My name is Steven Graves and I am a Senior Support Escalation Engineer on the Windows Core Team. In this blog, I will discuss how to configure MSDTC to use a specific port on Windows Server 2012/2012R2 as this has slightly changed from the way it is configured in Windows Server 2008 R2 in order to prevent overlapping ports. As a reference, here is the blog for Windows 2008 R2. How to configure the MSDTC service to listen on a specific RPC server port Scenario There is a web server in a perimeter network and a standalone SQL Server (or Clustered SQL Server instance) on a backend production network and a firewall that separates the networks. MSDTC needs to be configured between the web server and backend SQL Server using a specific port in order to limit the ports opened on the firewall between the networks. So as an example, we will configure MSDTC to use port 5000.
There are two things that need to be configured on the frontend web server to restrict the ports that MSDTC will use. Configure the ports DCOM can use. Configure the specific port or ports for MSDTC to use Steps 1. On the web server launch Dcomcnfg.exefrom the Run menu. Expand Component Services, right click My Computer and select Properties 3.
Microsoft Cloud and Datacenter MVP David Bermingham's thoughts and advice on Windows clustering and other related technologies. Clustering For Mere Mortals Microsoft Cloud and Datacenter MVP David Bermingham's thoughts and advice on Windows clustering and other related technologies. These ports can be blocked by the Windows Firewall. To confirm MSDTC is using the correct port: Open an Administrative command prompt and run Netstat –ano to get the port and the Process Identifier (PID) Start Task Manager and select Details tab. Find MSDTC.exe and get the PID. Review the output for the PID to show it is MSDTC.
Select the Default Protocols tab 4. Click Properties button 5.
Type in the port range that is above the port MSDTC will use. In this case, I will use ports 5001-6000. Click OK back to My Computer properties window and click OK. Here is the key that is modified in the Registry for the ports.
Start Regedt32.exe 9. Locate HKEYLOCALMACHINE SOFTWARE Microsoft MSDTC 10. Right click the MSDTC key, select New and DWord (32-bit) Value 11. Type ServerTcpPort for the key name 12. Right click ServerTcpPort key and select Modify 13. Change radio button to Decimal and type 5000 in the value data, click OK.
This is how the registry key should look 14. Restart the MSDTC Service (if stand-alone) or take the MSDTC Resource offline/online in Failover Cluster Manager if clustered. To confirm MSDTC is using the correct port:. Open an Administrative command prompt and run Netstat –ano to get the port and the Process Identifier (PID).
![Firewall Firewall](https://www.elastic.co/guide/en/elasticsearch/reference/current/images/msi_installer/msi_installer_locations.png)
Start Task Manager and select Details tab. Find MSDTC.exe and get the PID. Review the output for the PID to show it is MSDTC Now DTC will be using the port specified in the registry and no other processes will try to use the same port thus preventing an overlap of ports. Steven Graves Senior Support Escalation Engineer Microsoft Core Support. Memory Management, Performance, Printing, Terminal Server. Debugging, Hangs, Tools.
DFSR, Certificates, Group Policy. Espanol, Portugues. SMS MOM. Scalable Networking, OCS, Communications Server. Windows Essential Business Server.
Microsoft Application Virtualization, SoftGrid, Softricity. DPM related issues.
BDD Team. Vista Team Blog. Microsoft GTSC Bucharest / Covering topics such as: Windows Server, Failover Clustering, Performance, Printing, Core OS, AD, Deployment, WSUS, SCOM/SCCM Product Team Blogs. I'm a bit confused: In previous article related to SQL2008, it indicates to support OLE Transaction communication between machines, you should (1) allow bi-directional TCP traffic in your firewall on port 135 for the endpoint mapper, and (2) the single specific ServerTcpPort port instead of a port range like we did in earlier operating systems. However, this article indicates that it's necessary for Win2012 to configure an RPC range we did in earlier operating systems.Configure the ports DCOM can use: Port 5001-6000.Configure the specific port or ports for MSDTC to use: Port 5000.And to support OLE Transaction communication between machines allow bi-directional TCP traffic in your firewall for the endpoint mapper: Port 135. So is it still necessary then for MSDTC on Windows 2012 to configure & open RPC bi-directional between client & server for RCP port range 5001-6000? Can Steven Graves please clarify: 'Windows Server 2012/2012R2 as this has slightly changed from the way it is configured in Windows Server 2008 R2 in order to prevent overlapping ports' What is meant by overlapping ports?
Why is that an issue in Windows 2012 but not 2008R2? In windows 2008 R2 SQL clusters, we never had to configure a port for MSDTC to Listen on. We would setup the DCOM range and the firewall exceptions for the range, including an exception for 135 (RPC Endpoint Mapper) on all nodes in the SQL cluster and our application servers. Our current configuration is a Windows 2012 SQL Cluster, and Windows 2008R2 Application Servers (don't ask me why the difference in OS's, it is what it is).
Now, we find that we must set the ServerTcpPort in the registry, and we gave it 5000 ONLY on the Windows 2012 Machines for the SQL Cluster, and added a firewall exception for this. Our Information Security Office would like to understand why, and I cannot offer a full explanation, other than 'we would have port overlapping'? Overlapping with what? Why is this specific to Windows 2012?? This blog was written for a specific scenario for MSDTC where the customer already had MSDTC configured to use port 5000 on 2008R2 and they wanted to keep using port 5000 on 2012R2.
The port conflict happened in 2012R2 because Winint.exe grabbed the first RPC dynamic port, which was 5000, the same port MSDTC was configured to use. Sorry for the confusion with using 'overlapping port' but 'port conflict' may make more sense. We did not make any changes to SQL for this to work. Yes, you may need change firewall rules but that will depend on the environment.
To resolve/avoid above mentioned port conflict issue on MS Windows Server 2012 R2, I did following in addition to above mentioned: 1. Launch the Regedt32.exe 2. Go to HKLM SOFTWARE Microsoft Rpc Internet 3. Change the “Ports” value from “5000-5020” to “4990-5000” 4. And also Set the “(Default)” value to 4990 5.
Quit the RegEdt32.exe 6. Restart the server On boot, RPC will start assigning tcp ports to services (wininiet.exe, svchost.exe, etc) from tcp/4990 port and will assign tcp/5000 port to MSDTC. Though I have successfully verified MSDTC operations using DTCPing; but I have a question will this workaround good to go for production environment/setup as well? To resolve/avoid the MSDTC port conflict issue on MS Windows Server 2012 R2, I did following in addition to above mentioned: 1.
Launch the Regedt32.exe 2. Go to HKLM SOFTWARE Microsoft Rpc Internet 3. Change the “Ports” value from “5000-5020″ to “4990-5020″ 4. And also Set the “(Default)” value to 4990 5.
Quit the RegEdt32.exe 6. Restart the server On boot, RPC will start assigning tcp ports to services (wininiet.exe, svchost.exe, etc) from tcp/4990 port onward and will assign tcp/5000 port to MSDTC. Though I have successfully verified MSDTC communication using DTCPing. But will this workaround good to go for production environment/setup as well?
Contents. Each node of a Windows Cluster should be configured exactly the same including the networking parameters (other than unique IP addresses for each system). Configure IP Addresses Every node on a Windows Cluster should be configured with.
IP Addresses. Default Gateways. Interconnect Networks (for 2-node clusters only) and any other relevant networking details.
The DNS IP address will likely be your Active Directory servers, otherwise you will have to guarantee the new servers have access to your Active Directory domain servers. Each system will likely require the configuration of:. Management Ports IP Addresses.
Data Access high-speed 10/25/50/100 GbE ports IP addresses. DNS IP addresses configured on the network adapter on the network segment which provides the best access to Active Directory. Default may be optionally configured on the best network segment which has routable access to the Internet.
Without this access, the Microsoft Updates will have to be downloaded and installed out of band. (Lights Out console) IP addresses. This is available on the shared NIC or on the dedicated IPMI port. The shared port can be used to reduce the number of network cables to your servers. The shared connection looks like two virtual ports connected to a single cable on one physical port. Different IP network subnets can be defined for the Management interface as well as the IPMI interface.
![Windows Windows](/uploads/1/2/5/5/125513364/162928267.png)
Rename the Network Adapters The network adapters will have default names. It will be easier to manage your systems if you give each network interface a more descriptive name. To rename a network interface:. Control Panel View network status and tasks Change adapter settings In the example above, the network interface 3 is renamed to Interconnect.
This port is the internal network running inside the chassis which is used for cluster traffic and is always available regardless of external connections.