locked
Network DTC issues

    Question

  • Hi,

    I'm having the same problem too and there's no VPN involved in my situation.

    The client machine (XP SP2) has the firewall turned off and security configuration settings are as per the earlier message (Network DTC Access on, remote clients allowed, inbound/outbound communication allowed, no authentication required, running as Network Service) .

    The error is:

    Problem:fail to invoke remote RPC method
    Error(0x5) at dtcping.cpp @303
    -->RPC pinging exception
    -->5(Access is denied.)
    RPC test failed

    Further help would be great.

    Wednesday, March 15, 2006 1:59 AM

Answers

  • DTCPING makes anonymous RPC call to remote machine

    from xp,sp2,by default,remote machine won't accept anonymous calls,so it is giving you access denied error message (OX5 error code)

    if you disable RestrictRemoteClients key,remote machine accepts anonymous calls

    http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/restrict_remote_clients.aspx

    This is just DTCPING tool problem,This error is not related to DTC.

    -Thank you

    Madhu

     

    Tuesday, March 28, 2006 5:31 PM
  • If I remember correctly, an NT4 domain doesn't know about machine account authentication, which MSDTC is trying to use to do its mutual auth. You will probably need to use "no authentication required".


    Tuesday, July 31, 2007 4:34 PM
  • It would be useful if you can post the output from dtcping.

     

    Also, please note that in order for the two MSDTC to be able to communicate, the two servers need to be reachable using their netbios names. In other words, you need to be able to "ping" the servers from each other using their names instead of their IP addresses.

     

    Tuesday, August 07, 2007 6:00 PM

All replies

  • Aquilegia,

    I can't find the "same problem" that you're referring to at the start of your message.  Can you clarify a little more about your situation?  What application(s) are you running, are you in managed (.NET) or unmanaged (C, C++) space, when is the error message coming up, etc?

      ric

    Wednesday, March 15, 2006 4:29 PM
  • DTCPING makes anonymous RPC call to remote machine

    from xp,sp2,by default,remote machine won't accept anonymous calls,so it is giving you access denied error message (OX5 error code)

    if you disable RestrictRemoteClients key,remote machine accepts anonymous calls

    http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/restrict_remote_clients.aspx

    This is just DTCPING tool problem,This error is not related to DTC.

    -Thank you

    Madhu

     

    Tuesday, March 28, 2006 5:31 PM
  • I have an nt40 domain with windows 2003 (no sp1) servers running sql2000 (sp4)located in dc1.  I need msdtc to communicate to dc2.  In dc2 I have 2003 active directory native, 64bit 2003 servers sp2 running sql2000- both dc's are running in clusters.  Local DTC/Com+ is installed, msdtc is installed in each cluster group, inbound/outbound, mutual authentication etc... is on - firewalls are passing traffic and the local firewall on AD 2003 servers is disabled.

     

    servers can ping, trace, link servers work, sql server registration works, domain admin accouts and admin accounts have been added to each server - from each domain

     

    local security updated to enable allow anonymous sid/name translation for both servers if applicable via sp/os version.

     

    with a client network utility using named pipes aliases on the 2003 servers in the nt40 domain- dtcping works - but begin transactions still fail.  Any ideas?  

     

    Thanks,

    RollinJack 

    Monday, July 30, 2007 10:39 PM
  • If I remember correctly, an NT4 domain doesn't know about machine account authentication, which MSDTC is trying to use to do its mutual auth. You will probably need to use "no authentication required".


    Tuesday, July 31, 2007 4:34 PM
  •  

    both servers I am testing are set with "no authentication required".  what is odd is dtcping works from the 2003 domain to the nt40 domain - only if initiated from the nt40 domain.
    Tuesday, July 31, 2007 9:38 PM
  • It would be useful if you can post the output from dtcping.

     

    Also, please note that in order for the two MSDTC to be able to communicate, the two servers need to be reachable using their netbios names. In other words, you need to be able to "ping" the servers from each other using their names instead of their IP addresses.

     

    Tuesday, August 07, 2007 6:00 PM