Clustered MSDTC - No transaction is active

Question

Hi I Currently have two clusters (W2K8R2) with SQL 2K8R2, both with MSDTC cluster service enabled.

I've configured the MSDTC with all checkboxes, and Incoming Caller Authentication Required and NT AUTHORITY\NetworkService as the DTC Logon Account.

I've also configured the Registry on all cluster nodes of both cluster to restrain the Ports to 5000-5100 (from this KB article http://support.microsoft.com/kb/250367)

The machines are not on the same domain, but there is a trust relationship, there's a firewall between them, and ports 1433, 1434, 135 and 5000-5100 are allowed between machines on the firewall, however it doesn't seem that these ports (5000-5100) are being used, when I try to insert data on a temp table from a remote proc I get an "No transaction is active." If I run DTCTEST I get: The transaction has already been implicitly or explicitly commited or aborted.

I'm getting nuts, any help is appreciated. Thanks, Gabriel

Answer 1

My guess would be that the firewall is not allowing the machine to talk to a domain controller on the target domain. The computer sourcing the request needs to be able to talk to DC's on the trusted domain to authenticate user authorization requests (see: http://support.microsoft.com/kb/832017).

Did you open TCP or UDP for the ports you have listed? Are there any dropped packets on the firewall during the time you are trying to use the Cluster DTC?

Answer 2

The issue was about the firewall blocking access to the MSDTC Cluster service, this is because on a cluster the MSDTC has its own IP address, which wasn't allowed on firewall.

I had granted access to the SQL IP's not MSDTC, now that's right.

Thanks!!