[Installation]: The post configuration script failed because cannot create certification and cannot run msdtc.exe RRS feed

  • Question

  • Hi,

    I have installed FS4SP, the prerequisite and installation tasks are completed.

    However, when I ran the post configuration, it failed. And in the error log, it stated that certification cannot created.

    I have done some researched and I found out that it's because the process msdtc.exe cannot execute.

    I ran this command under FASTSearch/bin "mstdcsetup.exe -admin"

    And I got this error "Error Unable to get a handle to the Transaction Manager on this machine. (8004d01b)"

    I found a link that talked about this problem which is ""

    Anyway, it did not work for me.

    Have anyone experienced about this problem and what is the solution?



    Wednesday, October 26, 2011 5:35 AM

All replies

  • Hi Andy,

    We've encountered something similar in a hardened environment recently with group policies in place and we had to give the "NETWORK SERVICE" "Full Control" rights as well as setting the options as per the screenshot in that post.

    Under System Services:

    1. Distributed Transaction Coordinator > Properties
    2. Check "Define this policy setting"
    3. "Edit Security…"  > "Add…" > NETWORK SERVICE > click "OK" > Under "Permissions" > Check "Full Control"

    Let me know if this is of any help to you.

    Mikael Svenson 

    Search Enthusiast - SharePoint MVP/WCF4/ASP.Net4
    Wednesday, October 26, 2011 7:18 AM
  • Hi Mikael,


    Thanks for your answer.

    I did as you said but I stuck at the "check Define this policy setting" because I didn't see that.


    I am in the group of Domain Admin and I am also the local admin.

    Why I could not see the "Define this policy setting"? 

    Any Ideas?




    Wednesday, October 26, 2011 8:35 AM
  • Sorry.. this is under Group Policy Management, forgot to write it.

    I've included a screenshot:


    Search Enthusiast - SharePoint MVP/WCF4/ASP.Net4
    Wednesday, October 26, 2011 8:57 AM
  • Hi Mikael,


    I have done what you suggested at the domain controller machine.

    But I still cannot run the mstdcsetup.exe -admin under FASTSearch/bin anyway. :(

    Do you have another clue? Do I need to restart anything?




    Wednesday, October 26, 2011 9:48 AM
  • And you have verified that the "Distributed Transaction Coordinator" service is running?

    Besides that I don't have any more help, as I've only encountered issues with the MSDTC in this one hardened environment.


    Search Enthusiast - SharePoint MVP/WCF4/ASP.Net4
    Wednesday, October 26, 2011 10:19 AM
  • Yes, I have run net stop and net start msdtc before I ran that command.

    So I believe that the service should be running at that time.


    Thanks for your help so far. Appreciated




    • Edited by Andy_Chan Wednesday, October 26, 2011 10:26 AM More info
    Wednesday, October 26, 2011 10:23 AM
  • Hi Mikael,


    I just noticed that my error is not the same with those error in the link.

    Actually, my error code is 0x8004D027 which I believe it is 

    0x8004D027 : MSDTC was unable to read its configuration information.


    Have you ever faced this?

    I have tried to disable GPO and grant the network service with full control for process MSDTC but the post configuration script still failed.

    I can give you the error post configuration log if you want.


    Appreciated your help so far.


    Monday, October 31, 2011 9:09 AM
  • Hi Mikael,


    I just make it works!!!

    It is the problem of MSDTC process is not successfully installed in the first place.

    So, I uninstall and reinstall it again based on this link

    After that, I can run post configuration successfully.


    Thanks for your help so far.



    Tuesday, November 1, 2011 7:02 AM
  • Hi Andy,

    Glad you got it resolved. Questions is, is there a good way to check if it was installed properly in the first place ;)


    Search Enthusiast - SharePoint MVP/WCF4/ASP.Net4
    Tuesday, November 1, 2011 7:35 AM
  • Hi Mikael,


    I think the easiest way is to use DTCping to troubleshoot the installation.


    The tool will inform you whether the DTC is install successfully or not. Moreover, it will troubleshoot other problems as well such as firewall, RPC port and etc...



    Tuesday, November 1, 2011 7:39 AM