Open ports for MSDTC between web server and SQL Server

Hi,
We have a web server set up in the DMZ, and a DB serve set up in the corporate internal network, and port 1433 is already allowed for the SQL Server connections.

During the application set up from web server, we found it needs to send DTC transaction from web server to DB server, which are blocked by the firewall.

Now we try to restrict the DCOM ports range, and allow the range of ports through the firewall, but not sure how many ports should we allow, like 100, 200, or even more?
When end users access the web server, will each user process need a different port to communicate with the DB server for the DTC transactions? Or will all the processes on the web server just use one same port to send DTC transactions to the DB server?  My concern is if we limit the port range too narrow, will the user connections run out of ports and get failed?

Besides, we also added a key in the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\ (ServerTcpPort)", to set MSDTC to use a fixed port, is this a necessary thing to do?

Thanks so much!
Vivian_ShiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Raja Jegan RSQL Server DBA & Architect, EE Solution GuideCommented:
In order to send DTC transactions, SQL Server uses the MSDTC port 135 along with few other criteria in addition to the dynamic ports usage.
More details can be found below..
https://simpleverse.wordpress.com/2012/08/23/how-to-configure-ms-dtc-through-a-firewall/

To configure the dynamic ports better in firewall, kindly check the MS page below..
https://blogs.technet.microsoft.com/askcore/2014/04/29/how-to-configure-msdtc-to-use-a-specific-port-in-windows-server-20122012r2/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vivian_ShiAuthor Commented:
Thanks a lot! We have figured it out, we didn't open the Dcom port range.
Instead, only port 135 and the fixed port configured for MSDTC are needed to open bi-bidirectionally and all work good.
0
Raja Jegan RSQL Server DBA & Architect, EE Solution GuideCommented:
Thanks for update, kindly let me know for any more details..
0
Raja Jegan RSQL Server DBA & Architect, EE Solution GuideCommented:
Requesting auto close as the issue is resolved out..
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SQL

From novice to tech pro — start learning today.