How to configure the MSDTC service to listen on a specific RPC server port


Starting in Windows 7 and Windows Server 2008 R2 you can now configure the Microsoft Distributed Transaction Coordinator (MSDTC) to listen on a specific RPC server port. This is great news for network or firewall administrators. No longer do you have to open up a range of RPC Server ports and then guess at how many ports to allow in that range so that DTC communication can flow through the firewall.

To configure DTC to listen on a specific RPC server port add or modify the following registry key value

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\
Name: ServerTcpPort
Type: REG_DWORD
Value: Numerical value of the port you want DTC to listen on. (i.e. 0x00001f90 = decimal value port 8080)

Setting and changing this value requires a restart of the MSDTC service for the changes to take effect.

DTC_ServerTcpPort_1

You can use netstat.exe to confirm that the MSDTC service is listening on that configured server port. Here TaskManager tells us DTC has a process id (PID) of 6496. Using netstat.exe –oan we can confirm that PID 6496 is listening on port 8080 as we have configured in the ServerTcpPort registry value.

DTC_ServerTcpPort_2

At this point, to support OLE Transaction communication between machines, you should allow bi-directional TCP traffic in your firewall on port 135, for the endpoint mapper, and the single specific ServerTcpPort port instead of a port range like we did in earlier operating systems.

Clustered DTC instances

The good news is that this ServerTcpPort setting is configurable for MSDTC Cluster resource instances on a Windows 2008 R2 cluster as well, just from a different registry location. In the screenshot below you will see three different instances of msdtc.exe process running on a single node of a Windows Server 2008 R2 Cluster. One instance of msdtc.exe is the local DTC service (listening on port 8080). The local DTC service instance reads the same ServerTcpPort registry value identified at the path described above.  I then added two new applications to the cluster and added a new DTC Cluster Resource to each application, listening on configured ports 8081 and 8082.

To configure your DTC cluster resource to listen on a specific port on a Windows Server 2008 R2 Cluster you have to find the DTC registry hive for that DTC cluster resource instance:

Path: HKEY_LOCAL_MACHINE\Cluster\Resources\{Unique_DTC_ResourceID_GUID}\MSDTCPRIVATE\MSDTC
Name: ServerTcpPort
Type: DWORD (32-bit) Value
Value: Numerical value of the port you want DTC to listen on. (i.e. 0x00001f91 = decimal value port 8081)

To identify the specific Unique_DTC_ResourceID_GUID registry hive to use reference the screenshot below. Open services console to find the list of DTC services that are running on the cluster node. The cluster instances will append the cluster resource id to the service name. You can navigate to that section in the registry hive (in our example below we navigated to HKEY_LOCAL_MACHINE\Cluster\Resources\61d9b903-df08-4ef4-b416-b3e33ecf72cc). Once you have that hive selected check the Name registry value to confirm if this is the DTC cluster instance you want to have listen on the specific port. Then just add the ServerTcpPort registry value to the \MSDTCPRIVATE\MSDTC registry sub-hive location as indicated above.

Changes to the ServerTcpPort cluster resource registry values also require a restart of the DTC cluster resource.  

Cheers
-Todd Foust

ServerTcpPort setting is documented on MSDN here.

Comments (10)

  1. Hi!

    I followed the instructions mentionned in this blog.  MSTDC seems to be listening on the correct port (on our Windows 2008 R2 server).  BUT, it seems MSDTC is still opening other ports on the Win 2008 R2 during transactions received from another server (Windows 2003 R2).  These other ports are blocked by our firewall.  Isn't the ServerTcpPort key supposed to stop the dynamically allocation of ports during transactions processing?

  2. Todd Foust says:

    Hello Pat. I would only expect to see the server port you configured to msdtc.exe opened. Are you seeing other Server ports getting opened, or do you see MSDTC on the 2008 R2 box opening a client port to make a callback to the 2003 R2 instance? DTC will make an outbound RPC call back to the MSDTC instance of the 2003 machine, which uses dynamic port range so you may have to account for that traffic. You can limit the possible ports that DTC would listen on for the 2003 machine by using steps outlined in this article: support.microsoft.com/…/250367

    To determine if MSDTC is opening up another server port, instead of client port, then try to get that same netstat -oan output and confirm if there are two server ports opened for the same msdtc.exe process, look for two different ports on that "Local Address" column that match 0.0.0.0:#### for the same msdtc.exe process id. I have a feeling you may be seeing that MSDTC trying to make a RPC call back to MSDTC on the 2003 box and your firewall may be blocking that callback.

  3. Frank says:

    Hello,

    Can the static assigned MSDTC port be the same across all running MSDTC instances?

    I have 4 Windows 2008 R2 servers running MSDTC and would like to assign the same port number to

    each MSDTC instance.

    Thanks

    Frank

  4. Hello Frank. As long as those 4 instances are all running on separate servers. If you have one instance of msdtc.exe running on each of the 4 servers then yes they all can be configured to listen on the same port. However if you are attempting to configure four instances of msdtc.exe on the SAME machine then you will have to select different ports for each. There is not a port sharing service for MSDTC.exe instances on the same machine.

    Hope this helps.

    -Todd

  5. Gerry says:

    Hello Todd, we have an SQL Cluster that is configured with clustered DTC and I was previously reading that, since many resources use DTC, you would have to configure a port range in the order of 50-100 ports.  Is this no longer needed?

  6. Dale C says:

    Thanks for the article. What effect does this have on performance modelling, say with a farm of load-balanced web servers and clustered DB servers serving multiple thousand connections (upwards of 5000 per server)? Does this improve the performance under high load from the way 2003 was listening on ports?

    Thanks again,

    -Dale

  7. Todd Foust says:

    Hello Gerry, Do you have a link for the documentation that still recommends this? This article talks specifically about the DTC service. I'm not sure if SQL cluster might have other services that listen on other dynamic RPC server ports, which may still require a range of ports to be available.

  8. Todd Foust says:

    Hello Dale,

    This change will have no effect on the performance throughput for your scenario. The settings described in this article only control the port that MSDTC service listens on. It will always only listen on a single port (per instance of DTC). Instead of randomly getting a single port from the available RPC dynamic server port range, you can manually configure which port gets selected. The rest of DTC behavior will be the same as before.

    Hope this helps.

    Todd

  9. Tariq says:

    Thanks for wonderful post !!

    I have 2 Web Server & 2 SQL Server (Clustered) there is firewall between them..

    Scenario_1:

    On all 4 servers, Configured RPC Ports under dcomcnfg – 5100-5200  

    Port configured for Local MSDTC through registry – 5101 on 2 Web and 2 SQL Server

    Port configured for Clustered MSDTC through registry – 5102  on SQL Clustered Server

    Result >> everything working fine in DTCtester.exe

    Scenario_2:

    On all 4 servers, REMOVED  RPC Ports under dcomcnfg – 5100-5200  

    Port configured for Local MSDTC through registry – 5101 on 2 Web and 2 SQL Server

    Port configured for Clustered MSDTC through registry – 5102  on SQL Clustered Server

    Result >> test failing for DTCtester.exe

    My Query:

    If we want to use the 2nd scenario so that 'RPC' uses only those two defined ports for 'MSDTC' then is there anything to change on the WEB or SQL Server !!

    Many Thanks

  10. Eric says:

    Changing this port on a cluster you need to change the active node then the passive nodes first otherwise the port will not survive a reboot