locked
MSDTC Connection Failing (DMZ to Internal) RRS feed

  • Question

  • Hi,

    Current setup: Server 2012 (in DMZ) -> Firewall -> SQL 2012

    Currently I am having an issue with a MSDTC connection failing with the following error (when accessing through IE):

    The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn't have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02B)

    I assumed to begin with this was because of the firewall blocking ports, but as this is a test system I switched of all port blocking to confirm. Unfortunately it still doesn't work.

    I can ping by name both ways.

    DTCTester gives me the following output

    Executed: dtctester
    DSN:  TEST
    User Name: username
    Password: Password
    tablename= #dtc26270
    Creating Temp Table for Testing: #dtc26270
    Warning: No Columns in Result Set From Executing: 'create table #dtc26270 (ivalint)'
    Initializing DTC
    Beginning DTC Transaction
    Enlisting Connection in Transaction
    Error:
    SQLSTATE=25S12,Native error=0,msg='[Microsoft][SQL Server Native Client 11.0]The transaction has already been implicitly or explicitly committed or aborted
    '
    Error:
    SQLSTATE=24000,Native error=0,msg=[Microsoft][SQL Server Native Client 11.0]Invalid cursor state
    Typical Errors in DTC Output When
    a.  Firewall Has Ports Closed
    -OR-
    b.  Bad WINS/DNS entries
    -OR-
    c.  Misconfigured network
    -OR-
    d.  Misconfigured SQL Server machine that has multiple netcards.
    Aborting DTC Transaction
    Releasing DTC Interface Pointers
    Successfully Released pTransaction Pointer.

    DTCPing Succeeds without error. Hopefully someone out there can point me in the right direction.


    • Edited by PJW_79 Monday, March 3, 2014 1:13 PM
    Monday, March 3, 2014 1:13 PM

Answers

  • After around a month of working with Microsoft support on this issue they have concluded the following:

    The setup I am using Server 2012 with IIS role and RODC role installed will NOT work with DTC. They have confirmed that this is actually a bug in their code. It may or may not be resolved with a patch in future, just depends on Business cases for fixing the issue.

    My thanks to Microsoft Support for all the hours of testing they have done on this issue.

    • Marked as answer by PJW_79 Tuesday, May 13, 2014 8:07 AM
    Tuesday, May 13, 2014 8:07 AM

All replies

  • Hi,

    DTC also requires that you can resolve computer names by using NetBIOS or DNS. You can test whether NetBIOS can resolve the names by using the PING protocol and the server name. The client computer must be able to resolve the name of the server. Additionally, the server must be able to resolve the name of the client. If NetBIOS cannot resolve the names, you can add entries to the Lmhosts files on the computers.

    Maybe need to check all your node Windows Firewall settings,

    Control Panel -> System and Security -> Allow a program through Windows Firewall -> Allow Distributed Transaction Coordinator for your domain network.

    Disable all your AV soft and try again.

    More information:

    How to troubleshoot MS DTC firewall issues

    http://support.microsoft.com/default.aspx?scid=kb;en-us;306843

    Hope this helps.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

    • Marked as answer by Alex Lv Friday, March 14, 2014 9:43 AM
    • Unmarked as answer by PJW_79 Friday, March 14, 2014 9:45 AM
    • Marked as answer by Alex Lv Wednesday, March 19, 2014 2:24 AM
    • Unmarked as answer by PJW_79 Tuesday, May 13, 2014 8:02 AM
    Thursday, March 6, 2014 9:12 AM
  • Hi,

    Afraid I have already checked those things, wish it was that easy.

    The issue is to do with Authentication for DTC. If it is set to "No Authentication" it works fine, but we want to use Authentication so I have Microsoft support working on it. We've had a few long conversations with no luck as yet but as soon as I have the solution I will post it.

    Looks like most people I have seen with this issue, online, have just gone with switching off Mutual Authentication and leaving it at that.

    Cheers

    Friday, March 14, 2014 9:51 AM
  • After around a month of working with Microsoft support on this issue they have concluded the following:

    The setup I am using Server 2012 with IIS role and RODC role installed will NOT work with DTC. They have confirmed that this is actually a bug in their code. It may or may not be resolved with a patch in future, just depends on Business cases for fixing the issue.

    My thanks to Microsoft Support for all the hours of testing they have done on this issue.

    • Marked as answer by PJW_79 Tuesday, May 13, 2014 8:07 AM
    Tuesday, May 13, 2014 8:07 AM