FIX: The Distributed Transaction Coordinator service security settings revert to the default settings (918327)


The information in this article applies to:

  • Microsoft COM+

SYMPTOMS

When you elevate a computer that is running the Microsoft Distributed Transaction Coordinator (MSDTC) service to be a primary domain controller, the following events occur in the following order:
  • The Distributed Transaction Coordinator service recognizes this change.
  • The Distributed Transaction Coordinator service security settings revert to the default settings.
  • The Distributed Transaction Coordinator service restarts.
  • XA transaction support is turned off.

CAUSE

This behavior occurs because the Distributed Transaction Coordinator service is designed to default back to a secure setting when a computer that is running the Distributed Transaction Coordinator service has been made a domain controller.

RESOLUTION

To resolve this behavior, manually check which security settings are enabled on the computer before the computer that is running the Distributed Transaction Coordinator service is made a domain controller. After the computer is made a domain controller, manually reset the security settings to their previous settings. For more information about the Distributed Transaction Coordinator service, click the following article number to view the article in the Microsoft Knowledge Base:

899191 New functionality in the Distributed Transaction Coordinator service in Windows Server 2003 Service Pack 1 and in Windows XP Service Pack 2

STATUS

This behavior is by design.

MORE INFORMATION

Steps to reproduce the behavior

  1. Configure two domain controllers in a domain.
  2. Configure the Distributed Transaction Coordinator service security settings. To do this, follow these steps:
    1. Open Component Services.
    2. Expand Component Services, expand Computers, right-click My Computer, and then click Properties.
    3. Click the MSDTC tab, and then click Security Configuration.
    4. Click to select the Allow Inbound check box, and then click OK.
    5. Click OK to close the My Computer Properties dialog box.
  3. Set the primary domain controller (PDC) role to the computer that is running the Distributed Transaction Coordinator service. The Distributed Transaction Coordinator service will restart.
  4. Examine the security setting that you set in step 2. The Allow Inbound check box is no longer selected.
Modification Type:MajorLast Reviewed:6/23/2006
Keywords:kbDTC kbinfo kbtshoot kbprb KB918327 kbAudDeveloper kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.