0

Objective:

I am continuing the development of a legacy Windows Forms application by developing locally on my laptop. The app relies on MSDTC to connect to a SQL database. I want to host the SQL database in the cloud @ Azure. A VPN has been configured to allow connectivity between my laptop and the Azure-hosted virtual network. To develop locally, how can I connect to the SQL database in the cloud via MSDTC?

Software:

  • Laptop: Windows 10, Visual Studio 2019
  • Virtual database server: Windows 2012, SQL 2008 R2

Firewall:

  • Laptop Windows firewall: disabled
  • Database server Azure Firewall: Port traffic allowed on 135, 5000-5099
  • Database server Windows firewall: disabled

VPN:

  • SKU: Basic
  • VPN Type: Route-based

Windows domains:

  • Laptop: Not joined to any domain
  • Virtual database server: Joined to a Windows domain with a separate dedicated Domain Controller

DTC Security:

Database Server:

Server

Confirmed working:

  • Registry entries were made on the database server to configure MSDTC ports to be internet-facing. The netstat -an |find /i "listening" command confirms these ports are listening.
  • NetBIOS name resolution to the virtual database server from my laptop is working (via host file entry)

Error:

Using DTCPing to diagnose:

Invoking RPC method on sqlvm1 Problem:fail to invoke remote RPC method Error(0x6D9) at dtcping.cpp @303 -->RPC pinging exception -->1753(There are no more endpoints available from the endpoint mapper.) RPC test failed

  • In addition to testing the database server already mentioned, this error also occurs while attempting to connect from my laptop to an empty/vanilla Azure-hosted virtual server that is not joined to a domain.
nairware
  • 309
  • 2
  • 9
  • 17
  • `The netstat -an |find /i "listening" command confirms these ports are listening.`. Are you able to telnet to the one incoming port for DTC that is listening? – Greg Askew Mar 30 '20 at 17:02
  • Can you also provide a screenshot of the Local DTC configuration > Security tab? – Greg Askew Mar 30 '20 at 17:04
  • Requested screenshot added – nairware Mar 30 '20 at 17:21
  • You may want to try stopping the DTC and SQL services, and start the DTC service and SQL service in that order. – Greg Askew Mar 30 '20 at 18:51
  • Trying to isolate the problem, I have removed SQL from the equation by testing an empty/plain server. I cannot fix the problem on a bare-bones VM, nor on a server with SQL. Restarting MSDTC as well as rebooting all servers involved has not fixed anything. – nairware Mar 31 '20 at 01:58
  • @GregAskew Regarding telnet, I can indeed telnet only to those ports which are listening. In my case, this appears to be 135, 5000, 5001, 5002, 5003, 5004, 5005, 5006, and 5007. This confirms that the registry entries I have made are impacting server behavior. If I change the port ranges specified there, the listening ports will shift to the new range, and telnet will function accordingly. – nairware Mar 31 '20 at 02:05
  • Which one of the 5nnn ports is DTC listening on? – Greg Askew Mar 31 '20 at 11:16
  • @GregAskew "DTC uses Remote Procedure Call (RPC) dynamic port allocation. By default, RPC dynamic port allocation randomly selects port numbers above 1024. By modifying the registry, you can control which ports RPC dynamically allocates for incoming communication. You can then configure your firewall to confine incoming external communication to only those ports and port 135 (the RPC Endpoint Mapper port)." [Configuring DTC](https://support.microsoft.com/en-us/help/250367/configuring-microsoft-distributed-transaction-coordinator-dtc-to-work) – nairware Mar 31 '20 at 15:35
  • Actually by default Windows selects ports 49152-65535 for RPC. But you said you configured RPC to use 5000-5nnn. DTC will use one of those ports. Did you identity the single port that the DTC service is listening on and telnet to it? – Greg Askew Mar 31 '20 at 15:51
  • @GregAskew How do I identify the fixed single port that DTC service is listening on in the dynamically allocated range of RPC ports? – nairware Mar 31 '20 at 16:02
  • Open Task Manager, find the msdtc.exe service, get the process id. Then run `netstat -ano | findstr /i ""` – Greg Askew Mar 31 '20 at 17:26
  • @GregAskew OK. The MSDTC service is bound to port 5007. There are two entries (one for IPv4 0.0.0.0, one for IPv6 [::]). – nairware Mar 31 '20 at 18:31

0 Answers0