MS SQL Requirements

Docs

DMC

MS SQL Requirements

DMC supports assessment of SQL Server instances for Azure migration readiness with the following requirements.

Supported SQL Server Versions

SQL Server Version	Support Details
SQL Server 2008 and above	Full support for migration readiness assessment
SQL Server 2008 R2	Full support for migration readiness assessment
SQL Server 2012	Full support for migration readiness assessment
SQL Server 2014	Full support for migration readiness assessment
SQL Server 2016	Full support for migration readiness assessment
SQL Server 2017	Full support for migration readiness assessment
SQL Server 2019	Full support for migration readiness assessment
SQL Server 2022	Full support for migration readiness assessment

Supported SQL Server Platforms

DMC supports assessment of SQL Server instances running on both Windows and Linux operating systems.

Platform	Authentication Methods Supported	Notes
SQL Server on Windows	Windows Integrated Authentication, SQL Server Authentication	Both authentication methods are fully supported
SQL Server on Linux	SQL Server Authentication only	Windows Integrated Authentication is not supported for SQL Server on Linux

SQL Server on Linux: SQL Server instances running on Linux can be discovered during infrastructure scans and assessed using DMC. However, only SQL Server Authentication is supported for SQL Server on Linux. Windows Integrated Authentication requires a Windows domain environment and is not available for SQL Server on Linux instances.

DMC System Requirements

.NET Runtime 8.0 or Above (Required)

Database Assessment requires .NET Runtime 8.0 or higher to be installed on the machine running DMC. The Database Assessment feature requires .NET Runtime version 8.0 or higher to function properly.

Required Before Use: Ensure .NET Runtime 8.0 or above is installed before attempting to use Database Assessment. If .NET Runtime is not detected, DMC will display a modal dialog when Database Assessment is selected, prompting you to install it.

Installation:

Download .NET Runtime 8.0 or later from the official .NET download page
Run the installer and follow the installation wizard
Restart DMC (or restart your computer if prompted) to ensure detection
Verify installation - DMC will automatically detect .NET Runtime when Database Assessment is selected

Version Compatibility: .NET Runtime 8.0, 9.0, or 10.0 (latest) all satisfy the requirement. The DMC UI download button will install the latest version (.NET 10.0), which is fully compatible.

If .NET Runtime is Not Detected

When selecting Database Assessment without .NET Runtime installed, DMC displays a modal dialog with:

Download .NET Runtime button - Downloads and opens the latest .NET Runtime installer
Retry button - Checks for .NET Runtime after installation
Cancel button - Allows manual installation

After installing .NET Runtime:

Click Retry in the modal to check for detection
If still not detected, restart DMC to refresh the detection
The modal will not appear once .NET Runtime 8.0+ is properly installed

Network Requirements

DMC requires network access to target SQL Server instances within the scope of assessment.

Source	Destination	Ports	Purpose
Jump Box	SQL Server Instances	1433 (TCP)	Default SQL Server port for database connections
Jump Box	SQL Server Browser	1434 (UDP)	SQL Server Browser service for named instance discovery

Dynamic Ports: If SQL Server instances use dynamic ports instead of the default port 1433, ensure the SQL Server Browser service is running and accessible on port 1434 (UDP) to enable instance discovery.

SQL Server Prerequisites

Remote Connections must be enabled on SQL Server instances to allow DMC to connect and assess databases.

Enable Remote Connections

Check Remote Access Configuration

Open SQL Server Management Studio (SSMS)
Connect to the SQL Server instance
Right-click the server instance → Properties
Navigate to Connections page
Verify Allow remote connections to this server is checked

Enable Remote Access via T-SQL

If remote connections are disabled, run the following command:

EXEC sp_configure 'remote access', 1;
RECONFIGURE;

Enable TCP/IP Protocol

TCP/IP must be enabled on SQL Server instances to allow remote connections.

Enable TCP/IP via SQL Server Configuration Manager

Open SQL Server Configuration Manager
Navigate to SQL Server Network Configuration → Protocols for [INSTANCE_NAME]
Right-click TCP/IP → Enable
Right-click TCP/IP → Properties
Navigate to IP Addresses tab
Ensure IPAll section has TCP Dynamic Ports or TCP Port configured
Click OK
Restart the SQL Server service for changes to take effect

Verify TCP/IP is Enabled

Run the following PowerShell command to verify TCP/IP is enabled:

Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\*\MSSQLServer\SuperSocketNetLib\Tcp" -Name Enabled

The value should be 1 if TCP/IP is enabled.

SQL Server Browser Service

The SQL Server Browser service must be running for named instance discovery and connection.

Start SQL Server Browser Service

Open Services (services.msc)
Locate SQL Server Browser service
Right-click → Properties
Set Startup type to Automatic
Click Start to start the service
Click OK

Start SQL Server Browser via PowerShell

Run the following command to start and configure SQL Server Browser:

Set-Service -Name SQLBrowser -StartupType Automatic
Start-Service -Name SQLBrowser

Verify SQL Server Browser is Running

Run the following command to verify the service is running:

Get-Service -Name SQLBrowser

The Status should show Running.

Important: The SQL Server Browser service is required for connecting to named instances. Without it, DMC cannot discover or connect to SQL Server instances that use named instances (e.g., SERVER\SQLEXPRESS).

Configure Firewall Rules

Firewall rules must be configured to allow SQL Server connections from the DMC jump box. Configuration steps differ based on the operating system hosting SQL Server.

Configure Windows Firewall for SQL Server on Windows

Run the following PowerShell commands as Administrator to configure firewall rules:

For Default Instance (Port 1433):

New-NetFirewallRule -DisplayName "SQL Server" -Direction Inbound -Protocol TCP -LocalPort 1433 -Action Allow

For SQL Server Browser (Port 1434):

New-NetFirewallRule -DisplayName "SQL Server Browser" -Direction Inbound -Protocol UDP -LocalPort 1434 -Action Allow

For Dynamic Ports (if using dynamic ports): If your SQL Server instance uses dynamic ports, you’ll need to allow the SQL Server Browser service to pass through the firewall, which is handled by the UDP 1434 rule above.

Configure Linux Firewall for SQL Server on Linux

For SQL Server instances running on Linux, configure firewall rules using the appropriate firewall management tool for your Linux distribution:

For firewalld (RHEL/CentOS/Fedora):

sudo firewall-cmd --permanent --add-port=1433/tcp
sudo firewall-cmd --permanent --add-port=1434/udp
sudo firewall-cmd --reload

For ufw (Ubuntu/Debian):

sudo ufw allow 1433/tcp
sudo ufw allow 1434/udp
sudo ufw reload

For iptables:

sudo iptables -A INPUT -p tcp --dport 1433 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 1434 -j ACCEPT

Dynamic Port Configuration: If SQL Server instances use dynamic ports, ensure the SQL Server Browser service is running and accessible. The browser service helps clients discover the correct port for each named instance.

Credential Requirements

DMC supports two authentication methods for SQL Server assessment:

Windows Integrated Authentication: Uses Windows domain or local accounts with impersonation
SQL Server Authentication: Uses SQL Server logins with credentials provided directly to SQL Server

Platform Support: Windows Integrated Authentication is only supported for SQL Server instances running on Windows. SQL Server instances running on Linux must use SQL Server Authentication.

The following sections outline the permissions and requirements for each method.

DMC Application Requirements

DMC must run as Administrator for all SQL Server assessment operations.

Critical: When using Windows Integrated Authentication, DMC requires Administrator privileges to impersonate the specified Windows user. For SQL Server Authentication, DMC runs as the current user and provides credentials directly to SQL Server (no impersonation required), but Administrator privileges are still required for assessment operations.

Standard Credential Requirements

For comprehensive SQL Server assessment, accounts with the sysadmin server role are recommended. This provides complete access to assess all databases, server configurations, and migration readiness factors.

Windows Integrated Authentication

Platform Limitation: Windows Integrated Authentication is only supported for SQL Server instances running on Windows. SQL Server instances running on Linux must use SQL Server Authentication.

Account	Required Permissions	Reason
Windows Domain Account	Member of `sysadmin` server role	Required to assess all databases, server configurations, and migration readiness factors across the entire SQL Server instance.
Windows Local Account	Member of `sysadmin` server role	Required for comprehensive assessment of SQL Server instances and databases.

Username Format:

Domain account: DOMAIN\username (e.g., CONTOSO\sqladmin)
Local account: .\username (e.g., .\Administrator)

Account Requirements: The Windows account used for authentication must exist on the machine running DMC. DMC impersonates the specified Windows user to authenticate to SQL Server, which requires the account to be available locally for impersonation.

SQL Server Authentication

SQL Server Authentication is supported and uses SQL Server logins (not Windows accounts). Credentials are provided directly to SQL Server, and DMC does not impersonate a Windows user.

Platform Support: SQL Server Authentication works for both SQL Server on Windows and SQL Server on Linux. This is the only authentication method supported for SQL Server instances running on Linux.

Account	Required Permissions	Reason
SQL Server Login	Member of `sysadmin` server role (recommended)	Required to assess all databases, server configurations, and migration readiness factors across the entire SQL Server instance.

Required SQL Server Permissions:

Standard (Recommended): sysadmin server role
Least Privilege: VIEW SERVER STATE, VIEW ANY DATABASE, CONNECT SQL (see Least Privilege Account Setup section below)

Username Format:

SQL Server login name only (no backslash, no domain prefix)
Examples: sa, sqluser, dmauser, migration_assessor

Prerequisites:

SQL Server must be configured for Mixed Mode Authentication (SQL Server and Windows Authentication mode)
A SQL Server login must exist with the required permissions
DMC must run as Administrator (required for assessment operations)

How SQL Server Authentication Works: With SQL Server Authentication, DMC provides credentials directly to SQL Server for validation. DMC does not impersonate a Windows user for SQL Server Authentication—the process runs as the current DMC user, and SQL Server validates the credentials directly. This means the SQL Server login account does not need to exist on the machine running DMC.

SQL Server Authentication Mode: SQL Server must be configured for Mixed Mode Authentication (SQL Server and Windows Authentication mode) to use SQL Server Authentication. This can be configured in SQL Server Management Studio under Server Properties → Security. See the Authentication Mode Configuration section below for detailed steps.

Grant sysadmin Role:

-- Grant sysadmin role to a SQL Server login
ALTER SERVER ROLE sysadmin ADD MEMBER [username];

-- Grant sysadmin role to a Windows account
ALTER SERVER ROLE sysadmin ADD MEMBER [DOMAIN\username];

Least Privilege Account Setup

If you prefer to use least-privilege accounts instead of sysadmin accounts, you can set up dedicated user accounts with specific permissions. This approach provides a more secure configuration while still allowing SQL Server assessment.

Assessment Permissions: The minimum permissions listed below allow DMC to connect to SQL Server and perform assessment operations. These permissions have been validated to allow DMC to assess SQL Server instances. The sysadmin role is recommended for the most comprehensive assessment results.

Minimum Required Permissions

For least-privilege SQL Server assessment, the following permissions are the minimum required:

Permission	Purpose
`VIEW SERVER STATE`	Allows viewing server-level state information and performance data required for assessment
`VIEW ANY DATABASE`	Enables assessment of all databases on the instance, including database metadata and configurations
`CONNECT SQL`	Required to establish connections to the SQL Server instance

Windows Integrated Authentication (Least Privilege)

For Windows accounts using least-privilege permissions:

Prerequisites:

The Windows account must exist on the machine running DMC (required for Windows impersonation)
SQL Server must allow Windows authentication
DMC must run as Administrator (required for Windows impersonation)

Required SQL Server Permissions:

-- Grant minimum permissions to a Windows domain account
USE master;
GRANT VIEW SERVER STATE TO [DOMAIN\username];
GRANT VIEW ANY DATABASE TO [DOMAIN\username];
GRANT CONNECT SQL TO [DOMAIN\username];

-- Grant minimum permissions to a Windows local account
USE master;
GRANT VIEW SERVER STATE TO [.\username];
GRANT VIEW ANY DATABASE TO [.\username];
GRANT CONNECT SQL TO [.\username];

Username Format:

Domain account: DOMAIN\username (e.g., CONTOSO\dmauser)
Local account: .\username (e.g., .\dmauser)

SQL Server Authentication (Least Privilege)

For SQL Server logins using least-privilege permissions:

Prerequisites:

SQL Server must be configured for Mixed Mode Authentication
A SQL Server login must be created with the minimum permissions listed below
DMC must run as Administrator (required for assessment operations)

No Windows Impersonation: With SQL Server Authentication, DMC does not impersonate a Windows user. Credentials are provided directly to SQL Server, and the assessment process runs as the current DMC user. The SQL Server login account does not need to exist on the machine running DMC.

Required SQL Server Permissions:

The following permissions are the minimum required for SQL Server Authentication with least-privilege access:

Permission	Purpose
`VIEW SERVER STATE`	Allows viewing server-level state information and performance data required for assessment
`VIEW ANY DATABASE`	Enables assessment of all databases on the instance, including database metadata and configurations
`CONNECT SQL`	Required to establish connections to the SQL Server instance

Grant Minimum Permissions:

-- Create SQL Server login (if it doesn't exist)
CREATE LOGIN [dmauser] WITH PASSWORD = 'StrongPassword123!';

-- Grant minimum permissions to SQL Server login
USE master;
GRANT VIEW SERVER STATE TO [dmauser];
GRANT VIEW ANY DATABASE TO [dmauser];
GRANT CONNECT SQL TO [dmauser];

Username Format:

SQL Server login name only (no backslash, no domain prefix)
Examples: dmauser, sql_assessor, migration_user

Database-Level Permissions: The minimum permissions listed above (VIEW SERVER STATE, VIEW ANY DATABASE, CONNECT SQL) are server-level permissions that apply to all databases on the instance. No additional database-level permissions are required for assessment.

Assessment Completeness Comparison

Permission Level	Assessment Coverage	Notes
sysadmin (Standard)	Complete assessment of all databases, server configurations, features, and migration readiness factors	Recommended for comprehensive assessment results
Least Privilege (`VIEW SERVER STATE`, `VIEW ANY DATABASE`, `CONNECT SQL`)	Minimum permissions required to connect and assess SQL Server instances	These permissions allow DMC to connect and perform assessment operations

Permission Selection: The minimum permissions listed above (VIEW SERVER STATE, VIEW ANY DATABASE, CONNECT SQL) are the minimum required to connect to SQL Server and perform assessment operations. These permissions have been validated to allow DMC to connect and assess SQL Server instances. The sysadmin role is recommended for the most comprehensive assessment results.

SQL Server Configuration Requirements

Authentication Mode Configuration

For SQL Server Authentication:

SQL Server must be configured to allow SQL Server authentication (Mixed Mode).

Configure Mixed Mode Authentication

Open SQL Server Management Studio
Connect to the SQL Server instance
Right-click the server instance → Properties
Navigate to Security page
Under Server authentication, select SQL Server and Windows Authentication mode
Click OK
Restart the SQL Server service for changes to take effect

Configure Mixed Mode via T-SQL

Run the following command to enable Mixed Mode authentication:

EXEC xp_instance_regwrite N'HKEY_LOCAL_MACHINE', 
    N'Software\Microsoft\MSSQLServer\MSSQLServer', 
    N'LoginMode', REG_DWORD, 2;

Then restart the SQL Server service.

Service Restart Required: Changing authentication mode requires restarting the SQL Server service. Plan for a maintenance window if changing authentication mode on production servers.

Connection Testing

Before running Database Assessment, verify connectivity to SQL Server instances.

Having connection or authentication issues? If you’re experiencing problems connecting to SQL Server instances or authenticating, see the Remediating Access Issues guide for detailed troubleshooting steps and solutions.

Test Network Connectivity

Test Port Connectivity:

Test-NetConnection -ComputerName SERVERNAME -Port 1433

Test SQL Server Browser:

Test-NetConnection -ComputerName SERVERNAME -Port 1434 -Udp

Test SQL Server Connection

Windows Integrated Authentication:

sqlcmd -S SERVERNAME\INSTANCENAME -E -Q "SELECT @@VERSION"

SQL Server Authentication:

sqlcmd -S SERVERNAME\INSTANCENAME -U username -P password -Q "SELECT @@VERSION"

Troubleshooting Common Issues

Issue: “Remote connections not allowed”

Solution:

Enable remote connections (see Enable Remote Connections above)
Verify TCP/IP is enabled
Check firewall rules allow port 1433 (TCP) and 1434 (UDP)
Ensure SQL Server Browser service is running (for named instances)

Issue: “SQL Server Browser service is not running”

Solution:

Start SQL Server Browser service (see SQL Server Browser Service above)
Set startup type to Automatic
Verify firewall allows UDP port 1434

Issue: “Login failed” or “Authentication failed”

For Windows Authentication:

Verify the Windows account exists on the machine running DMC
Ensure account has SQL Server permissions (sysadmin recommended)
Verify DMC is running as Administrator

For SQL Server Authentication:

Verify SQL Server is configured for Mixed Mode authentication
Test credentials using sqlcmd command
Ensure the SQL login has appropriate permissions

Issue: “Permission denied” or “Insufficient permissions”

Solution:

Verify account has sysadmin role (recommended) or minimum permissions:
- VIEW SERVER STATE
- VIEW ANY DATABASE
- CONNECT SQL

Grant additional permissions if needed:

ALTER SERVER ROLE sysadmin ADD MEMBER [username];

For detailed troubleshooting steps and solutions, see the Database Assessment documentation or Remediating Access Issues guide.