Setup MSDTC Network Access - SQL-FineBuild/Common GitHub Wiki

Previous Setup MSDTC CID	Manual Configuration	Setup MSDTC Cluster Next

FineBuild can configure MSDTC network access.

If it is required for SQL Server to perform two-phase commit operations with processes that run on a different logical server, then MSDTC network access must be enabled.

For many installations it is not necessary to enable MSDTC network access. However, if MSDTC is being clustered then MSDTC network access must be enabled.

FineBuild MSDTC Network Access configuration

The MSDTC Network Access configuration relates to Process Id 2ACC and is controlled by the parameters below:

SQL Version	Parameter	FULL Build	WORKSTATION Build	CLIENT Build
SQL2019	/SetupDTCNetAccess:	Yes	Yes	N/A
SQL2017	/SetupDTCNetAccess:	Yes	Yes	N/A
SQL2016	/SetupDTCNetAccess:	Yes	Yes	N/A
SQL2014	/SetupDTCNetAccess:	Yes	Yes	N/A
SQL2012	/SetupDTCNetAccess:	Yes	Yes	N/A
SQL2008R2	/SetupDTCNetAccess:	Yes	Yes	N/A
SQL2008	/SetupDTCNetAccess:	Yes	Yes	N/A
SQL2005	/SetupDTCNetAccess:	Yes	Yes	N/A

The MSDTC Network Access processing will always be performed if the /SetupDTCCluster: parameter is set to YES. For Windows 2008 and above this is performed for both the non-clustered and clustered instances of MSDTC. For Windows 2003, this is only performed for the clustered instance of MSDTC.

FineBuild also uses the following parameters to help configure MSDTC Cluster:

Parameter	Default	Description
/TCPPortDTC:	13300	Base port number for MSDTC

The SQL FineBuild processing for Setup MSDTC Network Access consists of the following items:

Configure MSDTC Network Access
Configure MSDTC Port and Firewall Access

Top

Manual MSDTC Network Access Configuration

The following steps show what you would have to do for manual MSDTC Network Access configuration. FineBuild does all of this work for you automatically.

Configure MSDTC Network Access

Start Component Services manager

Click Start, then Run, and type comexp.msc. Navigate to My Computer then right-click and select Properties
On the MSDTC tab, click on Security Configuration

Set the following options

When complete, click OK to continue

For details of why this is done see KB817064

Item	Value
Network DTC Access	Checked
Allow Inbound	Checked
Allow Outbound	Checked
Mutual Authentication Required	Select only if you are not installing a MSDTC cluster
Incoming Caller Authentication Required	Select only if you are installing a MSDTC cluster

Security

Click Yes to continue
Click OK to continue

Next, click OK to close the My Computer Properties window

Configure MSDTC Port and Firewall Access

MSDTC must be assigned a TCP Port for Network Access, and that port must be given a Firewall exemption.

The following substitutions should be made where the strings appear in the commands below:

Item	Value
PortId	Value of /TCPPortDTC:
HighPort	PortId value + 200

Run the following command to show all the ports currently in use on the server:
```
NETSTAT -an
```
If the port given in the /TCPPortDTC: parameter is not in use, then that port can be used for MSDTC. If it is in use then keep adding 1 (one) to the base port number until you identify a port number that is not in use.

If you are using Windows 2008 R2 or above then run the following command to set up the Firewall port exemption:

NETSH ADVFIREWALL FIREWALL ADD RULE 
  NAME="Distributed Transaction Coordinator Local (Port)" 
  LOCALPORT=PortId PROTOCOL=TCP ACTION=ALLOW PROFILE=DOMAIN DIR=IN

If you are using Windows 2008 R2 or above set the following registry key:
```
HKLM\SOFTWARE\Microsoft\MSDTC\ServerTcpPort=PortId
```

If you are using Windows 2008 or below set the following registry keys:

HKLM\SOFTWARE\Microsoft\Rpc\Internet\Ports="PortId-HighPort"
HKLM\SOFTWARE\Microsoft\Rpc\Internet\PortsInternetAvailable="Y"
HKLM\SOFTWARE\Microsoft\Rpc\Internet\UseInternetPorts="Y"

Previous Setup MSDTC CID	Top	Setup MSDTC Cluster Next