TCP 5022
Synopsis
- Microsoft SQL Server uses TCP port 5022 as the default Database Mirroring endpoint.
- SQL Server Always On Availability Groups (AGs) reuse this mirroring endpoint, so replicas commonly listen/connect on TCP 5022 for replica-to-replica data movement and session communication.
- Real-world deployments include SQL Server 2012–2022 clusters where admins configure endpoints like “CREATE ENDPOINT … FOR DATABASE_MIRRORING (LISTENER_PORT = 5022)” on each node.
- It’s common to see on‑prem Windows Server Failover Clustering or Azure/VM-based AGs with firewall rules allowing TCP 5022 between primary and secondary replicas.
- When exposed to the internet, this port can be probed by attackers to identify SQL Server mirroring/AG endpoints, so it should be restricted to internal networks.
Observed activity
Last 30 days
Detailed chart