There are two strategies to open the required ports:
* Enable the (preconfigured) firewall rules for dynamic MSDTC ports
* Configure a fixed port for MSDTC and restrict customize the port range for RPC, and open those ports on the firewall
The latter should only be necessary if the customer's IT security policy requires it (e.g., if there's an external firewall that doesn't care much about the dynamic ports in your database server).
{{attention|Please make sure the firewall is configured correctly both on the client machine (e.g., the application server) and the host machine (e.g., the DB server).}}
{{hint|Restricting Cusotmizing the dynamic ports mostly makes sense on the DB server, but it might also be necessary on the client machine depending on the customer's IT security policy.}}
=== Default dynamic ports ===
* Or use Windows Firewall Advanced Settings, enabling the 3 Inbound and 1 Outbound Rules
=== Restricted Custom dynamic ports ===Here it is described how to configure a specific port for MSDTC and how to restrict customize the port range used by RPC:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/application-management/configure-dtc-to-work-through-firewalls
*** Add value: Name "UseInternetPorts", Type "REG_SZ", value "Y"
{{attention|If you use a restricted custom ports range, you have to create new rules to open that range specifically (inbound and outbound).}}
= Test-Dtc and DTCPing =