BizTalk development over VPN (MS-DTC) RRS feed

  • Question

  • Hello,

    Not sure if this is the right place to post this...

    I am trying to finish setting up a BizTalk development machine that will be required to work remotely through a VPN (a Win2k3 machine with RRAS acting as a VPN host). The development machine has been properly configured and I am able to open up the BizTalk administration console and see all of the applications running in the group and everything works well. The problem I am having is setting up MS-DTC to work over the VPN.

    I can verify that the VPN server gives client IP addresses in the same subnet as the biztalk servers. I enabled network DTC access on the client, setup a windows firewall rule to allow dtc traffic and tried DTCping however I get the following error:

    RPC server is ready
    Please Start Partner DTCping before pinging
    ++++++++++++Validating Remote Computer Name++++++++++++
    Please refer to following log file for details:
    Error(0x2AFC) at nameping.cpp @62
    -->11004(The requested name is valid, but no data of the requested type was founInvoking RPC method on bt-sql
    Problem:fail to invoke remote RPC method
    Error(0x6D9) at dtcping.cpp @303
    -->RPC pinging exception

    I have verified that DTC is working on the bt-sql machine and on the application server (they can dtcping each other). The issue seems to be that the DTC ports (incoming) through the VPN tunnel are blocked. When I port scan bt-sql from the client machine I see that port 135 is open. When I port scan the client from bt-sql only TCP port 21 is open. Does this make sense? If so, how can I configure the VPN server to allow traffic on port 135? If not, I am up for ideas.

    - Justin
    Thursday, December 10, 2009 7:57 PM


  • To anyone who happens to run into similar problems. The problem wasn't with the VPN per-sae, it had to do with the fact that the RRAS server was in a different domain than the BizTalk and SQL server. To get this scenario working I had to:

    - Ensure the domain trust is setup correctly on both domains
    - Setup a WINS server (MSDTC seems to like NetBIOS names). Also, make sure that the BizTalk SQL and Application server are setup to use the same WINS server that the VPN clients use.
    - It also seemed to help if the VPN clients registered their IP with the DNS on the RRAS server domain
    - Turn off authentication for network DTC access.

    - Justin
    • Marked as answer by Justin Fyfe Thursday, January 21, 2010 2:44 PM
    Wednesday, January 6, 2010 3:29 PM