SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Debugging MSDTC Issues

By Chris Kempster,

Recently we experienced a range of MSDTC errors on upgrading to Windows 2003, running separate web and database servers.  The DTC would run fine to Windows 2000 servers and locally (to itself), but no between Win2003 servers.  The following items summarize the checks made to finally resolve our issues.


NOTE - It is highly recommend that you reboot both servers between each DTC change and test thoroughly after.

Essential Utilities

Microsoft support tend to use three core utilities for debugging MSDTC transactions and associated errors:

1)  DTCPing - download from and documented at http://support.microsoft.com/default.aspx?scid=kb;en-us;306843
2)  DTCTester - download from and documented at http://support.microsoft.com/default.aspx?scid=kb;en-us;293799
3)  NetMon - found on Windows setup disks or resource kit

Check 1 - DTC Security Configuration

This is a mandatory check on both W2003 boxes if MSDTC service is intended to be used.  

In administrative tools, navigate down through Component Services -> Computers, and right-click on My Computer to get properties. There should be an MSDTC tab, with a "Security Configuration" button. Click on that, and make sure network transactions are enabled.

Check 2 - Enable network DTC access installed?

Navigate via the Control Panel and Add/Remove Programs, Add/Remove Windows Components, select Application Server and click details.  Ensure the Enable network DTC access is checked, verify if you also require COM+ access.

Check 3 - Firewall separates DB and Web Server?

MSDTC needs to establish a 2-way connection layered on MSRPC (in which dynamic ports allocation is used). Please follow 250367 to configure MSDTC over firewalls:  Q250367 http://support.microsoft.com/?id=250367, also refer to article  http://support.microsoft.com/?id=306843

On both DB server and Web server. Reboot is required.

Check 4 - Win 2003 only - Regression to Win 2000

Ensure checks 1 and 2 are complete before reviewing this scenario.  Once done, run through the following items as discussed on this support document:  http://support.microsoft.com/?kbid=555017

If you have success, add in/alter the following registry key, where 1 is ON:

HKLM\Software\Microsoft\MSDTC\FallbackToUnsecureRpcIfNecessary, DWORD, 0/1

Apply of all server involved in the DTC conversation. You need to restart the MSDTC service.

Check 5 - Win 2003 only - COM+ Default Component Security

New COM+ containers created in COM 1.5 (Windows 2003) will have the "enforce access checks for this application" enabled.

Uncheck this option is you are experiencing component access errors, or cannot instantiate object errors on previously running DLL's.  Upgraded operation systems and their containers will not have this option checked.

Also refer to MS support article http://support.microsoft.com/?id=810153


Microsoft Support Services.

Total article views: 19507 | Views in the last 30 days: 0
Related Articles

MSDTC in Windows 2008 server

MSDTC in Windows 2008 server


SQL2000 Cluster + Fulltext+ MSDTC

Cluster + MSDTC


SQL Server 2008 MS DTC


sql server 7