Debugging MSDTC Issues

,

Recently we experienced a range of MSDTC errors on upgrading to Windows 2003,

running separate web and database servers.  The DTC would run fine to

Windows 2000 servers and locally (to itself), but no between Win2003 servers. 

The following items summarize the checks made to finally resolve our issues.

www.chriskempster.com

NOTE - It is highly recommend that you reboot both servers between each DTC

change and test thoroughly after.

Essential Utilities

Microsoft support tend to use three core utilities for debugging MSDTC

transactions and associated errors:

1)  DTCPing - download from and documented at

http://support.microsoft.com/default.aspx?scid=kb;en-us;306843

2)  DTCTester - download from and documented at

http://support.microsoft.com/default.aspx?scid=kb;en-us;293799

3)  NetMon - found on Windows setup disks or resource kit

Check 1 - DTC Security Configuration

This is a mandatory check on both W2003 boxes if MSDTC service is intended to

be used.  

In administrative tools, navigate down through Component Services ->

Computers, and right-click on My Computer to get properties. There should be an

MSDTC tab, with a "Security Configuration" button. Click on that, and make sure

network transactions are enabled.

Check 2 - Enable network DTC access installed?

Navigate via the Control Panel and Add/Remove Programs, Add/Remove Windows

Components, select Application Server and click details.  Ensure the Enable

network DTC access is checked, verify if you also require COM+ access.

Check 3 - Firewall separates DB and Web Server?

MSDTC needs to establish a 2-way connection layered on MSRPC (in which

dynamic ports allocation is used). Please follow 250367 to configure MSDTC over

firewalls:  Q250367

http://support.microsoft.com/?id=250367, also refer to article 

http://support.microsoft.com/?id=306843

On both DB server and Web server. Reboot is required.

Check 4 - Win 2003 only - Regression to Win 2000

Ensure checks 1 and 2 are complete before reviewing this scenario.  Once

done, run through the following items as discussed on this support document: 

http://support.microsoft.com/?kbid=555017

If you have success, add in/alter the following registry key, where 1 is ON:

HKLM\Software\Microsoft\MSDTC\FallbackToUnsecureRpcIfNecessary, DWORD, 0/1

Apply of all server involved in the DTC conversation. You need to restart the

MSDTC service.

Check 5 - Win 2003 only - COM+ Default Component Security

New COM+ containers created in COM 1.5 (Windows 2003) will have the

"enforce access checks for this application" enabled.

Uncheck this option is you are experiencing component access errors, or

cannot instantiate object errors on previously running DLL's.  Upgraded

operation systems and their containers will not have this option checked.

Also refer to MS support article

http://support.microsoft.com/?id=810153

References

Microsoft Support Services.

Rate

Share

Share

Rate