MSCS

How to configure DTC on Windows 2008

This post is specifically about setting up DTC on Windows 2008.  If you are looking for the post about setting up DTC on Windows 2003 you’ll want to go to the post “How to configure DTC on Windows 2003“.

The basic idea behind DTC setup in Windows 2008 is very similar to Windows 2003.  DTC needs to be installed and then configured.  To install DTC open the Control Panel, then Programs and Features.  Click on the link to the right which says .  Eventually the Server Manager will open and finish querying the system for the list of features and roles which are setup.  Click on Add Feature button and select Application Server from the Feature list (you may need to click next to get past the welcome to the wizard screen.  On the screen which tells you about the Application Server click next.  On the next page you can select the services which you be installed as part of this role.  Select the Incoming and/or Outgoing Remote Transactions depending on which one you need.  If SOAP will be used you may need the WS-Atomic Transactions installed.  If so select that as well.  (In this example I’ll check them all.)

Then click next.  If you have selected the WS-Atomic Transactions you’ll be presented with a page to select an SSL cert.  You can either select one, of create a self signed cert, or request one later from a CA.  I selected a self signed cert as I didn’t have one already installed.  Click next, then install.  If you didn’t install WS-Atomic Transactions the next screen will simply have the summary and install button.

It will take a while as Windows is going to install .NET 3.0 as part of this install.  Now is a good time for coffee or a smoke.

After installation is complete click close.

If you click the plus sign next to Roles in the right hand menu you can navigate down to Roles > Application Server > Component Services > Distributed Transaction Coordinator > Local DTC.

Right click on Local DTC and select properties, then select the security tab.  This tab looks very similar to the Windows 2003 one.

Check which ever boxes you need to in order to get the DTC setup to match the other servers in your environment.  Be sure to enable “Allow Remote Clients” or client machines won’t be able to access the DTC on this machine.  If you want to be able to remotely enable DTC from another machine you’ll need to check the “Allow Remote Administration”.  It’s been my experience that once DTC is setup and working remove administration probably isn’t that important so I’d say leave that unchecked and simply RDP into the server if it needs to be worked on.  Your screen will look something like this.

When you click OK DTC will prompt you to restart it.  Click yes (unless you want to schedule the restart for another time) and DTC will restart.  You can see the DTC events in the log by selecting the “Application Server” option from the menu on the left.  You are going to want the most recent event to look something like this.

MSDTC started with the following settings:
Security Configuration (OFF = 0 and ON = 1):
Allow Remote Administrator = 0,
Network Clients = 1,
Trasaction Manager Communication:
Allow Inbound Transactions = 1,
Allow Outbound Transactions = 1,
Transaction Internet Protocol (TIP) = 0,
Enable XA Transactions = 1,
MSDTC Communications Security = No Authentication Required,
Account = NT AUTHORITY\NetworkService,
Firewall Exclusion Detected = 0
Transaction Bridge Installed = 1
Filtering Duplicate Events = 1
(Yes, I’m aware of the spelling issues in the error message.  That’s a straight copy and paste from Windows 2008’s event log.)When configuring DTC on a cluster you only need to configure one node.  This is because DTC is a cluster aware service so when you install DTC after setup clustering (or you setup clustering after installing DTC) the DTC service will already be setup as a clustered resource within the first cluster resource group created.  When you configure DTC for network access on a cluster the settings are written to the Quorum drive as well as the system registry which allows both nodes to share the settings.  If you have a cluster and you have to go through a firewall with DTC and have followed KB Article 250367 (I’m sure there is a Windows 2008 version of this KB article somewhere, I just haven’t run across it yet) you will need to have more than 20 ports available to DTC.  This is because when you configure the DCOM protocols to use specific ports you are configuring all of RPC to use those specific ports.  This means that the cluster administrator needs to use these ports as does the Component Services window which monitors for distributed transactions.  When dealing with a cluster it is recommended that you have at least 100 ports open between the machines within the transaction. If you need to setup MS DTC to talk to another DTC coordinator then you will probably need to use the No Authentication Required setting unless they support the other options.  Check with the vendor of the other coordinator to find out.

(These are the settings which you need no matter which version or edition of SQL Server you have installed.)

Denny

How to configure DTC on Windows 2003

Back in the Windows 2000 days, getting DTC to work was easy.  It was setup by default to work.  There wasn’t a whole lot of configuration which needed to be done to get it setup correctly.

When Windows 2003 was released things got a bit different.  All of a sudden DTC wasn’t working by default, and there wasn’t a whole lot of documentation around on how to get it working.  The first thing to realise about DTC on Windows 2003 is that it isn’t completely installed by default.  The basics of DTC are there, but network support isn’t enabled by default.  What’s the point of that you ask?  This will allow two applications installed on the same machine to use a single transaction, but that transaction isn’t going to be able to go between machines.

 The first thing that we need to do is install the network half of DTC.  We do this in Add/Remove Programs under the Add/Remove Windows Components button.  When the Windows Components Wizard opens select Application Server and click Details.  You’ll then want to check the “Enable network DTC access” check box.

After that, finish running through the wizard and network DTC will be installed.  Don’t get to excited yet (Distributed transactions are exciting right?), we still need to configure DTC.  To do this we need to open the Component Services MMC from the Administrative Tools menu.

From there, right click on My Computer and select properties and select the MSDTC tab. (If the network components aren’t install this tab usually won’t show up.)  From the MSDTC tab select the Security Configuration button (bottom left).  When the next screen opens all the check boxes will be unchecked.  If you aren’t sure what you need to enable, simply check everything and select No Authentication Required.  If you have setup a DTC Logon Account which is a network account on all machines then you can require authentication if you would prefer.  If any of the machines which are going to be involved with the transaction are clustered via Microsoft Cluster Service you must setup all machines in the transaction to No Authentication Required.  DTC when setup as part of a cluster does not support Authentication.

When deciding which Authentication to use, every machine in the transaction should have the same authentication settings.  So if any machine is clustered all machines using DTC that talk to the cluster, or that talk to machines which talk to the cluster, etc will need to be setup for No Authentication Required.

From here simply click OK, then OK.  It will prompt you that DTC needs to be restarted.  Allow it to do so, and you will be all setup to use distributed transactions.

When configuring DTC on a cluster you only need to configure one node.  This is because DTC is a cluster aware service so when you install DTC after setup clustering (or you setup clustering after installing DTC) the DTC service will already be setup as a clustered resource within the first cluster resource group created.  When you configure DTC for network access on a cluster the settings are written to the Quorum drive as well as the system registry which allows both nodes to share the settings.  If you have a cluster and you have to go through a firewall with DTC and have followed KB Article 250367 you will need to have more than 20 ports available to DTC.  This is because when you configure the DCOM protocols to use specific ports you are configuring all of RPC to use those specific ports.  This means that the cluster administrator needs to use these ports as does the Component Services window which monitors for distributed transactions.  When dealing with a cluster it is recommended that you have at least 100 ports open between the machines within the transaction.

If you need to setup MS DTC to talk to another DTC coordinator then you will probably need to use the No Authentication Required setting unless they support the other options.  Check with the vendor of the other coordinator to find out.

(These are the settings which you need no matter which version or edition of SQL Server you have installed.)

Denny

EMC World 2008 Day 2

Yesterday was an very busy day.  I didn’t have time to think, much less put together a post about it.  I hit every session which I was looking for including the always hard to get into Navisphere Manager Hands-on workshop.

The session I probably got the most out of was the session on what’s new in the FLARE version 26 which was released a few months ago.

FLARE 26 now supports Active/Active presentation of the LUNs.  What this means is that in the event of a fibre cut on either the front end or the back end the host machine (Server) will no longer need to trespass the LUN to the other SP.  The LUN can simply send the IO request to the other SP.  The non-preferred SP will then forward the request to the preferred SP automatically for completion.  Upon the preferred SPs connectivity coming back online the requests will then be sent to the preferred SP.  The newest version of PowerPath is required for this to work, or the native multipathing driver such as the Windows 2008 driver must support ALVA.

The support for supporting a broken connection between the host and the storage is from ALVA.  The support for handling the request when the connection is broken between the SP and the DAE is an EMC only extension of ALVA.

FLARE 26 also includes RAID 6 support.  When comparing RAID 6 with RAID 5 on the same system read performance will typically be better as the data is spread across all the drives in the RAID 6 array.  Unlike a lot of other systems the EMC CLARiiON array spreads the parity sectors of (RAID 5 and) RAID 6 across all the drives in the RAID Group.  So because there is an extra drive in the array a 4+2 RAID 6 RAID Group will give better read performance that a 4+1 RAID 5 RAID Group.  When doing a full strip write the write speed between a RAID 5 and RAID 6 array will be basically the same.  When doing smaller writes a RAID 5 array will have a faster write time than a RAID 6 array because RAID 6 has the extra parity to account for.  The rebuild times for rebuilding after a failed drive will be about the same between a RAID 5 and RAID 6 array which have suffered a single drive failure.  If the RAID 6 array has to recover from a dual drive failure it will take longer to recover than the single drive failure as the data must be recalculated from the two parity bits rather than from a single parity bit.  However the odds of a dual disk failure are slim. 

Just like with RAID 5 within the CLARiiON the RAID 6 supports the proactive hot spare.  This is where when the system sees that a drive is going to fail it will automatically copy the data from the failing disk to a hot spare and mark the disk as bad.  As the data does not have to be rebuilt this is a very quick operation.

FLARE 26 now supports a Security Administrator role.  Members of this role have no access to the storage settings it self.  They can only create accounts within the Array.

A very important change is that the SPs can now be setup to sync thier system time to a networked NTP time server.  This will force the time on the SPs to be the same.  Until now the times could end up getting a little off which could make tracking down event information very hard to do as the log entries would have different times on each SPs log file.

FLARE 26 now supports replication over the built-in iSCSI ports on the new CX3 line of systems.  This is a great change as before you had to use the iSCSI ports on a FC-IP switch to do this replication.  This includes SAN Copy, MirrorView, etc.

MirrorView /S should only be used for connections within ~100 miles as beyond that you start to get to much latency between the arrays.

Starting later this year (Q3 or so) there will be an extension to MirrorView /S called MirrorView /SE (Cluster Enabler) for Microsoft Cluster Service.  This will give you the ability to use CLARiiON to setup a geographically disbursed cluster.  In other words you can have servers in two different cities setup in a Windows Cluster.