Changes
The configuration is described here:
* [https://stackoverflow.com/questions/7694/how-do-i-enable-msdtc-on-sql-serverHow do I enable MSDTC on SQL Server (StackOverflow)]* [https://learn.microsoft.com/en-us/troubleshoot/windows-server/application-management/enable-network-dtc-access?source=recommendationsEnable Network DTC Access (learn.microsoft.com)]
* Open the "Component Services" console (typing that into the Windows start menu should find you the right app)
{{attention|There should be an existing enabled rule for this already, but the RPC port 135 must be opened.}}
There are two different strategies to open the required ports:* Enable the (preconfigured) firewall rules for dynamic MSDTC ports(recommended if possible)* Configure a fixed port for MSDTC and customize the port range for RPC, and open those ports on the firewall(only recommended if the IT security policy requires it)
{{attention|Please make sure the firewall is configured correctly both on the client machine (e.g., the application server) and the host machine (e.g., the DB server).}}
{{hint|Cusotmizing Customizing the dynamic ports mostly makes sense on the DB server, but it might also be necessary on the client machine depending on the customer's IT security policy.}}
=== Default dynamic ports ===
If you use the default dynamic ports, there are three different ways of adding the firewall rules to open them:
* Powershell: <source lang="winbatch">Enable-NetFirewallRule -DisplayGroup "Distributed Transaction Coordinator"</source>
* Netsh: <source lang="winbatch">netsh advfirewall firewall set rule group="Distributed Transaction Coordinator" new enable=yes</source>
* Or use Windows Firewall Advanced Settings, enabling UI: Enable the 3 Inbound and 1 Outbound Rules regarding the "Distributed Transaction Coordinator"* Windows Firewall: Add a rule allowing the program MSDTC inbound and outbound (the path usually is "C:\windows\system32\msdtc.exe")
=== Custom dynamic ports ===
Here it is described how to configure a specific port for MSDTC and how to customize the port range used by RPC:
* [https://learn.microsoft.com/en-us/troubleshoot/windows-server/application-management/configure-dtc-to-work-through-firewallsConfigure DTC to work through firewalls (learn.microsoft.com)]
Long story short, we have to add a couple of registry entries:
Here's a documentation about how to add firewall rules with the Powershell:
* [https://learn.microsoft.com/en-us/powershell/module/netsecurity/new-netfirewallrule?view=windowsserver2022-psPowershell New-NetFirewallRule (learn.microsoft.com)]
= Test-Dtc and DTCPing =
=== Test-Dtc ===
You can use the Powershell module (or cmdlet) "Test-Dtc" to check if everything was configured correctly:
* [https://learn.microsoft.com/en-us/powershell/module/msdtc/test-dtc?view=windowsserver2022-ps&source=recommendationsTest-Dtc (learn.microsoft.com)]
{{hint|For an end-to-end test, you have to open an inbound port for the resource manager service created by this (3002 by default, but you can specify a different one).}}
=== DTCPing ===
Also, the DTCPing tool can be applied to test the correct setup:
* [https://learn.microsoft.com/en-us/troubleshoot/windows-server/application-management/ms-dtc-connectivity-issues?source=recommendationsTrouble-shoot MSDTC connectivity issues (learn.microsoft.com)]
A good thing about this program is that it makes you notice to use the involved machine's names instead of IP addresses.
Here's a link to a detailed article describing how to trouble-shoot MSDTC issues using the DTCPing tool:
* [https://puneet-gupta.github.io/puneetgupta/2008/11/12/troubleshooting-msdtc-issues-with-the-dtcping-tool/Trouble-shooting MSDTC issues with DTCPing (puneet-gupta.github.io)]
{{hint|The DTCPing program has to run on both the host and the client machine.}}
