Getting MSDTC working across two EC2 instances

2

I have two EC2 instances, one running websites in IIS and the other hosting a SQL-Server instance. The website(s) are communicating fine for this server, pulling data out of the database without issue. However, when I go to write a suite of data, I am using DTC which is giving me problems. When I try to write (and therefore wrap in a transaction) I get the following error message:

The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn't have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02B).

If I run DTCPing.exe from the SQL instance to the IIS instance I get the following result:

09-20, 12:19:12.861-->Start RPC test (-->WIN-I9MDBIKCVAD) Problem:fail to invoke remote RPC method Error(0x6BA) at dtcping.cpp @303 -->RPC pinging exception -->1722(The RPC server is unavailable.) RPC test failed

Things I’ve tried:

  • Ensured port 3372 is permitted in the IAM security group settings in use on both servers
  • Tried enabling ‘All TCP’ and ‘All UDP’ in the security group settings
  • Added hosts file entries for the net bios names of the other machine to the elastic IP set up for each instance Ensuers MSDTC is enabled on both servers and configured
  • Ensured the RPC service is running on both machines

Anyone have any suggestions as to what may be cuasing this issue?

Thanks

amazon-ec2
msdtc
asked on Stack Overflow Sep 20, 2013 by LDJ

2 Answers

0

Turns out the issue was regarding the Transaction Manager Communication settings. By default MSDTC enabled 'Mutual Authentication Required' but the two machines can't authenticate using the default 'NT AUTHORITY\NetworkService' account. Solution was to create a user accross both machines that enables it to authenticate, or more simply, just select 'No Authentication Required'. Applied this setting, restarted the service and its working!

answered on Stack Overflow Sep 25, 2013 by LDJ
0

Turned out that in our case the port 135 (RPC) needed to be opened on both the App Server and the SQL machines for MSDTC to send the MSDTC object from SQL to the client.

If you still have issues, that’s likely because the DTC is picking a port between 1024 and 65535. So, simply allow your Amazon EC2 "inbound rules" in each App\SQL to allow from the other server.

answered on Stack Overflow Jul 28, 2016 by arviman

User contributions licensed under CC BY-SA 3.0