Comment on page

Microsoft SQL Server

How to connect Microsoft SQL Server to Count

Click "Connect a database"
Enter your connection details
The MS SQL Server connection page
You'll need to know:
Host
Port
Database name
Username
Password
You'll need to make sure your firewall accepts requests from the following IP addresses:
34.107.75.117
35.198.189.90
35.234.110.177
Connections between Count and your database are encrypted by SSL (TLS). Your database must be configured to use SSL in order for Count to connect. 
For additional security, you may optionally provide the certificate authority, public client certificate and private client key (in PEM format). 
Connect
Once you hit Connect you will see your connection details including a full list of tables accessible with this connection. 
Use Projects to manage which users have access to which tables. 
Troubleshooting
If you're having trouble connecting, check the error message returned at the top of the Connection page against the table below for a possible fix.
Error code/snippet
Possible resolution
 -1, 2, 53
Check your Host and Port settings and that your database server is open to accept connections from the whitelisted Count IP addresses
3279, 13147
Password authentication failed; please check Username, Password, and Database name settings
297, 509, 4064, 4604, 6102, 9611
Check the Username with these credentials is authorised to connect to the database from the whitelisted Count IP addresses
Server does not support SSL connections
​
Self signed certificate
Check that your database server supports SSL connections. If your database server has self-signed certificates, does not support verifiable certificates, or your host is an IP address you may need to add the Certificate Authority or "trust" the incoming server certificate (see SSL certificate errors section below)
SSL certificate errors
If you see a connection error complaining about "self signed certificates", it's likely that there's an issue verifying the SSL certificates issued by your database server against the host parameter of your sever details. This can happen for several reasons
You are using manually created self signed certificates, in which case it's not possible to verify the identity of your server
The database server does support verifiable certificates (e.g. some Heroku systems)
The certificates are issued by the provider of your managed database server (e.g. Digital Ocean, GCP) and the host parameter is an IP address
If anyone of these is the case, the connection issue can usually be resolved either by 
downloading your database server Certificate Authority (CA) file, usually given in PEM format, and uploading to the "Advanced" section of the connection setup
or, activating the "Trust server certificate" in the "Advanced" section of the connection setup
Why don't I need to upload the CA when connecting to other products?
You may be wondering why you're able to connect automatically to clients such as mssql-cli or other web-based BI tools, but Count may require you to upload the CA certificate. 
In the Enable Encrypted Connections to the Database Engine section of the SQL Server documentation, it clarifies that

"The client must be able to verify the ownership of the certificate used by the server. If the client has the public key certificate of the certification authority that signed the server certificate, no further configuration is necessary. ... If the server certificate was signed by a public or private certification authority for which the client does not have the public key certificate, you must install the public key certificate of the certification authority that signed the server certificate."
If the server certificate was signed by a public or private CA, uploading the CA file manually to Count allows the communication to happen safely, ensure maximal protection against eavesdropping and MITM attacks.
What does "Trust server certificate" mean?
If you are unable to obtain a copy of your database CA (e.g. some Heroku systems), the only way to initiate encrypted communication with your database is to trust that the certificate sent by the server is correct (SSL mode "require"). This ensures full protection against eavesdropping, but not against MITM attacks. Count will only use this mode of communication if you activate the "Trust server certificate" in the "Advanced" section of the connection setup. 
You should consult your database administrator to confirm that this setting is appropriate for your system.
If another product is able to connect automatically without the above worrying about server certificates, it may be worth checking what SSL mode they are using for communication, and whether this is sufficient for your needs.
If you are having trouble connecting, reach out to us to schedule a help session

Snowflake

Next - Connect your data

Refresh database schema

Last modified 1mo ago

Error code/snippet	Possible resolution
-1, 2, 53	Check your Host and Port settings and that your database server is open to accept connections from the whitelisted Count IP addresses
3279, 13147	Password authentication failed; please check Username, Password, and Database name settings
297, 509, 4064, 4604, 6102, 9611	Check the Username with these credentials is authorised to connect to the database from the whitelisted Count IP addresses
Server does not support SSL connections Self signed certificate	Check that your database server supports SSL connections. If your database server has self-signed certificates, does not support verifiable certificates, or your host is an IP address you may need to add the Certificate Authority or "trust" the incoming server certificate (see SSL certificate errors section below)