1

I'm trying to connect to a SQL Server instance from WSL2 (Arch Linux) with this command:

sqlcmd -S tcp:XX.XXX.XXX.XX\\stix -U service_stix -C

But I get:

Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : Login timeout expired. Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : MAX_PROVS: Error Locating Server/Instance Specified [xFFFFFFFF]. . Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online..

If try: nc -zv XX.XXX.XXX.XX 1433, I get: Connection to XX.XXX.XXX.XX 1433 port [tcp/ms-sql-s] succeeded!, and also:

➜  ~ telnet XX.XXX.XXX.XX 1433
Trying XX.XXX.XXX.XX...
Connected to XX.XXX.XXX.XX.
Escape character is '^]'.

In PowerShell: Test-NetConnection -ComputerName "XX.XXX.XXX.XX" -Port 1433, which yields:

ComputerName     : XX.XXX.XXX.XX
RemoteAddress    : XX.XXX.XXX.XX
RemotePort       : 1433
InterfaceAlias   : vnet-site2site
SourceAddress    : 172.SS.SS.S
TcpTestSucceeded : True

Issuing the same command: sqlcmd -S tcp:XX.XXX.XXX.XX\stix -U my_user -C in CMD/PowerShell, I`m able to connect to the instance:

PS C:\Users\Windows11> sqlcmd -S tcp:XX.XXX.XXX.XX\stix -U my_user -C
Password:
1>

Is it possible to connect to an SQL Server instance in WSL2, using a VPN?

SQL Browser service is definitely running, as I've said, I can access the database from Wndows with CMD (with SQLCMD) and a NodeJS application (like Prisma).

I think that I'm missing some configuration on Windows or WSL2 part.

One problem though: I can't access the database nor it's server directly to configure something specific, I would have to ask the DBA.

The VPN: VPN

To add context:

I'm trying to connect a NodeJS application (without Docker) within WSL2 (Arch Linux) with the following connection string structure:

DATABASE_URL=sqlserver://XX.XXX.XXX.XX\stix:1433;database=my-database;user=my_user;password=my_pass;integratedSecurity=false;trustServerCertificate=true;

But I receive an error from my healthcheck endpoint (using Prisma to make a simple query):

Invalid prisma.$queryRaw() invocation:

Error querying the database: Conversion error: SQL browser timeout during resolving instance stix. Please check if browser is running in port 1433 and does the instance exist.

Improve this question
6
  • 1
    Thanks for reposting over here. A few questions (and apologies if I'm missing information that's already there) -- You mention a VPN, but don't provide much info on that. Is the VPN running in Windows, WSL2, or both? It's odd that you can connect to the TCP port using nc (from WSL2) and Test-NetConnection (from PowerShell), but the sqlcmd only fails in WSL2. It's been far too long since I've used SQL Server to be of much use if it's something unique there. But I do so in the doc that sqlcmd -S tcp:172.x.x.x,1433 is an option. Any difference with that?
    – NotTheDr01ds
    Commented Sep 20, 2022 at 20:24
  • > You mention a VPN, but don't provide much info on that. What kind of info would you say it's missing? One thing I can think of, is that I'm using Azure-VPN-Client, with a VPN settings imported from a XML. The command that you mentoned yields: Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : Login failed for user 'my_user'.., but it's the same thing for CMD/PS, changing to: sqlcmd -S tcp:10.187.114.20\stix -U service_stix -C (w/wo tcp prefix), works as expected, trying this in WSL2 gives me the error described after "But I get..." in my question.
    – Rick Stanley
    Commented Sep 20, 2022 at 20:39
  • Since I'm in a Linux shell, escaping is necessary, so I'm issuing the command with: XX.XXX.XXX.XX\\my_instance, removing escape gives: Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : TCP Provider: Error code 0x2AF9. naturally
    – Rick Stanley
    Commented Sep 20, 2022 at 20:42
  • 1
    Is it possible to use WSL1? Its networking model usually works better with VPNs. You can wsl --export/--import a new version as WSL1. See the bottom of this answer for details on the conversion.
    – NotTheDr01ds
    Commented Sep 20, 2022 at 21:15
  • Nice! Changed to WSL1 and now it works! Thanks, if you want to leave an answer for this I'll accept. It's a shame that WSL2 isn't ready for this sort of thing, well, not that I'm aware of. I hope I won't miss much of WSL2.
    – Rick Stanley
    Commented Sep 20, 2022 at 22:52

1 Answer 1

Reset to default
1

If your application runs okay in WSL1, then it will often allow you to workaround VPN issues.

The problem with WSL2 and VPNs is that the WSL2 network is on a virtual Hyper-V switch and interface that is NAT'd behind the Windows host. The Windows network may route to the VPN, but the WSL2 network may not.

It sounds like some version of this might be what you are running into, but the fact that nc still works for you in WSL2 makes this not quite fit the "normal" VPN/WSL2 pattern.

Here are a few things to try for WSL2, though:

  • While this question is about Cisco AnyConnect, it might have some guidance. Specifically, this and maybe this. Changing the InterfaceMetric for the VPN adapter seems to be one of the best solutions I've seen, but I haven't been able to test it out myself. The first one is pretty simple, so I'd try it first.

  • In the comments, you asked for any known Github issues on this. There are two very popular ones (#5068 and #4277), but the fact that they have hundreds of comments makes them tough to sort through. The two suggestions mentioned above both come out of those issues, though.

  • I don't see a mention of which Windows version you are using, but if you have Windows 11 Pro or higher, there's a new, experimental WSL feature in the Preview release that allows you to create a bridged Hyper-V switch and tell WSL2 to use it. I don't know for sure that it would solve the VPN issue, but it's one of the next things (after the above) that I'd be trying. See this blog post for details.

    If you do go this route, you'll probably need to install and run the VPN software inside WSL2 as well.

Improve this answer
1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .