Hi Folks,
We have some inhouse applications developed using microsoft technologies
like C#.net,asp.net and sql server 2000 and we have third party applicatio
ns
using sql server 2000.
In all our sql servers we configured as below.
we created domain level user accounts(service accounts) like SA_Server1.
we made that SA_server1 as member of local administrator group on the
server where SQLserver2000 software got installed.
we are using SA_server1 account to run mssqlserver service (windows
service).
All our proudction sql server are windows clusters with 2 nodes.
we have mixed mode authentication. And all users in Builtin/Administrators
group are sql users.
Using that domain level service account (SA_Server1) credentials,we can
login to that particualr sql server locally to check everything is working
fine.
Everything is working fine.
Recently Sarbanes-Oxley Audit conducted in our company.
One of the questions they asked is as given below.
1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
SA_Server1) ?
They don't want any one to login to that server locally using that domain
account credentials.
2.Why builtin/administrators are part of sql users?
How can we prevent anyone logging in to that sql server locally using that
service account credentials?
we will be giving that credentials for the 2,3 administrative people only.
But we don't want them also to login to that server locally using service
account credentials.
They should login to that server using their own windows accounts.
How can we turn OFF that interactive log-on?
is it in group policy or local policy or Active directory member profile?
What are the best security practices for sql server 2000 configuration
mainly with service accounts?
Any kind of help is greatly appreciated.
--KumarDeny Logon locally right to the account used to start sql server services is
recommended to prevent someone from using sql server service account to logi
n
to the sql server.
Hope this hepls
"Kumar" wrote:
> Hi Folks,
> We have some inhouse applications developed using microsoft technologies
> like C#.net,asp.net and sql server 2000 and we have third party applicat
ions
> using sql server 2000.
> In all our sql servers we configured as below.
> we created domain level user accounts(service accounts) like SA_Server1.
> we made that SA_server1 as member of local administrator group on the
> server where SQLserver2000 software got installed.
> we are using SA_server1 account to run mssqlserver service (windows
> service).
> All our proudction sql server are windows clusters with 2 nodes.
> we have mixed mode authentication. And all users in Builtin/Administrators
> group are sql users.
> Using that domain level service account (SA_Server1) credentials,we can
> login to that particualr sql server locally to check everything is working
> fine.
> Everything is working fine.
>
> Recently Sarbanes-Oxley Audit conducted in our company.
> One of the questions they asked is as given below.
> 1.why Interactive log-in is turned ON for that mssqlservice accounts? (fo
r
> SA_Server1) ?
> They don't want any one to login to that server locally using that doma
in
> account credentials.
> 2.Why builtin/administrators are part of sql users?
>
> How can we prevent anyone logging in to that sql server locally using that
> service account credentials?
> we will be giving that credentials for the 2,3 administrative people only
.
> But we don't want them also to login to that server locally using service
> account credentials.
> They should login to that server using their own windows accounts.
>
> How can we turn OFF that interactive log-on?
> is it in group policy or local policy or Active directory member profile
?
>
> What are the best security practices for sql server 2000 configuration
> mainly with service accounts?
>
>
> Any kind of help is greatly appreciated.
>
> --Kumar
>
Showing posts with label applications. Show all posts
Showing posts with label applications. Show all posts
Wednesday, March 28, 2012
MSSQ server service (widnows service) account configuration --
Hi Folks,
We have some inhouse applications developed using microsoft technologies
like C#.net,asp.net and sql server 2000 and we have third party applications
using sql server 2000.
In all our sql servers we configured as below.
we created domain level user accounts(service accounts) like SA_Server1.
we made that SA_server1 as member of local administrator group on the
server where SQLserver2000 software got installed.
we are using SA_server1 account to run mssqlserver service (windows
service).
All our proudction sql server are windows clusters with 2 nodes.
we have mixed mode authentication. And all users in Builtin/Administrators
group are sql users.
Using that domain level service account (SA_Server1) credentials,we can
login to that particualr sql server locally to check everything is working
fine.
Everything is working fine.
Recently Sarbanes-Oxley Audit conducted in our company.
One of the questions they asked is as given below.
1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
SA_Server1) ?
They don't want any one to login to that server locally using that domain
account credentials.
2.Why builtin/administrators are part of sql users?
How can we prevent anyone logging in to that sql server locally using that
service account credentials?
we will be giving that credentials for the 2,3 administrative people only.
But we don't want them also to login to that server locally using service
account credentials.
They should login to that server using their own windows accounts.
How can we turn OFF that interactive log-on?
is it in group policy or local policy or Active directory member profile?
What are the best security practices for sql server 2000 configuration
mainly with service accounts?
Any kind of help is greatly appreciated.
--KumarDeny Logon locally right to the account used to start sql server services is
recommended to prevent someone from using sql server service account to login
to the sql server.
Hope this hepls
"Kumar" wrote:
> Hi Folks,
> We have some inhouse applications developed using microsoft technologies
> like C#.net,asp.net and sql server 2000 and we have third party applications
> using sql server 2000.
> In all our sql servers we configured as below.
> we created domain level user accounts(service accounts) like SA_Server1.
> we made that SA_server1 as member of local administrator group on the
> server where SQLserver2000 software got installed.
> we are using SA_server1 account to run mssqlserver service (windows
> service).
> All our proudction sql server are windows clusters with 2 nodes.
> we have mixed mode authentication. And all users in Builtin/Administrators
> group are sql users.
> Using that domain level service account (SA_Server1) credentials,we can
> login to that particualr sql server locally to check everything is working
> fine.
> Everything is working fine.
>
> Recently Sarbanes-Oxley Audit conducted in our company.
> One of the questions they asked is as given below.
> 1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
> SA_Server1) ?
> They don't want any one to login to that server locally using that domain
> account credentials.
> 2.Why builtin/administrators are part of sql users?
>
> How can we prevent anyone logging in to that sql server locally using that
> service account credentials?
> we will be giving that credentials for the 2,3 administrative people only.
> But we don't want them also to login to that server locally using service
> account credentials.
> They should login to that server using their own windows accounts.
>
> How can we turn OFF that interactive log-on?
> is it in group policy or local policy or Active directory member profile?
>
> What are the best security practices for sql server 2000 configuration
> mainly with service accounts?
>
>
> Any kind of help is greatly appreciated.
>
> --Kumar
>
We have some inhouse applications developed using microsoft technologies
like C#.net,asp.net and sql server 2000 and we have third party applications
using sql server 2000.
In all our sql servers we configured as below.
we created domain level user accounts(service accounts) like SA_Server1.
we made that SA_server1 as member of local administrator group on the
server where SQLserver2000 software got installed.
we are using SA_server1 account to run mssqlserver service (windows
service).
All our proudction sql server are windows clusters with 2 nodes.
we have mixed mode authentication. And all users in Builtin/Administrators
group are sql users.
Using that domain level service account (SA_Server1) credentials,we can
login to that particualr sql server locally to check everything is working
fine.
Everything is working fine.
Recently Sarbanes-Oxley Audit conducted in our company.
One of the questions they asked is as given below.
1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
SA_Server1) ?
They don't want any one to login to that server locally using that domain
account credentials.
2.Why builtin/administrators are part of sql users?
How can we prevent anyone logging in to that sql server locally using that
service account credentials?
we will be giving that credentials for the 2,3 administrative people only.
But we don't want them also to login to that server locally using service
account credentials.
They should login to that server using their own windows accounts.
How can we turn OFF that interactive log-on?
is it in group policy or local policy or Active directory member profile?
What are the best security practices for sql server 2000 configuration
mainly with service accounts?
Any kind of help is greatly appreciated.
--KumarDeny Logon locally right to the account used to start sql server services is
recommended to prevent someone from using sql server service account to login
to the sql server.
Hope this hepls
"Kumar" wrote:
> Hi Folks,
> We have some inhouse applications developed using microsoft technologies
> like C#.net,asp.net and sql server 2000 and we have third party applications
> using sql server 2000.
> In all our sql servers we configured as below.
> we created domain level user accounts(service accounts) like SA_Server1.
> we made that SA_server1 as member of local administrator group on the
> server where SQLserver2000 software got installed.
> we are using SA_server1 account to run mssqlserver service (windows
> service).
> All our proudction sql server are windows clusters with 2 nodes.
> we have mixed mode authentication. And all users in Builtin/Administrators
> group are sql users.
> Using that domain level service account (SA_Server1) credentials,we can
> login to that particualr sql server locally to check everything is working
> fine.
> Everything is working fine.
>
> Recently Sarbanes-Oxley Audit conducted in our company.
> One of the questions they asked is as given below.
> 1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
> SA_Server1) ?
> They don't want any one to login to that server locally using that domain
> account credentials.
> 2.Why builtin/administrators are part of sql users?
>
> How can we prevent anyone logging in to that sql server locally using that
> service account credentials?
> we will be giving that credentials for the 2,3 administrative people only.
> But we don't want them also to login to that server locally using service
> account credentials.
> They should login to that server using their own windows accounts.
>
> How can we turn OFF that interactive log-on?
> is it in group policy or local policy or Active directory member profile?
>
> What are the best security practices for sql server 2000 configuration
> mainly with service accounts?
>
>
> Any kind of help is greatly appreciated.
>
> --Kumar
>
Saturday, February 25, 2012
MSDTC doesn't work on SQL 2k in W2k3 cluster environment
Hi,
I have moved our cluster SQL 2k server from a W2k cluster to a new w2k3 SP1
cluster server recently. After the move, I found two applications that use
MSDTC didn't work. I realized that I made a mistake when I setup the MSDTC, I
didn't enable network DTC access on both nodes before I configured MSDTC and
then installed the SQL server. To remedy this problem, I deleted the MSDTC
resource in the cluster admin, and reconfigured it again after enable the
network DTC access on both nodes. However, the MSDTC on the cluster still
doesn't work. The installation sequence should configure MSDTC first, then
install SQL2K. Does this sequence matter? Do I have to reinstall the SQL
server to get MSDTC work?
I use DTCTester and get following error:
Initializing DTC
Beginning DTC Transaction
Enlisting Connection in Transaction
Error:
SQLSTATE=37000,Native error=8501,msg='[Microsoft][ODBC SQL Server
Driver][SQL Se
rver]MSDTC on server 'AWIDB1' is unavailable.'
Error:
SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid
cur
sor state
Typical Errors in DTC Output When
a. Firewall Has Ports Closed
-OR-
b. Bad WINS/DNS entries
-OR-
c. Misconfigured network
-OR-
d. Misconfigured SQL Server machine that has multiple netcards.
Aborting DTC Transaction
Releasing DTC Interface Pointers
Successfully Released pTransaction Pointer.
Thanks in advance.
Never mind. it worked. I should restart the SQL server after re-configured
the MSDTC resource. Since this server has been in production already, I just
wished that every changes would take effect dynamically.
"Jack Zhang" wrote:
> Hi,
> I have moved our cluster SQL 2k server from a W2k cluster to a new w2k3 SP1
> cluster server recently. After the move, I found two applications that use
> MSDTC didn't work. I realized that I made a mistake when I setup the MSDTC, I
> didn't enable network DTC access on both nodes before I configured MSDTC and
> then installed the SQL server. To remedy this problem, I deleted the MSDTC
> resource in the cluster admin, and reconfigured it again after enable the
> network DTC access on both nodes. However, the MSDTC on the cluster still
> doesn't work. The installation sequence should configure MSDTC first, then
> install SQL2K. Does this sequence matter? Do I have to reinstall the SQL
> server to get MSDTC work?
> I use DTCTester and get following error:
> Initializing DTC
> Beginning DTC Transaction
> Enlisting Connection in Transaction
> Error:
> SQLSTATE=37000,Native error=8501,msg='[Microsoft][ODBC SQL Server
> Driver][SQL Se
> rver]MSDTC on server 'AWIDB1' is unavailable.'
> Error:
> SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid
> cur
> sor state
> Typical Errors in DTC Output When
> a. Firewall Has Ports Closed
> -OR-
> b. Bad WINS/DNS entries
> -OR-
> c. Misconfigured network
> -OR-
> d. Misconfigured SQL Server machine that has multiple netcards.
> Aborting DTC Transaction
> Releasing DTC Interface Pointers
> Successfully Released pTransaction Pointer.
> Thanks in advance.
|||You are correct in that you should have followed the correct and documented
installation sequence; however, you should be able to do it after the fact.
Also know that there is a COM 1.5 bug in Windows 2003.
First, after reclustering the MSDTC, did you configure it within its own
dedicated Cluster Resource Group? It will require the creation of this
group, a dedicated SAN disk, IP, and Network Name cluster resources. Then,
you will need to fail that resource back and forth between the nodes to get
the resource registry entries to synchronize.
You will then need to take the SQL Server IP resource offline, which should
bring the resources in that group offline and then bring the group back
online.
In the SQL Server Error Log, you will see SQL Server attempting to connect
to the DTC resource; if it opens the connection, there will be no additional
messages. If it has a problem however, it will spit out a "Could not
generate resource context" type of error message. That will tell you if
this worked or not.
If this process fails, one other option would be to run through the ADVANCED
section of the SQL Server installation processes. This should
verify/generate the necessary registry key dependencies without having to
completely reinstall.
If this too does not solve the problem, then before you uninstall/reinstall,
I would seriously consider opening a Microsoft Product Support Services
case, MS PSS.
INFO: Availability of Windows Server 2003 COM+ 1.5 Rollup Package 1
http://support.microsoft.com/kb/821751/
You receive error messages when you perform a distributed transaction when
you have a SQL Server 2000 virtual server in a Windows Server 2003 clustered
environment
http://support.microsoft.com/default...b;en-us;889706
How to rebuild or move MSDTC used with a SQL failover cluster
http://support.microsoft.com/default...b;en-us;294209
How to configure Microsoft Distributed Transaction Coordinator on a Windows
Server 2003 cluster
http://support.microsoft.com/kb/301600/
How to enable network DTC access in Windows Server 2003
http://support.microsoft.com/kb/817064/
Good luck and be sure to let us know how it turns out.
Sincerely,
Anthony Thomas
"Jack Zhang" <JackZhang@.discussions.microsoft.com> wrote in message
news:46C965C9-5431-460C-92ED-DE5873B57E2F@.microsoft.com...
> Hi,
> I have moved our cluster SQL 2k server from a W2k cluster to a new w2k3
SP1
> cluster server recently. After the move, I found two applications that use
> MSDTC didn't work. I realized that I made a mistake when I setup the
MSDTC, I
> didn't enable network DTC access on both nodes before I configured MSDTC
and
> then installed the SQL server. To remedy this problem, I deleted the MSDTC
> resource in the cluster admin, and reconfigured it again after enable the
> network DTC access on both nodes. However, the MSDTC on the cluster still
> doesn't work. The installation sequence should configure MSDTC first, then
> install SQL2K. Does this sequence matter? Do I have to reinstall the SQL
> server to get MSDTC work?
> I use DTCTester and get following error:
> Initializing DTC
> Beginning DTC Transaction
> Enlisting Connection in Transaction
> Error:
> SQLSTATE=37000,Native error=8501,msg='[Microsoft][ODBC SQL Server
> Driver][SQL Se
> rver]MSDTC on server 'AWIDB1' is unavailable.'
> Error:
> SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server
Driver]Invalid
> cur
> sor state
> Typical Errors in DTC Output When
> a. Firewall Has Ports Closed
> -OR-
> b. Bad WINS/DNS entries
> -OR-
> c. Misconfigured network
> -OR-
> d. Misconfigured SQL Server machine that has multiple netcards.
> Aborting DTC Transaction
> Releasing DTC Interface Pointers
> Successfully Released pTransaction Pointer.
> Thanks in advance.
|||Did you set the security on MSDTC through the Component Services Applet?
That is a necessary step after all the steps you listed.
Geoff N. Hiten
Senior Database Administrator
Microsoft SQL Server MVP
"Jack Zhang" <JackZhang@.discussions.microsoft.com> wrote in message
news:46C965C9-5431-460C-92ED-DE5873B57E2F@.microsoft.com...
> Hi,
> I have moved our cluster SQL 2k server from a W2k cluster to a new w2k3
> SP1
> cluster server recently. After the move, I found two applications that use
> MSDTC didn't work. I realized that I made a mistake when I setup the
> MSDTC, I
> didn't enable network DTC access on both nodes before I configured MSDTC
> and
> then installed the SQL server. To remedy this problem, I deleted the MSDTC
> resource in the cluster admin, and reconfigured it again after enable the
> network DTC access on both nodes. However, the MSDTC on the cluster still
> doesn't work. The installation sequence should configure MSDTC first, then
> install SQL2K. Does this sequence matter? Do I have to reinstall the SQL
> server to get MSDTC work?
> I use DTCTester and get following error:
> Initializing DTC
> Beginning DTC Transaction
> Enlisting Connection in Transaction
> Error:
> SQLSTATE=37000,Native error=8501,msg='[Microsoft][ODBC SQL Server
> Driver][SQL Se
> rver]MSDTC on server 'AWIDB1' is unavailable.'
> Error:
> SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server
> Driver]Invalid
> cur
> sor state
> Typical Errors in DTC Output When
> a. Firewall Has Ports Closed
> -OR-
> b. Bad WINS/DNS entries
> -OR-
> c. Misconfigured network
> -OR-
> d. Misconfigured SQL Server machine that has multiple netcards.
> Aborting DTC Transaction
> Releasing DTC Interface Pointers
> Successfully Released pTransaction Pointer.
> Thanks in advance.
I have moved our cluster SQL 2k server from a W2k cluster to a new w2k3 SP1
cluster server recently. After the move, I found two applications that use
MSDTC didn't work. I realized that I made a mistake when I setup the MSDTC, I
didn't enable network DTC access on both nodes before I configured MSDTC and
then installed the SQL server. To remedy this problem, I deleted the MSDTC
resource in the cluster admin, and reconfigured it again after enable the
network DTC access on both nodes. However, the MSDTC on the cluster still
doesn't work. The installation sequence should configure MSDTC first, then
install SQL2K. Does this sequence matter? Do I have to reinstall the SQL
server to get MSDTC work?
I use DTCTester and get following error:
Initializing DTC
Beginning DTC Transaction
Enlisting Connection in Transaction
Error:
SQLSTATE=37000,Native error=8501,msg='[Microsoft][ODBC SQL Server
Driver][SQL Se
rver]MSDTC on server 'AWIDB1' is unavailable.'
Error:
SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid
cur
sor state
Typical Errors in DTC Output When
a. Firewall Has Ports Closed
-OR-
b. Bad WINS/DNS entries
-OR-
c. Misconfigured network
-OR-
d. Misconfigured SQL Server machine that has multiple netcards.
Aborting DTC Transaction
Releasing DTC Interface Pointers
Successfully Released pTransaction Pointer.
Thanks in advance.
Never mind. it worked. I should restart the SQL server after re-configured
the MSDTC resource. Since this server has been in production already, I just
wished that every changes would take effect dynamically.
"Jack Zhang" wrote:
> Hi,
> I have moved our cluster SQL 2k server from a W2k cluster to a new w2k3 SP1
> cluster server recently. After the move, I found two applications that use
> MSDTC didn't work. I realized that I made a mistake when I setup the MSDTC, I
> didn't enable network DTC access on both nodes before I configured MSDTC and
> then installed the SQL server. To remedy this problem, I deleted the MSDTC
> resource in the cluster admin, and reconfigured it again after enable the
> network DTC access on both nodes. However, the MSDTC on the cluster still
> doesn't work. The installation sequence should configure MSDTC first, then
> install SQL2K. Does this sequence matter? Do I have to reinstall the SQL
> server to get MSDTC work?
> I use DTCTester and get following error:
> Initializing DTC
> Beginning DTC Transaction
> Enlisting Connection in Transaction
> Error:
> SQLSTATE=37000,Native error=8501,msg='[Microsoft][ODBC SQL Server
> Driver][SQL Se
> rver]MSDTC on server 'AWIDB1' is unavailable.'
> Error:
> SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid
> cur
> sor state
> Typical Errors in DTC Output When
> a. Firewall Has Ports Closed
> -OR-
> b. Bad WINS/DNS entries
> -OR-
> c. Misconfigured network
> -OR-
> d. Misconfigured SQL Server machine that has multiple netcards.
> Aborting DTC Transaction
> Releasing DTC Interface Pointers
> Successfully Released pTransaction Pointer.
> Thanks in advance.
|||You are correct in that you should have followed the correct and documented
installation sequence; however, you should be able to do it after the fact.
Also know that there is a COM 1.5 bug in Windows 2003.
First, after reclustering the MSDTC, did you configure it within its own
dedicated Cluster Resource Group? It will require the creation of this
group, a dedicated SAN disk, IP, and Network Name cluster resources. Then,
you will need to fail that resource back and forth between the nodes to get
the resource registry entries to synchronize.
You will then need to take the SQL Server IP resource offline, which should
bring the resources in that group offline and then bring the group back
online.
In the SQL Server Error Log, you will see SQL Server attempting to connect
to the DTC resource; if it opens the connection, there will be no additional
messages. If it has a problem however, it will spit out a "Could not
generate resource context" type of error message. That will tell you if
this worked or not.
If this process fails, one other option would be to run through the ADVANCED
section of the SQL Server installation processes. This should
verify/generate the necessary registry key dependencies without having to
completely reinstall.
If this too does not solve the problem, then before you uninstall/reinstall,
I would seriously consider opening a Microsoft Product Support Services
case, MS PSS.
INFO: Availability of Windows Server 2003 COM+ 1.5 Rollup Package 1
http://support.microsoft.com/kb/821751/
You receive error messages when you perform a distributed transaction when
you have a SQL Server 2000 virtual server in a Windows Server 2003 clustered
environment
http://support.microsoft.com/default...b;en-us;889706
How to rebuild or move MSDTC used with a SQL failover cluster
http://support.microsoft.com/default...b;en-us;294209
How to configure Microsoft Distributed Transaction Coordinator on a Windows
Server 2003 cluster
http://support.microsoft.com/kb/301600/
How to enable network DTC access in Windows Server 2003
http://support.microsoft.com/kb/817064/
Good luck and be sure to let us know how it turns out.
Sincerely,
Anthony Thomas
"Jack Zhang" <JackZhang@.discussions.microsoft.com> wrote in message
news:46C965C9-5431-460C-92ED-DE5873B57E2F@.microsoft.com...
> Hi,
> I have moved our cluster SQL 2k server from a W2k cluster to a new w2k3
SP1
> cluster server recently. After the move, I found two applications that use
> MSDTC didn't work. I realized that I made a mistake when I setup the
MSDTC, I
> didn't enable network DTC access on both nodes before I configured MSDTC
and
> then installed the SQL server. To remedy this problem, I deleted the MSDTC
> resource in the cluster admin, and reconfigured it again after enable the
> network DTC access on both nodes. However, the MSDTC on the cluster still
> doesn't work. The installation sequence should configure MSDTC first, then
> install SQL2K. Does this sequence matter? Do I have to reinstall the SQL
> server to get MSDTC work?
> I use DTCTester and get following error:
> Initializing DTC
> Beginning DTC Transaction
> Enlisting Connection in Transaction
> Error:
> SQLSTATE=37000,Native error=8501,msg='[Microsoft][ODBC SQL Server
> Driver][SQL Se
> rver]MSDTC on server 'AWIDB1' is unavailable.'
> Error:
> SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server
Driver]Invalid
> cur
> sor state
> Typical Errors in DTC Output When
> a. Firewall Has Ports Closed
> -OR-
> b. Bad WINS/DNS entries
> -OR-
> c. Misconfigured network
> -OR-
> d. Misconfigured SQL Server machine that has multiple netcards.
> Aborting DTC Transaction
> Releasing DTC Interface Pointers
> Successfully Released pTransaction Pointer.
> Thanks in advance.
|||Did you set the security on MSDTC through the Component Services Applet?
That is a necessary step after all the steps you listed.
Geoff N. Hiten
Senior Database Administrator
Microsoft SQL Server MVP
"Jack Zhang" <JackZhang@.discussions.microsoft.com> wrote in message
news:46C965C9-5431-460C-92ED-DE5873B57E2F@.microsoft.com...
> Hi,
> I have moved our cluster SQL 2k server from a W2k cluster to a new w2k3
> SP1
> cluster server recently. After the move, I found two applications that use
> MSDTC didn't work. I realized that I made a mistake when I setup the
> MSDTC, I
> didn't enable network DTC access on both nodes before I configured MSDTC
> and
> then installed the SQL server. To remedy this problem, I deleted the MSDTC
> resource in the cluster admin, and reconfigured it again after enable the
> network DTC access on both nodes. However, the MSDTC on the cluster still
> doesn't work. The installation sequence should configure MSDTC first, then
> install SQL2K. Does this sequence matter? Do I have to reinstall the SQL
> server to get MSDTC work?
> I use DTCTester and get following error:
> Initializing DTC
> Beginning DTC Transaction
> Enlisting Connection in Transaction
> Error:
> SQLSTATE=37000,Native error=8501,msg='[Microsoft][ODBC SQL Server
> Driver][SQL Se
> rver]MSDTC on server 'AWIDB1' is unavailable.'
> Error:
> SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server
> Driver]Invalid
> cur
> sor state
> Typical Errors in DTC Output When
> a. Firewall Has Ports Closed
> -OR-
> b. Bad WINS/DNS entries
> -OR-
> c. Misconfigured network
> -OR-
> d. Misconfigured SQL Server machine that has multiple netcards.
> Aborting DTC Transaction
> Releasing DTC Interface Pointers
> Successfully Released pTransaction Pointer.
> Thanks in advance.
Subscribe to:
Posts (Atom)