Server Multi-Server Administration? This is for an environment where database servers are in different 'zones', with all traffic blocked by default.

We've opened up SQL Server traffic (i.e. 1433/TCP and 1434/UDP) but it appears more is needed for Multi-Server Administration. Getting the error 'The RPC Server is unavailable' when attempting to add a new target server. Worked through the troubleshooting steps up through firewall rules at: http://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx

The list of SQL Server TCP and UDP Ports does not mention multi-server administration: http://sqlmag.com/sql-server/sql-server-tcp-and-udp-ports

Answer 1

From the link you had to sqlmag, there's a link to another Microsoft article detailing the ports in more details: "Configure the Windows Firewall to Allow SQL Server Access".

That article contains a section on RPC:

Special Considerations for Port 135

When you use RPC with TCP/IP or with UDP/IP as the transport, inbound ports are frequently dynamically assigned to system services as required; TCP/IP and UDP/IP ports that are larger than port 1024 are used. These are frequently informally referred to as "random RPC ports." In these cases, RPC clients rely on the RPC endpoint mapper to tell them which dynamic ports were assigned to the server. For some RPC-based services, you can configure a specific port instead of letting RPC assign one dynamically. You can also restrict the range of ports that RPC dynamically assigns to a small range, regardless of the service. Because port 135 is used for many services it is frequently attacked by malicious users. When opening port 135, consider restricting the scope of the firewall rule.

I hope this helps.