How to configure DTC on Windows 2008

This post is specifically about setting up DTC on Windows 2008.  If you are looking for the post about setting up DTC on Windows 2003 you’ll want to go to the post “How to configure DTC on Windows 2003“.

The basic idea behind DTC setup in Windows 2008 is very similar to Windows 2003.  DTC needs to be installed and then configured.  To install DTC open the Control Panel, then Programs and Features.  Click on the link to the right which says .  Eventually the Server Manager will open and finish querying the system for the list of features and roles which are setup.  Click on Add Feature button and select Application Server from the Feature list (you may need to click next to get past the welcome to the wizard screen.  On the screen which tells you about the Application Server click next.  On the next page you can select the services which you be installed as part of this role.  Select the Incoming and/or Outgoing Remote Transactions depending on which one you need.  If SOAP will be used you may need the WS-Atomic Transactions installed.  If so select that as well.  (In this example I’ll check them all.)

Then click next.  If you have selected the WS-Atomic Transactions you’ll be presented with a page to select an SSL cert.  You can either select one, of create a self signed cert, or request one later from a CA.  I selected a self signed cert as I didn’t have one already installed.  Click next, then install.  If you didn’t install WS-Atomic Transactions the next screen will simply have the summary and install button.

It will take a while as Windows is going to install .NET 3.0 as part of this install.  Now is a good time for coffee or a smoke.

After installation is complete click close.

If you click the plus sign next to Roles in the right hand menu you can navigate down to Roles > Application Server > Component Services > Distributed Transaction Coordinator > Local DTC.

Right click on Local DTC and select properties, then select the security tab.  This tab looks very similar to the Windows 2003 one.

Check which ever boxes you need to in order to get the DTC setup to match the other servers in your environment.  Be sure to enable “Allow Remote Clients” or client machines won’t be able to access the DTC on this machine.  If you want to be able to remotely enable DTC from another machine you’ll need to check the “Allow Remote Administration”.  It’s been my experience that once DTC is setup and working remove administration probably isn’t that important so I’d say leave that unchecked and simply RDP into the server if it needs to be worked on.  Your screen will look something like this.

When you click OK DTC will prompt you to restart it.  Click yes (unless you want to schedule the restart for another time) and DTC will restart.  You can see the DTC events in the log by selecting the “Application Server” option from the menu on the left.  You are going to want the most recent event to look something like this.

MSDTC started with the following settings:
Security Configuration (OFF = 0 and ON = 1):
Allow Remote Administrator = 0,
Network Clients = 1,
Trasaction Manager Communication:
Allow Inbound Transactions = 1,
Allow Outbound Transactions = 1,
Transaction Internet Protocol (TIP) = 0,
Enable XA Transactions = 1,
MSDTC Communications Security = No Authentication Required,
Account = NT AUTHORITY\NetworkService,
Firewall Exclusion Detected = 0
Transaction Bridge Installed = 1
Filtering Duplicate Events = 1
(Yes, I’m aware of the spelling issues in the error message.  That’s a straight copy and paste from Windows 2008’s event log.)When configuring DTC on a cluster you only need to configure one node.  This is because DTC is a cluster aware service so when you install DTC after setup clustering (or you setup clustering after installing DTC) the DTC service will already be setup as a clustered resource within the first cluster resource group created.  When you configure DTC for network access on a cluster the settings are written to the Quorum drive as well as the system registry which allows both nodes to share the settings.  If you have a cluster and you have to go through a firewall with DTC and have followed KB Article 250367 (I’m sure there is a Windows 2008 version of this KB article somewhere, I just haven’t run across it yet) you will need to have more than 20 ports available to DTC.  This is because when you configure the DCOM protocols to use specific ports you are configuring all of RPC to use those specific ports.  This means that the cluster administrator needs to use these ports as does the Component Services window which monitors for distributed transactions.  When dealing with a cluster it is recommended that you have at least 100 ports open between the machines within the transaction. If you need to setup MS DTC to talk to another DTC coordinator then you will probably need to use the No Authentication Required setting unless they support the other options.  Check with the vendor of the other coordinator to find out.

(These are the settings which you need no matter which version or edition of SQL Server you have installed.)

Denny