Enabling network DTC access fails on a Domain Controller server
For a personal lab I did a few days ago, I noticed a bug when trying to enable Microsoft Network Distributed Transaction Coordinator Access (Network DTC Access) on a server which is a Domain Controller.
I installed Windows Server 2003 on a machine and promoted the server to be a Domain Controller. As it was a lab, I re-used the same server to host SQL Server 2005 and wanted to enable Network DTC access.
I enabled Network DTC access and Network COM+ access doing the standard following procedure:
1. Open the Control Panel and open “Add or Remove Programs”. Once open, click “Add/Remove Windows Components”.
2. Once the Windows Components Wizard open, select “Application Server” and click on de “Details” button.
3. Select the check boxes in front of “Enable network COM+ access” and “Enable network DTC access”. Click “OK”
4. Back in the Windows Components Wizard window; click “Next” and then “Finish”.
Everything seemed to be fine and no error message was displayed. Nevertheless, warning messages could be seen in the Windows Event Log:
The main message saying:
“MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 3368
No Callstack,
CmdLine: C:\WINDOWS\system32\msdtc.exe”
Going back to the “Add/Remove Windows Components”, I could see that the Network COM+ access was enabled but Network DTC access was not, the check box was unselected:
I rebooted the machine, tried to enable Network DTC access again but it still did not work and the same error kept appearing in the Event Log.
I checked if MS DTC was running with the correct Windows Account as I read that sometimes MSDTC could be running under the Service Account “Local System” instead of “NT AUTHORITY\NetworkService” but MSDTC was running with the correct account:
Solutions:
(updated 27th of August 2007)
I found 2 solutions to solve this issue:
1. Un-install and re-install MS DTC manually using the following procedure:
- Open a command prompt.
- Stop the MSDTC Windows Service by running the command: net stop msdtc.
- Uninstall MSDTC by running the command: msdtc –uninstall.
- Delete the following registry hives out of the registry if they exist:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Msdtc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC
- Reboot the machine.
- Open the command prompt and run msdtc –install (this will recreate the MSDTC’s registry keys with proper value).
- Go to the “Add/Remove Windows Components” and enable Network DTC access.
2. Use the following trick.
- Start Administrative Tools -> Component Services.
- Navigate the tree view on the left to:
Console Root -> Component Services -> Computers -> My Computer
- Right click on "My Computer" and select Properties.
- Select the MSDTC Tab
- Under Transaction Configuration near the bottom, click "Security Configuration"
- On the Security Configuration screen, click "OK", don't change anything.
- Back on the My Computer Properties screen, click "OK" again.
- Right click on "My Computer" in the tree view and click on "Stop MS DTC"
- Right click on "My Computer" in the tree view and click on "Start MS DTC"
- Close the Component Services snap-in.
- Go to the “Add/Remove Windows Components” and enable Network DTC access.
Note that we haven't changed any settings! It works nevertheless meaning that something must have changed behind the scene.
Conclusion:
Using either of these solutions, MS DTC Network Access will be really enabled and no warning message signaling a problem will appear in the Windows Event Log anymore.
I installed Windows Server 2003 on a machine and promoted the server to be a Domain Controller. As it was a lab, I re-used the same server to host SQL Server 2005 and wanted to enable Network DTC access.
I enabled Network DTC access and Network COM+ access doing the standard following procedure:
1. Open the Control Panel and open “Add or Remove Programs”. Once open, click “Add/Remove Windows Components”.
2. Once the Windows Components Wizard open, select “Application Server” and click on de “Details” button.
3. Select the check boxes in front of “Enable network COM+ access” and “Enable network DTC access”. Click “OK”
4. Back in the Windows Components Wizard window; click “Next” and then “Finish”.
Everything seemed to be fine and no error message was displayed. Nevertheless, warning messages could be seen in the Windows Event Log:
The main message saying:“MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 3368
No Callstack,
CmdLine: C:\WINDOWS\system32\msdtc.exe”
Going back to the “Add/Remove Windows Components”, I could see that the Network COM+ access was enabled but Network DTC access was not, the check box was unselected:
I rebooted the machine, tried to enable Network DTC access again but it still did not work and the same error kept appearing in the Event Log.
I checked if MS DTC was running with the correct Windows Account as I read that sometimes MSDTC could be running under the Service Account “Local System” instead of “NT AUTHORITY\NetworkService” but MSDTC was running with the correct account:
Solutions:
(updated 27th of August 2007)
I found 2 solutions to solve this issue:
1. Un-install and re-install MS DTC manually using the following procedure:
- Open a command prompt.
- Stop the MSDTC Windows Service by running the command: net stop msdtc.
- Uninstall MSDTC by running the command: msdtc –uninstall.
- Delete the following registry hives out of the registry if they exist:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Msdtc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC
- Reboot the machine.
- Open the command prompt and run msdtc –install (this will recreate the MSDTC’s registry keys with proper value).
- Go to the “Add/Remove Windows Components” and enable Network DTC access.
2. Use the following trick.
- Start Administrative Tools -> Component Services.
- Navigate the tree view on the left to:
Console Root -> Component Services -> Computers -> My Computer
- Right click on "My Computer" and select Properties.
- Select the MSDTC Tab
- Under Transaction Configuration near the bottom, click "Security Configuration"
- On the Security Configuration screen, click "OK", don't change anything.
- Back on the My Computer Properties screen, click "OK" again.
- Right click on "My Computer" in the tree view and click on "Stop MS DTC"
- Right click on "My Computer" in the tree view and click on "Start MS DTC"
- Close the Component Services snap-in.
- Go to the “Add/Remove Windows Components” and enable Network DTC access.
Note that we haven't changed any settings! It works nevertheless meaning that something must have changed behind the scene.
Conclusion:
Using either of these solutions, MS DTC Network Access will be really enabled and no warning message signaling a problem will appear in the Windows Event Log anymore.
Labels: MS DTC
posted by Francois Malgreve at
11:45 PM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home