Named Pipes and SQL Server

The Named Pipes protocol is an optional endpoint for SQL Server, i.e. it’s a possible connection method for clients. When enabled, it has an advantage – from a user’s point-of-view – over the default TCP/IP endpoint: it allows connections from outside a domain boundary. The TCP/IP endpoint doesn’t allow connections to a SQL Server instance unless the client is on the same domain as the server. For example, if the server is in another domain (without a domain trust) or on a workgroup server, SQL Server Management Studio presents:

SSMS connection error

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

As long as the credentials are available to the client, usually in the Credential Manager, Named Pipes can be used to bypass this problem. I presume – though it’s only a guess – that this is because the TCP/IP endpoint uses Kerberos, and Named Pipes is content with using NTLM.

Some clients allow Named Pipes to be selected manually; e.g. in versions of SQL Server Management Studio prior to 2016, the protocol can be selected in the connection dialog under Options > Connection Properties > Network protocol. Where the protocol can’t be manually selected, prepending np: to the connection string indicates that Named Pipes is to be used. This works in web.config connection strings, third-party applications and SQL Server Management Studio. For example, to connect to ServerA.domain.com with Named Pipes in SQL Server Management Studio, enter the server name as:

np:ServerA.domain.com

SSMS Named Pipes connection