Reset the CID/SID of the Server
Log into the IaaS and DB servers as Administrator.
Opening REGEDIT can show what the CID/SID values are. This is located:
HKEY_CLASSES_ROOT\CID\(CID)\Description\(Default)
Open a powershell prompt as administrator and run the command:
Uninstall MSDTC
msdtc -uninstall
Reboot
shutdown -r -t 0
Re-install MSDTC (login with same permissions as above)
msdtc –install
Warning: The msdtc command does not give any return response when running this command.
Open the Firewall
Enable the firewall rules for WMI and DTC on both computers by using the Netsh utility. This
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
netsh advfirewall firewall set rule group="Distributed Transaction Coordinator" new enable=yes
Testing
Basic checking can be done by opening the Component Services MMC. You should see something similar.
Component Services MMC for MS DTC |
Run the DTCtester to test the state of MSDTC. Below are some example tests that can be run to test local and both local and remote DTC connectivity.
Test MSDTC on the local computer
Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -Verbose
Test MSDTC on the local computer and a remote computer
Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -RemoteComputerName "remote-server" -ResourceManagerPort 17100 -Verbose
Test MSDTC on a local computer that blocks inbound transactions
Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -RemoteComputerName "remote-server" -ResourceManagerPort 17100 -Verbose
Test MSDTC on a local computer that blocks outbound transactions
Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -RemoteComputerName "remote-server" -ResourceManagerPort 17100 -Verbose
This is the result if the first test partially fails. The 3 local and remote tests will also show the CIDs for the communicating systems. Referring to the REGEDIT above will display the UIS and the XA values that are contained in the CID subkeys.. From this output you will be able to determine if the CIDs are unique as another method to validate the registry values.
PS C:\Windows\system32> Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -Verbose
VERBOSE: ": Firewall rule for "RPC Endpoint Mapper" is enabled."
VERBOSE: ": Firewall rule for "DTC incoming connections" is enabled."
VERBOSE: ": Firewall rule for "DTC outgoing connections" is enabled."
VERBOSE: IN-SQL02: AuthenticationLevel: Mutual
VERBOSE: IN-SQL02: InboundTransactionsEnabled: False
WARNING: "IN-SQL02: Inbound transactions are not allowed and this computer cannot participate in network transactions."
VERBOSE: IN-SQL02: OutboundTransactionsEnabled: False
WARNING: "IN-SQL02: Outbound transactions are not allowed and this computer cannot participate in network transactions."
VERBOSE: IN-SQL02: RemoteClientAccessEnabled: False
VERBOSE: IN-SQL02: RemoteAdministrationAccessEnabled: False
VERBOSE: IN-SQL02: XATransactionsEnabled: False
VERBOSE: IN-SQL02: LUTransactionsEnabled: True
This is the result when things look good for the installer to proceed.
PS C:\Windows\system32> Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -Verbose
VERBOSE: ": Firewall rule for "RPC Endpoint Mapper" is enabled."
VERBOSE: ": Firewall rule for "DTC incoming connections" is enabled."
VERBOSE: ": Firewall rule for "DTC outgoing connections" is enabled."
VERBOSE: IN-SQL02: AuthenticationLevel: Mutual
VERBOSE: IN-SQL02: InboundTransactionsEnabled: True
VERBOSE: IN-SQL02: OutboundTransactionsEnabled: True
VERBOSE: IN-SQL02: RemoteClientAccessEnabled: True
VERBOSE: IN-SQL02: RemoteAdministrationAccessEnabled: True
VERBOSE: IN-SQL02: XATransactionsEnabled: False
VERBOSE: IN-SQL02: LUTransactionsEnabled: True
Summary
This is only one example of how to resolve these errors. If you used a template and a customization spec as you deploy while selecting "Generate New Security ID (SID)" your experience might be different.