Disabling Deprecated feature sp_configure Remote access

-> We had an audit on the database servers. An auditor advise us that “Remote access” feature should be disabled due to below reasons,

[$] It is an obscure SQL Server to SQL Server communication feature that is deprecated feature. Please refer article for more details.

-> It was decided that we should disable it on our SQL Server instances. We disabled it using below code,

EXEC sp_configure 'remote access', 0 ;  
GO  
RECONFIGURE ;  
GO

OR

-> Right Click SQL Server Instance -> Properties -> Connections -> Uncheck “Allow remote connections to this server”,

-> Please note that a restart of SQL Services is required for the changes to take effect.

-> We faced below issues after disabling sp_configure ‘remote access’ on our SQL Server instances.

Log Shipping

-> Logshipping main functionality as a whole such as backup, copy and restore works fine without issues. But the reporting part utilizing SQL Server Management Studio “Transaction Log Shipping Status” report displays incorrect information.

-> LSAlert job on Monitor servers fails as it is not able to get upto date information from Primary and Standby Instances.

-> The issues related to SSMS “Transaction Log Shipping Status” report and LSAlert job seems to be due to the fact that it is not able to get proper data from Primary and Standby server as the linked server fails with below error,

Could not execute procedure on remote server ‘LOGSHIPLINK_JBSAG4_200666876’ because SQL Server is not configured for remote access. Ask your system administrator to reconfigure SQL Server to allow remote access.

-> ‘LOGSHIPLINK_JBSAG4_200666876’ is a System Linked server that is created as part of Logshipping. I dropped this linked server and recreated using sp_add_linkedserver and was able to see same behaviour. I tried this step on a test server.

-> I checked the trace further and understood that the linked server errors out when trying to run below command remotely,

select @linkcmd = quotename(sys.fn_MSgetlogshippingmoniterlinkname(upper(@monitor_server))) + N’.msdb.sys.sp_processlogshippingmonitorhistory’
exec @retcode = @linkcmd
                    @mode = @mode
                    ,@agent_id = @agent_id
                    ,@agent_type = @agent_type
                    ,@session_id = @session_id
                    ,@session_status = @session_status
                    ,@monitor_server = @monitor_server
                    ,@monitor_server_security_mode = 1
                    ,@database = @database
                    ,@log_time = @log_time
                    ,@log_time_utc = @log_time_utc
                    ,@message = @message

-> This is when I realized that the linked server utilizes RPC Out that is “Remote Procedure call” to execute above function remotely on Primary and DR to fetch the details. Linked servers with “RPC out” true will require Remote access to be turned on and this seems to be the root cause of our issue.

-> Linked Servers with RPC out set to false doesn’t have any issues and will function normally. But in our case, SSMS “Transaction Log Shipping Status” report and LSAlert job needs “RPC Out” set to true on Linked Servers to get the data remotely and display it as appropriate.

Linked Servers

-> The lab utilizes 2 database servers JBSAG1 and JBSAG2. Remote access option is disabled on both servers. A linked server for JBSAG2 is created on SQL Server Instance JBSAG1,

Remote Access

Linked server property

-> Querying a remote object Table1 using Linked server. It works fine,

-> Querying a remote View vw_table1 using Linked server. It works fine,

-> Querying a remote Stored procedure sp_table1 using Linked server. It returns an error that remote access option is required,

-> As a workaround, I will utilize “Execute AT” to execute remote Stored procedure sp_table1 using Linked server. It works,

Always On

I have setup a lab with 3 Always on replicas (2 in East US and 1 in Korea Central), testing was performed on the lab with Remote Access turned off,

[$] Create an Availability group.
[$] Drop an Availability group.
[$] Suspend and resume availability databases.
[$] Load the availability database and create issues such as HADR_SYNC_COMMIT, Redo latency, high log send queue etc.
[$] Check Always On dashboard several times.
[$] Failover and failback manually.
[$] Failover and failback automatically.

I did not see any issues on above scenario with remote access turned off. All above tests with remote access off were exhibiting same behavior as remote access on.

Summary

Discuss above points with your team and decide if things that will break as mentioned in this blog is required for your team and decide further.

In my case, many of our database servers has Logshipping and Linked servers configured. We had issues atleast on Logshipping as we make use of LSAlert and SSMS “Transaction Log Shipping Status” report day in and out. Hence, we provided this justification and left remote access on.

If there are any other features that make use of Remote Access which I have missed in my post. Please advise those in comment section.

Thank You,
Vivek Janakiraman

Disclaimer:
The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided “AS IS” with no warranties, and confers no rights.

Always ON – Max DOP for Secondary

Environment

-> JBSUB-PRIMARY and JBSUB-DR are Azure IaaS virtual machines provisioned on East US region.

-> Azure virtual machine JBSUB-PRIMARY and JBSUB-DR are part of Windows cluster JBSWikiClust without shared storage. Azure virtual machine JBSUB-PRIMARY and JBSUB-DR will be configured using Synchronous commit with automatic failover.

-> We had a requirement wherein MAXDOP value should be set to 1 in primary replica and MAXDOP value should be 0 on secondary replica.

-> The problem arises on above requirement when a failover is performed and the MAXDOP value for each of these 2 replicas are set at instance level. After the failover New primary will have MAXDOP as 0 and New Secondary with MAXDOP1 and this causes performance issues in our application.

-> Database option “Max DOP for Secondary” came to rescue, where in we were able to specify the MAXDOP value for Primary and secondary replica as below,

Primary Replica JBSUB-PRIMARY

select @@servername
go
sp_configure 'max degree of parallelism'

-> Then execute below user query,

select top 100000 * from [dbo].[Table3] a INNER JOIN Table2 b ON a.sno=a.sno 
order by b.sname

Secondary Replica JBSUB-DR using Read-Routing List

select @@servername
go
sp_configure 'max degree of parallelism'

-> Then execute below user query,

select top 100000 * from [dbo].[Table3] a INNER JOIN Table2 b ON a.sno=a.sno 
order by b.sname

Secondary Replica JBSUB-DR directly using SQL Server Instance

select @@servername
go
sp_configure 'max degree of parallelism'

-> Then execute below user query,

select top 100000 * from [dbo].[Table3] a INNER JOIN Table2 b ON a.sno=a.sno 
order by b.sname

Hope this help!!!

Thank You,
Vivek Janakiraman

Disclaimer:
The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided “AS IS” with no warranties, and confers no rights.

Configure Azure Load Balancer – Part5

Load Balancer Configuration – East US

-> Search for “Load Balancers” on Azure portal,

-> Basics Tab,

-> “Frontend IP Configuration” tab. Click “Add a frontend IP configuration”. This one will be utilized for the creating windows cluster,

-> Again, click “Add a frontend IP configuration”. This one will be utilized for Always On Listener,

-> “Backend Pools” Tab,

-> Click “Add” and select JBSAG1 and JBSAG2,

-> “Inbound Rules” Tab,

-> Click “Add a load balancing rule”,

-> Click “Create new” under “Health probe”,

-> Click “Add a load balancing rule”,

-> Click “Create new” under “Health probe”,

-> I will go with the default values for tabs “Outbound rules” and “Tags”. Click Create.

Load Balancer Configuration – West US

-> Search for “Load Balancers” on Azure portal,

-> Basics Tab,

-> “Frontend IP Configuration” tab. Click “Add a frontend IP configuration”. This one will be utilized for the creating windows cluster,

-> Again, click “Add a frontend IP configuration”. This one will be utilized for Always On Listener,

-> “Backend Pools” Tab,

-> Click “Add” and select JBSAG3,

-> “Inbound Rules” Tab,

-> Click “Add a load balancing rule”,

-> Click “Create new” under “Health probe”,

-> Click “Add a load balancing rule”,

-> Click “Create new” under “Health probe”,

-> I will go with the default values for tabs “Outbound rules” and “Tags”. Click Create.

More articles on this Series,

-> Always On Availability Group Configuration on Azure IaaS Virtual Machine utilizing Multi Subnet
-> Always On Availability Group Environment on Azure IaaS Virtual Machine Introduction – Part1
-> Configure appropriate Virtual Network and Subnet for Azure IaaS Virtual Machine – Part2
-> Deploy required Azure IaaS Virtual Machine – Part3
-> Configure Domain Controller and Windows Cluster on appropriate Azure IaaS Virtual Machine – Part4
-> Configure Always On Availability Group with Listener – Part6

Thank You,
Vivek Janakiraman

Disclaimer:
The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided “AS IS” with no warranties, and confers no rights.