SQL Server Distributed Transactions Over Untrusted Domains

We are having a problem with Distributed Transactions in SQL Server. We have two databases on two different machines. one is a client machine in domain DOMAIN1. and second is a standalone machine HOST external to our domain. Both machines are behind firewalls. When ever we start a distributed transaction we have following error:

Server: Msg 7391, Level 16, State 1, Line 1
The operation could not be performed because the OLE DB provider 'SQLOLEDB' was unable to begin a distributed transaction. [OLE/DB provider returned message: New transaction cannot enlist in the specified transaction coordinator. ] OLE DB error trace [OLE/DB Provider 'SQLOLEDB' ITransactionJoin::JoinTransaction returned 0x8004d00a].

HOST is running Windows Server 2003.
CLIENT is running Windows XP SP2.

DTC is running on both machines. All relevant ports 1433 TCP, 1434 UDP, 135 TCP  are open in both firewalls. We have tried almost all kind of workaround from Microsoft Support website. But nothing is working.

If we make HOST as part of our domain it works. but when HOST goes external to our domain. problem starts.

So looking for some solution.........................................

LVL 1
kolcorpAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
Advertise Here
 
Einstine98Connect With a Mentor Commented:
if there is a firewall between the two domains then you need to check with your system admin if they will allow the DNS ports to open...

the process is simple if you are using windows... right click on DNS servers (in the DNS MMC) add a new secondary zone and follow the steps.

an alternative would be to use each domain as a forwarding (forget the proper technical name for it) domain...

so,

in domain1

if a user is trying to resolve a name that is not within it's scope, it would simply forward the request to the other domain... and vice versa.
0
 
Einstine98Commented:
I had this problem once and it was
1. related to MSDTC network security in component services... did you try enabling that?
2. the firewall was blocking some ports
3. The DNS did not resolve to the right IP address

(trust me it was the three of them in one shot)... so double check all that...
0
 
kolcorpAuthor Commented:
hi,

1. MSDTC is enabled and configured properly through Component Services.

2. All relevant ports are opened on firewall.

3. Clients can resolve HOST IP. but HOST cannot. because HOST is not in same domain as clients are. Also we can install client application on any machine. so we cannot make such configuration each time on HOST for all new installations.

0
Build your data science skills into a career

Are you ready to take your data science career to the next step, or break into data science? With Springboard’s Data Science Career Track, you’ll master data science topics, have personalized career guidance, weekly calls with a data science expert, and a job guarantee.

Learn more
 
Einstine98Commented:
You have to get the host resolving back to the machine, if you trace the MSDTC (I forgot the utility that does this, but there is a utility from microsoft that would test MSDTC and list any errors)....

Basically both machines should be able to resolve each other... perhaps you can create a Secondary DNS zone on your DNS server for that domain...
0
 
Einstine98Commented:
0
 
kolcorpAuthor Commented:
Can you tell me steps of how can i create a DNS Zone?

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.