How to configure the MSDTC service to listen on a specific RPC server port

  • 發行項

Starting in Windows 7 and Windows Server 2008 R2 you can now configure the Microsoft Distributed Transaction Coordinator (MSDTC) to listen on a specific RPC server port. This is great news for network or firewall administrators. No longer do you have to open up a range of RPC Server ports and then guess at how many ports to allow in that range so that DTC communication can flow through the firewall.

To configure DTC to listen on a specific RPC server port add or modify the following registry key value

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\
Name: ServerTcpPort
Type: REG_DWORD
Value: Numerical value of the port you want DTC to listen on. (i.e. 0x00001f90 = decimal value port 8080)

Setting and changing this value requires a restart of the MSDTC service for the changes to take effect.

DTC_ServerTcpPort_1

You can use netstat.exe to confirm that the MSDTC service is listening on that configured server port. Here TaskManager tells us DTC has a process id (PID) of 6496. Using netstat.exe –oan we can confirm that PID 6496 is listening on port 8080 as we have configured in the ServerTcpPort registry value.

DTC_ServerTcpPort_2

At this point, to support OLE Transaction communication between machines, you should allow bi-directional TCP traffic in your firewall on port 135, for the endpoint mapper, and the single specific ServerTcpPort port instead of a port range like we did in earlier operating systems.

Clustered DTC instances

The good news is that this ServerTcpPort setting is configurable for MSDTC Cluster resource instances on a Windows 2008 R2 cluster as well, just from a different registry location. In the screenshot below you will see three different instances of msdtc.exe process running on a single node of a Windows Server 2008 R2 Cluster. One instance of msdtc.exe is the local DTC service (listening on port 8080). The local DTC service instance reads the same ServerTcpPort registry value identified at the path described above. I then added two new applications to the cluster and added a new DTC Cluster Resource to each application, listening on configured ports 8081 and 8082.

To configure your DTC cluster resource to listen on a specific port on a Windows Server 2008 R2 Cluster you have to find the DTC registry hive for that DTC cluster resource instance:

Path: HKEY_LOCAL_MACHINE\Cluster\Resources\ {Unique_DTC_ResourceID_GUID} \MSDTCPRIVATE\MSDTC
Name: ServerTcpPort
Type: DWORD (32-bit) Value
Value: Numerical value of the port you want DTC to listen on. (i.e. 0x00001f91 = decimal value port 8081)

To identify the specific Unique_DTC_ResourceID_GUID registry hive to use reference the screenshot below. Open services console to find the list of DTC services that are running on the cluster node. The cluster instances will append the cluster resource id to the service name. You can navigate to that section in the registry hive (in our example below we navigated to HKEY_LOCAL_MACHINE\Cluster\Resources\61d9b903-df08-4ef4-b416-b3e33ecf72cc). Once you have that hive selected check the Name registry value to confirm if this is the DTC cluster instance you want to have listen on the specific port. Then just add the ServerTcpPort registry value to the \MSDTCPRIVATE\MSDTC registry sub-hive location as indicated above.

Changes to the ServerTcpPort cluster resource registry values also require a restart of the DTC cluster resource.  

Cheers
-Todd Foust

ServerTcpPort setting is documented on MSDN here.

Comments

  • Anonymous
    August 30, 2012
    Hi! I followed the instructions mentionned in this blog.  MSTDC seems to be listening on the correct port (on our Windows 2008 R2 server).  BUT, it seems MSDTC is still opening other ports on the Win 2008 R2 during transactions received from another server (Windows 2003 R2).  These other ports are blocked by our firewall.  Isn't the ServerTcpPort key supposed to stop the dynamically allocation of ports during transactions processing?

  • Anonymous
    August 31, 2012
    The comment has been removed

  • Anonymous
    September 25, 2013
    Hello, Can the static assigned MSDTC port be the same across all running MSDTC instances? I have 4 Windows 2008 R2 servers running MSDTC and would like to assign the same port number to each MSDTC instance. Thanks Frank

  • Anonymous
    September 29, 2013
    Hello Frank. As long as those 4 instances are all running on separate servers. If you have one instance of msdtc.exe running on each of the 4 servers then yes they all can be configured to listen on the same port. However if you are attempting to configure four instances of msdtc.exe on the SAME machine then you will have to select different ports for each. There is not a port sharing service for MSDTC.exe instances on the same machine. Hope this helps. -Todd

  • Anonymous
    October 28, 2013
    Hello Todd, we have an SQL Cluster that is configured with clustered DTC and I was previously reading that, since many resources use DTC, you would have to configure a port range in the order of 50-100 ports.  Is this no longer needed?

  • Anonymous
    November 20, 2013
    The comment has been removed

  • Anonymous
    January 24, 2014
    Hello Gerry, Do you have a link for the documentation that still recommends this? This article talks specifically about the DTC service. I'm not sure if SQL cluster might have other services that listen on other dynamic RPC server ports, which may still require a range of ports to be available.

  • Anonymous
    January 24, 2014
    Hello Dale, This change will have no effect on the performance throughput for your scenario. The settings described in this article only control the port that MSDTC service listens on. It will always only listen on a single port (per instance of DTC). Instead of randomly getting a single port from the available RPC dynamic server port range, you can manually configure which port gets selected. The rest of DTC behavior will be the same as before. Hope this helps. Todd

  • Anonymous
    August 16, 2014
    Thanks for wonderful post !! I have 2 Web Server & 2 SQL Server (Clustered) there is firewall between them.. Scenario_1: On all 4 servers, Configured RPC Ports under dcomcnfg - 5100-5200   Port configured for Local MSDTC through registry - 5101 on 2 Web and 2 SQL Server Port configured for Clustered MSDTC through registry - 5102  on SQL Clustered Server Result >> everything working fine in DTCtester.exe Scenario_2: On all 4 servers, REMOVED  RPC Ports under dcomcnfg - 5100-5200   Port configured for Local MSDTC through registry - 5101 on 2 Web and 2 SQL Server Port configured for Clustered MSDTC through registry - 5102  on SQL Clustered Server Result >> test failing for DTCtester.exe My Query: If we want to use the 2nd scenario so that 'RPC' uses only those two defined ports for 'MSDTC' then is there anything to change on the WEB or SQL Server !! Many Thanks

  • Anonymous
    September 02, 2014
    Changing this port on a cluster you need to change the active node then the passive nodes first otherwise the port will not survive a reboot