Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1091
  • Last Modified:

SQL Server Distributed Transactions Over Untrusted Domains

We are having a problem with Distributed Transactions in SQL Server. We have two databases on two different machines. one is a client machine in domain DOMAIN1. and second is a standalone machine HOST external to our domain. Both machines are behind firewalls. When ever we start a distributed transaction we have following error:

Server: Msg 7391, Level 16, State 1, Line 1
The operation could not be performed because the OLE DB provider 'SQLOLEDB' was unable to begin a distributed transaction. [OLE/DB provider returned message: New transaction cannot enlist in the specified transaction coordinator. ] OLE DB error trace [OLE/DB Provider 'SQLOLEDB' ITransactionJoin::JoinTransaction returned 0x8004d00a].

HOST is running Windows Server 2003.
CLIENT is running Windows XP SP2.

DTC is running on both machines. All relevant ports 1433 TCP, 1434 UDP, 135 TCP  are open in both firewalls. We have tried almost all kind of workaround from Microsoft Support website. But nothing is working.

If we make HOST as part of our domain it works. but when HOST goes external to our domain. problem starts.

So looking for some solution.........................................

0
kolcorp
Asked:
kolcorp
  • 4
  • 2
1 Solution
 
Einstine98Commented:
I had this problem once and it was
1. related to MSDTC network security in component services... did you try enabling that?
2. the firewall was blocking some ports
3. The DNS did not resolve to the right IP address

(trust me it was the three of them in one shot)... so double check all that...
0
 
kolcorpAuthor Commented:
hi,

1. MSDTC is enabled and configured properly through Component Services.

2. All relevant ports are opened on firewall.

3. Clients can resolve HOST IP. but HOST cannot. because HOST is not in same domain as clients are. Also we can install client application on any machine. so we cannot make such configuration each time on HOST for all new installations.

0
 
Einstine98Commented:
You have to get the host resolving back to the machine, if you trace the MSDTC (I forgot the utility that does this, but there is a utility from microsoft that would test MSDTC and list any errors)....

Basically both machines should be able to resolve each other... perhaps you can create a Secondary DNS zone on your DNS server for that domain...
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Einstine98Commented:
0
 
kolcorpAuthor Commented:
Can you tell me steps of how can i create a DNS Zone?

0
 
Einstine98Commented:
if there is a firewall between the two domains then you need to check with your system admin if they will allow the DNS ports to open...

the process is simple if you are using windows... right click on DNS servers (in the DNS MMC) add a new secondary zone and follow the steps.

an alternative would be to use each domain as a forwarding (forget the proper technical name for it) domain...

so,

in domain1

if a user is trying to resolve a name that is not within it's scope, it would simply forward the request to the other domain... and vice versa.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now