How to configure the MSDTC service to listen on a specific RPC server port

Starting in Windows 7 and Windows Server 2008 R2 you can now configure the Microsoft Distributed Transaction Coordinator (MSDTC) to listen on a specific RPC server port. This is great news for network or firewall administrators. No longer do you have to open up a range of RPC Server ports and then guess at how many ports to allow in that range so that DTC communication can flow through the firewall.

To configure DTC to listen on a specific RPC server port add or modify the following registry key value

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\
Name: ServerTcpPort
Type: REG_DWORD
Value: Numerical value of the port you want DTC to listen on. (i.e. 0x00001f90 = decimal value port 8080)

Setting and changing this value requires a restart of the MSDTC service for the changes to take effect.

DTC_ServerTcpPort_1

You can use netstat.exe to confirm that the MSDTC service is listening on that configured server port. Here TaskManager tells us DTC has a process id (PID) of 6496. Using netstat.exe –oan we can confirm that PID 6496 is listening on port 8080 as we have configured in the ServerTcpPort registry value.

DTC_ServerTcpPort_2

At this point, to support OLE Transaction communication between machines, you should allow bi-directional TCP traffic in your firewall on port 135, for the endpoint mapper, and the single specific ServerTcpPort port instead of a port range like we did in earlier operating systems.

Clustered DTC instances

The good news is that this ServerTcpPort setting is configurable for MSDTC Cluster resource instances on a Windows 2008 R2 cluster as well, just from a different registry location. In the screenshot below you will see three different instances of msdtc.exe process running on a single node of a Windows Server 2008 R2 Cluster. One instance of msdtc.exe is the local DTC service (listening on port 8080). The local DTC service instance reads the same ServerTcpPort registry value identified at the path described above. I then added two new applications to the cluster and added a new DTC Cluster Resource to each application, listening on configured ports 8081 and 8082.

To configure your DTC cluster resource to listen on a specific port on a Windows Server 2008 R2 Cluster you have to find the DTC registry hive for that DTC cluster resource instance:

Path: HKEY_LOCAL_MACHINE\Cluster\Resources\ {Unique_DTC_ResourceID_GUID} \MSDTCPRIVATE\MSDTC
Name: ServerTcpPort
Type: DWORD (32-bit) Value
Value: Numerical value of the port you want DTC to listen on. (i.e. 0x00001f91 = decimal value port 8081)

To identify the specific Unique_DTC_ResourceID_GUID registry hive to use reference the screenshot below. Open services console to find the list of DTC services that are running on the cluster node. The cluster instances will append the cluster resource id to the service name. You can navigate to that section in the registry hive (in our example below we navigated to HKEY_LOCAL_MACHINE\Cluster\Resources\61d9b903-df08-4ef4-b416-b3e33ecf72cc). Once you have that hive selected check the Name registry value to confirm if this is the DTC cluster instance you want to have listen on the specific port. Then just add the ServerTcpPort registry value to the \MSDTCPRIVATE\MSDTC registry sub-hive location as indicated above.

Changes to the ServerTcpPort cluster resource registry values also require a restart of the DTC cluster resource.  

Cheers
-Todd Foust

ServerTcpPort setting is documented on MSDN here.