Issue with Incoming Caller Authentication for MS DTC on Windows 2008 and Windows 2008 R2 Cluster-
Errors: Issues like,
a) Local transactions will get committed, but network transactions will be aborted.
b) MSDTC Trace when extracted using TraceFmt.exe (or msdtcvtr.bat) showing
eventid=RECEIVED_ABORT_REQUEST_FROM_BEGINNER
c) DTCPing giving RPC Errors (How to use DTCPing)
d) DTCTester giving errors like (How to use DTCTester)
SQLSTATE=25S12,Native error=-2147168242,msg='[Microsoft][ODBC SQL Server Driver] Distributed transaction error'
SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid cursor state
SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid cursor state
SQLSTATE=37000,Native error=8509,msg='[Microsoft][ODBC SQL Server Driver][SQL S
rver]Import of Microsoft Distributed Transaction Coordinator (MS DTC) transacti
n failed: 0x8004d00e(failed to retrieve text for this error. Reason: 15100).'
rver]Import of Microsoft Distributed Transaction Coordinator (MS DTC) transacti
n failed: 0x8004d00e(failed to retrieve text for this error. Reason: 15100).'
Fix1: Check Firewall
1) Check if Windows firewall is disabled, if you are using it, makesure that MSDTC is in exception list.
2) If the cluster node and the remote system accessing it are in different network and seperated with a fireall, then makesure that the MSDTC ports are enabled.
Ref:: http://www.lewisroberts.com/2009/08/16/msdtc-through-a-firewall-to-an-sql-cluster-with-rpc/
Ref:: http://www.lewisroberts.com/2009/08/16/msdtc-through-a-firewall-to-an-sql-cluster-with-rpc/
Fix2: NetBios names
Check if the remote host is able to ping SQL Cluster NetBios name, Node1 NetBios name and Node2 NetBios name. If not add NetBios name and IP address in C:\system32\drivers\etc\hosts file to enable it.
Sameway try to ping Remote Host NetBios name from Node1 and Node2, if not pinging, then make respective entries in C:\system32\drivers\etc\hosts file.
Fix3: Check if network DTC is enabled and Authentication mehod is set correct.
The MSDTC transaction mode must be set to either No Authentication Required or Incoming Caller Authentication Required to function correctly on a Windows Server cluster. Incoming Caller Authentication Required is the recommended option because this option is more secure.Fix3: Check if network DTC is enabled and Authentication mehod is set correct.
Open "Component Services" MMC, you can find this MSDTC instance on the left tree. Right click the clustered MSDTC instance and select "Properties", then check the following items.
Fix4: Check SQL Cluster Resources
1) Check MSDTC resource and makesure that the dependency is set to Cluster Group Name and MSDTC disk.
2) Open the Properties page for the Name resource which is consifured as a dependency on MSDTC in this case -the name CLUS1Dtc - and check Resource Display Name, here in the below mentioned example, it is MSDTC Network Name (Dev01). Same time the DNS Name is CLUS1Dtc.
3) To use Incoming Caller Authentication Required for MS DTC on a Windows 2008 or R2 cluster, the display name of the network name resource for MS DTC must be same as its DNS name.
4) The following command will change the display name of the server network name resource from MSDTC Network Name (Dev01) to CLUS1Dtc:
Cluster.exe res “MSDTC Network Name (Dev01)” /ren:CLUS1Dtc
5) Check properties again and confim the name change.
6) Restart the cluster group and test MSDTC transactions again....
6) Restart the cluster group and test MSDTC transactions again....
----------------------------------------
R Hari
No comments:
Post a Comment