Given that I have the choice, is there a reason to prefer enabling the SQL Browser Service over using the default static port, or vice versa?
Here's the specific context:
We have little third-party app with a few clients that connect to a 2005 SQLExpress instance. This instance was configured to accept remote connections, but we kept having intermittent connection issues that would show up as "password mismatch" login failures, i.e.
Login failed for user 'AppSQLLogin'. [CLIENT: 10.x.x.x]
Error: 18456, Severity: 14, State: 8.)
I eventually figured out that it was using dynamic ports, and starting the SQL Browser Service has apparently resolved the login issue.
But since I don't have multiple instances running on that server, it seems to me that I could just set the named SQLExpresss instance to use the normal default port 1433 and stop the browser service. Assuming this is the case, are there any reason I should or shouldn't do this? Or put another way, should I not run the SQL Browser service unless I explicitly must? (it's not enabled on any of our other single default instance SQL servers).
I would say turn the browser off whenever you can and configure your instance to run on a static port. But I recommend using other port than 1433 (may be on the higher end). Check out this article on Best practices for using SQL Server browser service.
EDIT:
The Microsoft SQL Server 2005 Security Best Practices - Operational and Administrative Tasks whitepaper unequivocally says "For a more secure configuration, always use static TCP/IP port assignments and disable the SQL Server Browser service. "
Using static ports and disabling the browser gives 0 security. Is someone has broken into the server, they can either query the system to get the list of ports which are in use by looking in the application log, or by port scanning the server which takes all of 10-15 seconds.
Just turn on the browser and be done with it.
You don't want to use port 1433 because if you install a default instance it'll want to run on port 1433.