Posted by: Denny Cherry
KB 250367, MS DTC, MSCS, RPC, SQL, Windows Server 2003
When Windows 2003 was released things got a bit different. All of a sudden DTC wasn’t working by default, and there wasn’t a whole lot of documentation around on how to get it working. The first thing to realise about DTC on Windows 2003 is that it isn’t completely installed by default. The basics of DTC are there, but network support isn’t enabled by default. What’s the point of that you ask? This will allow two applications installed on the same machine to use a single transaction, but that transaction isn’t going to be able to go between machines.
The first thing that we need to do is install the network half of DTC. We do this in Add/Remove Programs under the Add/Remove Windows Components button. When the Windows Components Wizard opens select Application Server and click Details. You’ll then want to check the “Enable network DTC access” check box.
After that, finish running through the wizard and network DTC will be installed. Don’t get to excited yet (Distributed transactions are exciting right?), we still need to configure DTC. To do this we need to open the Component Services MMC from the Administrative Tools menu.
From there, right click on My Computer and select properties and select the MSDTC tab. (If the network components aren’t install this tab usually won’t show up.) From the MSDTC tab select the Security Configuration button (bottom left). When the next screen opens all the check boxes will be unchecked. If you aren’t sure what you need to enable, simply check everything and select No Authentication Required. If you have setup a DTC Logon Account which is a network account on all machines then you can require authentication if you would prefer. If any of the machines which are going to be involved with the transaction are clustered via Microsoft Cluster Service you must setup all machines in the transaction to No Authentication Required. DTC when setup as part of a cluster does not support Authentication.
When deciding which Authentication to use, every machine in the transaction should have the same authentication settings. So if any machine is clustered all machines using DTC that talk to the cluster, or that talk to machines which talk to the cluster, etc will need to be setup for No Authentication Required.
From here simply click OK, then OK. It will prompt you that DTC needs to be restarted. Allow it to do so, and you will be all setup to use distributed transactions.
When configuring DTC on a cluster you only need to configure one node. This is because DTC is a cluster aware service so when you install DTC after setup clustering (or you setup clustering after installing DTC) the DTC service will already be setup as a clustered resource within the first cluster resource group created. When you configure DTC for network access on a cluster the settings are written to the Quorum drive as well as the system registry which allows both nodes to share the settings. If you have a cluster and you have to go through a firewall with DTC and have followed KB Article 250367 you will need to have more than 20 ports available to DTC. This is because when you configure the DCOM protocols to use specific ports you are configuring all of RPC to use those specific ports. This means that the cluster administrator needs to use these ports as does the Component Services window which monitors for distributed transactions. When dealing with a cluster it is recommended that you have at least 100 ports open between the machines within the transaction.
If you need to setup MS DTC to talk to another DTC coordinator then you will probably need to use the No Authentication Required setting unless they support the other options. Check with the vendor of the other coordinator to find out.
(These are the settings which you need no matter which version or edition of SQL Server you have installed.)