• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 927
  • Last Modified:

Strange issues with MSDTC through firewall

Hi all,

I am having issues with the following scenario:
1) Two node symmetrical Microsoft SQL 2005 Server Cluster
2) Four application servers in the front-end (different subnet)
3) Four application servers in the back-end (same subnet as the DB Cluster)

I have a firewall protecting these two networks and limiting access trough these networks. So I have followed an article which gave me enough information to limit MSTDC to a port-range of 199 ports. I have allowed these ports to go trough the firewall and verified the connection between the MSDTC instance and Front-End & MSDTC instance and Back-end network using DTC PING application. Now the application can normally access from the same subnet (back-end application servers) but the application servers in the front-end cannot process some stuff which rely on MSDTC. I have limited the ports on all servers, restarted them, used DTC ping to verify the connection and it works. The firewall has the necessary firewall rules applied.

I am hoping to get an answer.

predrag
0
predragpetrovic
Asked:
predragpetrovic
  • 4
  • 3
1 Solution
 
Raja Jegan RSQL Server DBA & ArchitectCommented:
Kindly check once that you have enabled MSDTC correctly in all servers as mentioned in

http://support.microsoft.com/kb/301600
http://support.microsoft.com/kb/817064

And do kindly check whether you are able to connect it when Firewall services are disabled once so that we can confirm whether it was Firewall related or not..

Also confirm whether your OS, SQL Server are all at their latest service packs..

SQL Server 2005 has one major MSDTC related fix in SP2 and hence I would recommend you to be at SP3 level..
0
 
predragpetrovicAuthor Commented:
Hi,

The OS firewall is disabled. SQL and OS patches are up to date. I am still unable to get the data through DTC. I have enabled TCP135 through the firewall as well. I have opened all ports between the subnets and still the same issue is present.

predrag
0
 
Raja Jegan RSQL Server DBA & ArchitectCommented:
>> The OS firewall is disabled

If Windows Firewall is disabled, then no need to exclude TCP ip port 135 and all..
And kindly confirm the following:

1. Ping both the servers
2. Telnet the servers by providing ports on which it listens like

telnet server_ip port_no

3. Connect to the other servers using SSMS.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
predragpetrovicAuthor Commented:
Hi,

Sorry for the late response. The firewall is hardware based, not OS based. All necessary ports are allowed through the firewall. TCP 135 is allowed through the firewall as well. I still didn't manage to resolve this issue. Are there any other suggestions ?

predrag
0
 
predragpetrovicAuthor Commented:
Hi,

The issue was that MSDTC was sending back replies on TCP range 5000-5199. By allowing these ports from the backend to frontend everything worked fine.
0
 
Raja Jegan RSQL Server DBA & ArchitectCommented:
If you configured your MSDTC to dynamic option, then it would listen in the range 5000 - 5199..
Else it would use the Default static port 135 itself..

And glad to see you get it resolved
0
 
predragpetrovicAuthor Commented:
Thanks for the help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now