How to Configure MSDTC to Use a Specific Port in Windows Server 2012/2012R2

How to Configure MSDTC to Use a Specific Port in Windows Server 2012/2012R2

  • Comments 5
  • Likes

My name is Steven Graves and I am a Senior Support Escalation Engineer on the Windows Core Team.  In this blog, I will discuss how to configure MSDTC to use a specific port on Windows Server 2012/2012R2 as this has slightly changed from the way it is configured in Windows Server 2008 R2 in order to prevent overlapping ports.  As a reference, here is the blog for Windows 2008 R2.

How to configure the MSDTC service to listen on a specific RPC server port
http://blogs.msdn.com/b/distributedservices/archive/2012/01/16/how-to-configure-the-msdtc-service-to-listen-on-a-specific-rpc-server-port.aspx

Scenario

There is a web server in a perimeter network and a standalone SQL Server (or Clustered SQL Server instance) on a backend production network and a firewall that separates the networks. MSDTC needs to be configured between the web server and backend SQL Server using a specific port in order to limit the ports opened on the firewall between the networks.

So as an example, we will configure MSDTC to use port 5000.

There are two things that need to be configured on the frontend web server to restrict the ports that MSDTC will use.

  • Configure the ports DCOM can use
  • Configure the specific port or ports for MSDTC to use

Steps

1. On the web server launch Dcomcnfg.exefrom the Run menu.

2. Expand Component Services, right click My Computer and select Properties

clip_image002

3. Select the Default Protocols tab

clip_image004

4. Click Properties button

clip_image006

5. Click Add

6. Type in the port range that is above the port MSDTC will use. In this case, I will use ports 5001-6000.

7. Click OK back to My Computer properties window and click OK.  Here is the key that is modified in the Registry for the ephemeral ports.

clip_image008

8. Start Regedt32.exe

9. Locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC

10. Right click the MSDTC key, select New and DWord (32-bit) Value

11. Type ServerTcpPort for the key name

12. Right click ServerTcpPort key and select Modify

13. Change radio button to Decimal and type 5000 in the value data, click OK.  This is how the registry key should look

clip_image010

14. Restart the MSDTC Service (if stand-alone) or take the MSDTC Resource offline/online in Failover Cluster Manager if clustered.

To confirm MSDTC is using the correct port:

  1. Open an Administrative command prompt and run Netstat –ano to get the port and the Process Identifier (PID)
  2. Start Task Manager and select Details tab
  3. Find MSDTC.exe and get the PID
  4. Review the output for the PID to show it is MSDTC

clip_image012

Now DTC will be using the port specified in the registry and no other processes will try to use the same port thus preventing an overlap of ports.

Steven Graves
Senior Support Escalation Engineer
Microsoft Core Support

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • nice information shared .... THANKS STEVEN !!!!

  • Aren't changes necessary on SQL Server SO?

  • Does port range for DCOM 5001-6000 need to be open on the firewall between web server and backend database server?

  • I'm a bit confused:
    In previous article related to SQL2008, it indicates to support OLE Transaction communication between machines, you should (1) allow bi-directional TCP traffic in your firewall on port 135 for the endpoint mapper, and (2) the single specific ServerTcpPort port instead of a port range like we did in earlier operating systems.

    However, this article indicates that it's necessary for Win2012 to configure an RPC range we did in earlier operating systems. http://support.microsoft.com/kb/250367
    •Configure the ports DCOM can use: Port 5001-6000
    •Configure the specific port or ports for MSDTC to use: Port 5000
    •And to support OLE Transaction communication between machines allow bi-directional TCP traffic in your firewall for the endpoint mapper: Port 135.

    So is it still necessary then for MSDTC on Windows 2012 to configure & open RPC bi-directional between client & server for RCP port range 5001-6000?
    Regards,

  • Thank you for information
    As programmer I need to configure MSDTC from my application installer or from the application itself
    Because of that I wrote a class library in C# to configure MSDTC grammatically.

    http://www.codeproject.com/Articles/729805/MSDTC-Manager

    hope sharing it will be usefull for some people.
    Thank you