Documentation forSQL Sentry

SQL Sentry Performance Analysis Required Ports

Ports Between Targets and Monitoring Service

For Performance Analysis to properly monitor a target on the network, the following ports on the monitored target must be accessible to the SQL Sentry monitoring service machine(s):

SQL Server Access

tcp 1433 (or whatever port is used by SQL Server)

Azure SQL Database and SQL Data Warehouse

tcp 1433

Windows Performance Counter Access

tcp 445 (SMB, RPC/NP)

For WMI access:

tcp 135 (RPC)


one of these ranges:

tcp 49152-65535 (RPC dynamic ports -- Windows Vista, Windows Server 2008, or later versions)


tcp 1024-65535 (RPC dynamic ports -- for older OS versions such as Windows NT 4.0, Windows Server 2000, or Windows Server 2003)


a custom RPC dynamic port range (following)

The one that's difficult for firewalls are the RPC dynamic ports. WMI (or any other process that uses DCOM) connects to it initially using port 135, and the target responds with a dynamic port number for WMI to use for the rest of the session. This port can be in one of the ranges before that are quite large by default. 

Custom Range

To address this problem, specify a custom range for RPC dynamic ports. You may have already done this in your environment to enable networked DCOM access for other applications. Start no lower than port 50000, and allocate no fewer than 255 dynamic ports.

For example, on Server 2008 use the following command:

netsh int ipv4 set dynamicport tcp start=50000 num=255

You may need to reboot for the change to take effect. 

Additional Information

On other Windows versions, use DCOM config in Component Services or the registry. You need to reboot for the change to take effect. 

Additional Information: For more information, see the Configure RPC Dynamic Port Allocation article.

You also need to have your network administrator open to the same port range on the firewall between the SQL Sentry Server machine and any servers monitored with PA.

Ports Between SQL Sentry Database Server and Monitoring Service

The SQL Sentry monitoring service expects the SQL Sentry database server to listen for requests on port 1433 by default. It needs to be specified when using a different port number. You may also need to specify it when the SQL Server Browser Service on the SQL Sentry database server is offline or disabled.

SQL Sentry Client Connection Port

See the Advanced Properties of the Managing Connections article for information about changing the default port number when connecting to a SQL Sentry installation through the client.