This project has moved and is read-only. For the latest updates, please go here.

Previous Setup MSDTC CID Manual Configuration Setup MSDTC Cluster Next

Setup MSDTC Network Access

FineBuild can configure MSDTC network access.

If it is required for SQL Server to perform two-phase commit operations with processes that run on a different logical server, then MSDTC network access must be enabled.

For many installations it is not necessary to enable MSDTC network access. However, if MSDTC is being clustered then MSDTC network access must be enabled.

FineBuild MSDTC Network Access configuration

The MSDTC Network Access configuration relates to Process Id 2ACB and is controlled by the parameters below:

Parameter Build SQL2005 SQL2008 SQL2008 R2 SQL2012 SQL2014 SQL2016 SQL2017
SetupDTCNetAccess FULL Yes Yes Yes Yes Yes Yes Yes
SetupDTCNetAccess WORKSTATION Yes Yes Yes Yes Yes Yes Yes
SetupDTCNetAccess CLIENT N/A N/A N/A N/A N/A N/A N/A

The MSDTC Network Access processing will always be performed if the /SetupDTCCluster parameter is set to YES. For Windows 2008 and above this is performed for both the non-clustered and clustered instances of MSDTC. For Windows 2003, this is only performed for the clustered instance of MSDTC.
FineBuild also uses the following parameters to help configure MSDTC Cluster:
Parameter Default Description
TCPPortDTC 13300 Base port number for MSDTC

The SQL FineBuild processing for Setup MSDTC Network Access consists of the following items:
Configure MSDTC Network Access
Configure MSDTC Port and Firewall Access
Top

Manual MSDTC Network Access configuration

The following steps show what you would have to do for manual MSDTC Network Access configuration. FineBuild does all of this work for you automatically.

Configure MSDTC Network Access

1) Start Component Services manager (Click Start, then Run, and type comexp.msc). Navigate to My Computer then right-click and select Properties.
CompServices.png
2) On the MSDTC tab, click on Security Configuration.
Properties.png
3) Set the following options, then click OK to continue.
For details of why this is done see KB817064.
Network DTC Access Checked
Allow Inbound Checked
Allow Outbound Checked
Mutual Authentication Required Select only if you are not installing a MSDTC cluster
Incoming Caller Authentication Required Select only if you are installing a MSDTC cluster

Security.png
4) Click Yes to continue.
Restart.png
5) Click OK to continue, then click OK to close the My Computer Properties window.
Complete.png

Configure MSDTC Port and Firewall Access

MSDTC must be assigned a TCP Port for Network Access, and that port must be given a Firewall exemption.

The following substitutions should be made if the strings appear in the commands below:
String Value
PortId Value for MSDTC Port
HighPort PortId value + 200

1) Run the following command to show all the ports currently in use on the server:
NETSTAT -an

2) If the port given in the /TCPPortDTC: parameter is not in use, then that port can be used for MSDTC. If it is in use then keep adding 1 (one) to the base port number until you identify a port number that is not in use.

3) If you are using Windows 2008 R2 or above then run the following command to set up the Firewall port exemption:
NETSH ADVFIREWALL FIREWALL ADD RULE 
  NAME="Distributed Transaction Coordinator Local (Port)" 
  LOCALPORT=PortId PROTOCOL=TCP ACTION=ALLOW PROFILE=DOMAIN DIR=IN

4) If you are using Windows 2008 R2 or above set the following registry key:
HKLM\SOFTWARE\Microsoft\MSDTC\ServerTcpPort=PortId

5) If you are using Windows 2008 or below set the following registry keys:
HKLM\SOFTWARE\Microsoft\Rpc\Internet\Ports="PortId-HighPort"
HKLM\SOFTWARE\Microsoft\Rpc\Internet\PortsInternetAvailable="Y"
HKLM\SOFTWARE\Microsoft\Rpc\Internet\UseInternetPorts="Y"


Copyright FineBuild Team © 2012 - 2017. License and Acknowledgements
Previous Setup MSDTC CID Top Setup MSDTC Cluster Next

Last edited Mar 20 at 2:56 PM by EdVassie, version 6