2

The issue is that we have a website on a standalone webserver (Windows 2003 SP2 - Machine name is TESTAPP which can be sen in the log below) which uses TransactionScope.

The SQL Server 2008 R2 machine (Windows Server 2008) is within a domain.

When the standalone machine hit's the TransactionScope it fails (error details will ensue).

When I run the code from a machine in the same domain as the DB server it works fine.

On the standalone machine I get the ubiquitous error of:

Error HRESULT E_FAIL has been returned from a call to a COM component.

However MSDTC is setup correctly, it uses Network Service by the way. DTCPing.exe works fine both ways.

Upon digging into the DB machine i found the following Audit Failure:

An account failed to log on.

Subject:
Security ID:        NULL SID
Account Name:       -
Account Domain:     -
Logon ID:       0x0

Logon Type:         3

Account For Which Logon Failed:
Security ID:        NULL SID
Account Name:       TESTAPP$
Account Domain:     WORKGROUP

Failure Information:
Failure Reason:     Unknown user name or bad password.
Status:         0xc000006d
Sub Status:     0xc0000064

Network Information:
Workstation Name:   TESTAPP
Source Network Address: 192.168.**.**
Source Port:        1202

The standalone machine is trying to logon to SQL Server machine using it's own machine name, god knows what it is using as a password.

Therefore is it possible to get MSDTC to work from a standalone machine to a domain machine?

P.S. If possible (if there is another way) I don't want to affect 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\TurnOffRpcSecurity' registry key.

P.P.S. If possible I'd like to keep Mutual Authentication Required on MSDTC, (I'm aware that a possible solution is to set MSDTC to require No Authentication, but am not sure if this is totally necessary)

The wierd thing about it is using a test standalone web server to domain DB server MSDTC is working fine whether set to No Authentication or Mutual Authentication! :S

P.P.S. Firewalls are off on both machines.

Paul Zahra
  • 9,522
  • 8
  • 54
  • 76

2 Answers2

1

Gah, if only I'd tried setting up a test using a duplication of the live system earlier etc etc...

As soon as I turned off Mutual Authentication and set it to No Authentication it worked like a charm.

P.S. No Auth isn't much of a security hole in an environment that doesn't open up the MSDTC machines/ports to the outside world. See potential risks of using unsecure rpc no authentication required setting in msdtc security configuration

Paul Zahra
  • 9,522
  • 8
  • 54
  • 76
1

You can use just one connection object across Data Access Methods. That way MSDTC is never triggered. I had similar experience but did not have access to adjust the SQL server. Using a singleton pattern, I created the Data Connection and use same connection object within a transaction across several method calls.

Justjyde
  • 322
  • 1
  • 3
  • 13
  • Indeed, I use one connection and pass it around to multiple methods, however when accessing more than one DB instance dtc kicks in, see http://stackoverflow.com/questions/1690892/transactionscope-automatically-escalating-to-msdtc-on-some-machines for some interesting insights, P.S. Using SQL 2000 dtc is allways used :S – Paul Zahra May 07 '13 at 11:31
  • Also see the update 1 section in the link above, according to MS crossing domain boundaries will cause DTC to fireup. – Paul Zahra May 07 '13 at 11:37
  • Thanks Paul I never knew that. I've always tried to keep all my needs in one DB. All external DB contents are accessed & updated via (web/WCF) Services. So I never encountered that one. – Justjyde May 07 '13 at 11:47