We recently released a custom app which requires the use of MS DTC. It’s a lengthy process to implement it and it took me a looong time to get it working (the first time).
Hope this helps:
Open Windows Firewall.
To open Windows Firewall, on the Start menu, click Control Panel. In Control Panel, do one of the following:
- Under Security, click Allow a program through Windows Firewall.
- If Control Panel is in Classic view, click Windows Firewall.
On the Exceptions tab, select the Distributed Transaction Coordinator check box.
To enable MSDTC on each Web server on Windows Server 2008
Click Start, click Run, type dcomcnfg and then click OK to open Component Services.
In the console tree, expand Component Services, expand Computers, expand My Computer, and then expand Distributed Transaction Coordinator.
Right click Local DTC, and click Properties to display the Local DTC Properties dialog box.
Click the Security tab.
In the Security Settings section, click Network DTC Access.
In the Client and Administration section, select Allow Remote Clients and Allow Remote Administration.
In the Transaction Manager Communication section, select Allow Inbound and Allow Outbound.
In the Transaction Manager Communication section, select Mutual Authentication Required (if all remote machines are running Windows Server 2003 SP1), select Incoming Caller Authentication Required(if running MSDTC in a cluster), or select No Authentication Required if some of the remote machines are pre-Windows Server 2003 SP1. No Authentication Required is the recommended selection.
Select Enable XA Transactions, and then click OK.
Repeat steps 1 through 9 on the other Web servers.
REBOOT BOTH THE SERVERS!
Troubleshooting with the DTCPing tool:
- Verify that the MS DTC service is started on both servers.
- If your server is running Windows NT 4.0, you must reapply Windows NT 4.0 Service Pack 6 (SP6) after you install Windows NT 4.0 Option Pack (NTOP). Review the file versions that are listed in the following table to verify that Windows NT 4.0 SP6 has been reapplied after the installation of the Windows NT 4.0 Option Pack:
File Name Version After You Install NTOP Version After You Reinstall SP6 Msdtcprx.dll 1997.11.532 1999.6.854.0 Msdtctm.dll 1997.11.532 1999.6.854.0 Xolehlp.dll 1997.11.532 1998.08.762
For more information about Windows NT 4.0 Option Pack installation, see the following Microsoft white paper:IIS 4.0 Recommended Installation Procedure
- Configure both servers so that MS DTC communication flows between the firewall. Follow these steps to control RPC dynamic port allocation.
Note You must follow these steps on both computers.
Note The firewall must be open in both directions for the specified ports.
- To start Registry Editor, click Start, click Run, type regedt32, and then click OK.
You must use the Regedt32.exe file instead of the Regedit.exe file. The Regedit.exe file does not support the REG_MULTI_SZ data type that is required for the Ports value.
- In Registry Editor, expand the following key:
- Click the RPC folder, and then click Add Key on the Edit menu.
- In the Add Key dialog box, type Internet in the Key Name box, and then click OK.
- Click the Internet folder, and then click Add Value on the Edit menu.
- In the Add Value dialog box, type Ports in the Value Name box.
- In the Data Type box, select REG_MULTI_SZ, and then click OK.
- In the Multi-String Editor dialog box, specify the port or ports that you want RPC to use for dynamic port allocation in the Data box, and then click OK.
Each string value that you type specifies either a single port or an inclusive range of ports. For example, to open port 5000, specify “5000”. To open port 5000 to port 5020 inclusive, specify “5000-5020”. You can specify multiple ports or ports ranges by specifying one port or port range per line. All ports must be in the range of 1024 to 65535. If any port is outside this range or if any string is invalid, RPC treats the whole configuration as invalid.
We recommend that you open ports from 5000 and higher, and that you open a minimum of 15 to 20 ports.
- Follow step e through step h to add another key. Use the following values:
- Value: PortsInternetAvailable
- Data type: REG_SZ
- Data: Y
This signifies that the ports that are listed under the Ports value are to be made Internet-available.
- Configure your firewall to allow for incoming access to the specified dynamic ports and to port 135 (the RPC Endpoint Mapper port).
- Restart the computer. After RPC restarts, it assigns incoming ports dynamically, based on the registry values that you have specified. For example, to open ports 5000 through 5020 inclusive, create the following named values:
- Ports : REG_MULTI-SZ : 5000-5020
- PortsInternetAvailable : REG_SZ : Y
- UseInternetPorts : REG_SZ : Y
DTC also requires that you can resolve computer names by using NetBIOS or DNS. You can test whether NetBIOS can resolve the names by using the PING protocol and the server name. The client computer must be able to resolve the name of the server. Additionally, the server must be able to resolve the name of the client. If NetBIOS cannot resolve the names, you can add entries to the Lmhosts files on the computers. For more information about how to configure TCP ports on Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:300083 How to restrict TCP/IP ports on Windows 2000 and Windows XP
- To start Registry Editor, click Start, click Run, type regedt32, and then click OK.
- If MS DTC still does not work through the firewall, download the DTCPing.exe tool, and install this tool on both servers involved.The following file is available for download from the Microsoft Download Center:
The DTCPing.exe file contains the following files:
Date Time Version Size Filename ---------------------------------------------------------- 29-Oct-2003 22:56 22.214.171.124 274,490 Dtcping.exe 15-Dec-2003 22:05 1,618 Eula.txt 24-Nov-2003 20:59 1,560 Machinea_failure.log 24-Nov-2003 20:21 1,901 Machinea_success.log 24-Nov-2003 20:55 999 Machineb_failure.log 24-Nov-2003 20:31 1,750 Machineb_success.log 24-Nov-2003 20:15 2,325 Readme.txt
Release Date: November 24, 2003
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
- Use the Readme.txt file that is included in the DTCPing.exe download to test Remote Procedure Call (RPC) and Distributed Transaction Coordinator (DTC) communication from Server1 to Server2. If this test is successful, run the test from Server2 to Server1.
Note that if RPC cannot flow in either direction, MS DTC communication fails in both directions. If RPC communication fails, the DTCPing window (on either server) displays this failure, which is also saved in the associated dtcping.log file. See the Readme.txt file for more information. If the test fails in either direction and the log indicates the failure is in RPC communication, continue to the next step. If the test fails in either direction and the log indicates the failure is in DTC communication, continue to step 9 below.
- If RPC has failed in at least one direction (for example, from Server1 to Server2), direct your firewall administrator to make sure that the Internet Control Message Protocol (ICMP) is open in both directions.
Note You can typically determine if RPC has failed by reading the dtcping.log file.
By default, ICMP is port1. You can verify this in your protocol file, which is located in the %windir%\WinNT\System32\Drivers\ folder. Ping Server2 by NetBios name from Server1. If the ping fails, continue to the next step. Otherwise, continue to step 8.
- Ping Server2 by IP address from Server1 to make sure that the correct port is open for a ping on the firewall. A Network Monitor trace can verify this. If the IP address ping succeeds and the NetBios name ping fails, there is a name resolution problem.
Note You can use the ipconfig /all command to retrieve the IP address or the IP addresses of a server.
A quick way to test name resolution is to make an entry in the Hosts file of the client server. This is the server on which the NetBios name ping fails. You can model your entry after the sample entry that is included in the file.
Note You must only make an entry in the Hosts file for troubleshooting purposes. If the new entry corrects the name resolution problem, remove the entry from the Hosts file, and make the entry you must in the DNS, the WINS server, or the LmHosts file.
Other solutions to name resolution problems exist, but they are outside the scope of this article.
- If pinging Server2 from Server1 by NetBios name fails, or if pinging Server2 from Server1 by NetBios name succeeds but the DTCPing test shows RPC communication still fails, it is possible that Port 135 (the End Point Mapper, or EPM) has not been opened bi-directionally on the firewall. Check the firewall to make sure that the EPM is open in both directions. At this point, a Network Monitor trace may help to pinpoint the problem.
- You only reach this step if the DTCPing test indicates RPC communication works in both directions. If DTCPing indicates no errors in either direction, then RPC and MS DTC communication is flowing properly.
- If DTCPing indicates that DTC communication has failed in at least one direction (for example, from Server1 to Server2), direct firewall administrators to verify that the ports are open that the developer specified when the developer went through the MS DTC configuration article (see step 3). Additionally, some rules may be applied to the firewall that prohibits RPC callbacks for either (or both) servers. A Network Monitor trace may help to troubleshoot this particular scenario.
- If DTCPing returns an error message similar to the following:
Unexpected: My session guid is same as partner’s guid
check whether the current server has been duplicated or cloned from the other server. If so, locate theHKEY_CLASSES_ROOT\CID key in the registry. Under this key, you may notice more than one GUID. Locate the GUID whose underlying Description key is MSDTC. Note that this GUID is also listed in the DTCPing output window. If the other server has a GUID that is exactly the same for MS DTC in its registry, you must create a new GUID for MS DTC in one of the registries. You can use GuidGen to do this.
After you add this new GUID, and also all of its underlying keys to HKEY_CLASSES_ROOT\CID, make sure to delete the old GUID that it is replacing.