Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
Author |
Topic |
bakerjon
Posting Yak Master
145 Posts |
Posted - 2005-04-06 : 09:40:43
|
Here's some background for the changes to MSDTC in SP1.http://blogs.msdn.com/florinlazar/archive/2004/06/18/159127.aspxI've bumped against this today, fortunately in a test environment, not in Prod. In order to make this work, I've had to set the MSDTC Authentication level to "No Authentication Required" to make my SQL Authenticated Logins work. (I know, I know, get rid of SQL Authenticated logins...tell that to the ISV's). If I raise the security on this any higher, I can't start a distributed transaction.Does anyone know of a way to increase the security level while keeping my SQL logins?Thanks in advance!Jon BakerWhat's with the yak thing? |
|
bakerjon
Posting Yak Master
145 Posts |
Posted - 2005-04-14 : 11:01:21
|
Here is what I found from my testing. This will make an interesting blog entry, but I wanted to share with this group first! This is for any machine with Windows 2003 in a cluster, but my situation is in the middle of an upgrade with a mixed mode (win2k, win2k3) cluster.Enable MSDTC network access for SQL Server with Windows 2003 Service Pack 1• Enable DTC Network Access by opening Add or Remove Programs | Add/Remove Windows Components. Choose Application Server and click the Details button. Click the check box to Enable DTC Network Access. Do this before joining a cluster if necessary.• Reboot the server• If the server is clustered and MSDTC is a clustered resource, move the group containing the MSDTC Resource to the Windows 2003 Service Pack 1 node of the cluster. NOTE: We were not successful joining a Windows 2003 SP1 machine to the cluster after enabling MSDTC. We enabled MSDTC Network Access, joined the Windows 2003RTM node to the cluster, then applied SP1, then re-configured MSDTC as follows.• After logging in to the Windows 2003 node, Open Administrative Tools | Component Services• Open the Component Services Tree down to My Computer• Right Click on My Computer. Click Properties• Click the MSDTC Tab of the Properties screen• Click the “Security Configuration” button on the lower half of the screen• Check the “Allow Network DTC Access” checkbox if not already checked• Check both Allow Inbound and Allow Outbound checkboxes if not already checked• Click the radio button option for “No Authentication Required” in the Transaction Management Communication group box• Click OK and OK to close the Properties screen• Exit Component Services manager• NOTE: “No Authentication Required” is necessary because not all accounts used to access SQL Server are Windows domain accounts. SQL logins can’t be authenticated by MSDTC, thus security must be set down.ThanksJonNow I know, and knowing is half the battle!http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=48013 |
|
|
vipul_t_shah
Starting Member
1 Post |
Posted - 2007-10-03 : 18:42:12
|
bakerjon, I applied your suggestion about MSDTC configuration and it resolved my issue. I was wonder if you have any associated KB article from Microsoft on this suggestion? Thanks |
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-10-03 : 22:58:42
|
Take look at kb article 839279. |
|
|
|
|
|
|
|