Strange issues with MSDTC through firewall
Hi all,
I am having issues with the following scenario:
1) Two node symmetrical Microsoft SQL 2005 Server Cluster
2) Four application servers in the front-end (different subnet)
3) Four application servers in the back-end (same subnet as the DB Cluster)
I have a firewall protecting these two networks and limiting access trough these networks. So I have followed an article which gave me enough information to limit MSTDC to a port-range of 199 ports. I have allowed these ports to go trough the firewall and verified the connection between the MSDTC instance and Front-End & MSDTC instance and Back-end network using DTC PING application. Now the application can normally access from the same subnet (back-end application servers) but the application servers in the front-end cannot process some stuff which rely on MSDTC. I have limited the ports on all servers, restarted them, used DTC ping to verify the connection and it works. The firewall has the necessary firewall rules applied.
I am hoping to get an answer.
predrag
I am having issues with the following scenario:
1) Two node symmetrical Microsoft SQL 2005 Server Cluster
2) Four application servers in the front-end (different subnet)
3) Four application servers in the back-end (same subnet as the DB Cluster)
I have a firewall protecting these two networks and limiting access trough these networks. So I have followed an article which gave me enough information to limit MSTDC to a port-range of 199 ports. I have allowed these ports to go trough the firewall and verified the connection between the MSDTC instance and Front-End & MSDTC instance and Back-end network using DTC PING application. Now the application can normally access from the same subnet (back-end application servers) but the application servers in the front-end cannot process some stuff which rely on MSDTC. I have limited the ports on all servers, restarted them, used DTC ping to verify the connection and it works. The firewall has the necessary firewall rules applied.
I am hoping to get an answer.
predrag
ASKER
Hi,
The OS firewall is disabled. SQL and OS patches are up to date. I am still unable to get the data through DTC. I have enabled TCP135 through the firewall as well. I have opened all ports between the subnets and still the same issue is present.
predrag
The OS firewall is disabled. SQL and OS patches are up to date. I am still unable to get the data through DTC. I have enabled TCP135 through the firewall as well. I have opened all ports between the subnets and still the same issue is present.
predrag
>> The OS firewall is disabled
If Windows Firewall is disabled, then no need to exclude TCP ip port 135 and all..
And kindly confirm the following:
1. Ping both the servers
2. Telnet the servers by providing ports on which it listens like
telnet server_ip port_no
3. Connect to the other servers using SSMS.
If Windows Firewall is disabled, then no need to exclude TCP ip port 135 and all..
And kindly confirm the following:
1. Ping both the servers
2. Telnet the servers by providing ports on which it listens like
telnet server_ip port_no
3. Connect to the other servers using SSMS.
ASKER
Hi,
Sorry for the late response. The firewall is hardware based, not OS based. All necessary ports are allowed through the firewall. TCP 135 is allowed through the firewall as well. I still didn't manage to resolve this issue. Are there any other suggestions ?
predrag
Sorry for the late response. The firewall is hardware based, not OS based. All necessary ports are allowed through the firewall. TCP 135 is allowed through the firewall as well. I still didn't manage to resolve this issue. Are there any other suggestions ?
predrag
ASKER
Hi,
The issue was that MSDTC was sending back replies on TCP range 5000-5199. By allowing these ports from the backend to frontend everything worked fine.
The issue was that MSDTC was sending back replies on TCP range 5000-5199. By allowing these ports from the backend to frontend everything worked fine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help.
http://support.microsoft.com/kb/301600
http://support.microsoft.com/kb/817064
And do kindly check whether you are able to connect it when Firewall services are disabled once so that we can confirm whether it was Firewall related or not..
Also confirm whether your OS, SQL Server are all at their latest service packs..
SQL Server 2005 has one major MSDTC related fix in SP2 and hence I would recommend you to be at SP3 level..