Re: Win2k3 SP1 error: New transaction cannot enlist in the specifi
- From: "Henrik" <henrik_the_boss@xxxxxxxxxxx>
- Date: Wed, 25 May 2005 17:34:33 +0200
Glad to hear it, Ronan, and it might come in handy to know that if the s**t
hits the fan someday, twiddling with the authetication settings might get
some results.
I have had problems with authentication issues on previous operating
systems, but that was mostly setting up DCOM and remote automation, and then
one almost always had to set authentication to none, or you wound up getting
error 5, "Access Denied".
As I haven't had to configure anything like it lately, I haven't had to do
it on Win 2003 (mostly NT 4 in fact, post SP4)
// Henrik
"Ronan" <Ronan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:85FBAC51-D288-47ED-A61C-19E3740B0A88@xxxxxxxxxxxxxxxx
>
> Hi Henrik
>
> Good news, I managed to solve the problem!!
>
> On PROD_OPDB1 (the Win2k3 server with SQL Server) in Comp Serverices-->
> My Computer--> MSDTC tab--> Security Configuration, I had to set it to the
> lowest level, no authentication. This is the same setting as PROD_COM1
(Web
> server/COM+ components installed)
>
> So in other words what I'm saying is that the SQL Server machine where
there
> are NO installed COM+ components has to have the same COM+ MSDTC settings
as
> the machine in which the COM+ components are actually installed!!...not
> exactly obvious
>
> Anyway many thanks for your very helpful suggestions
>
>
> Ronan
>
>
>
>
>
>
>
>
>
> --
> Ronan
>
>
> "Henrik" wrote:
>
> > OK.
> >
> > Its been a while since I last programmed in VB6, so I'm a bit rusty, but
I
> > only rememer one problem that I have come across when moving existing
apps
> > to a Windows Server 2003.
> >
> > What we came upon was the fact that Windows Server 2003 requires roles
to
> > allow access to a COM+ package, something which wasn't necessary in
earlier
> > version of Windows.
> > If you haven't yet done this, because your app does not use MTS roles,
just
> > add a dummy role, and add Everyone to that role.
> > But from your error description, it doesn't sound as if that is the
problem
> > (from what I remember, I got a "Access Denied" or some such, and not the
> > transaction error)
> >
> > Do you use SQL Username and password, or SSPI to logon to the database
(if
> > you set an identity on your COM+ package, the package and the COM+ dlls
will
> > henceforth connect to the database with that identity, thus enabling
SSPI
> > even though the ASP pages executes as IUSR_<computer name>). But
ofcourse,
> > if you have to set the TurnOffRPCSecurity flag to 1, this implicitely
means
> > that the WEB server lies in another domain than the SQL Server. But if
there
> > is trust between the domains, SSPI could still be used, and you could
> > perhaps test if using an Administrative Account works.
> >
> > Have you checked the event log, to see if you fail because of security?
> >
> > I can test to set up an old VB6 project on a Windows Server 2003
tomorrow,
> > and see what I get.
> >
> > The project uses asp-pages to transport xml-requests so that the flow
goes
> > like this:
> >
> > Windows UI -> Business Logic -> XMLHTTPRequest -> ASP -> Business
> > Persistancy -> DBO -> DB
> >
> > Where:
> > Business Logic = Collection and Item classes for our objects (customer
and
> > customers, User and Users, and so on)
> > Business Persistancy = A project with a number of specific classes, that
has
> > DB table specific queries for a customer or user for example.
> > DBO = generic database handler
> >
> > The Business Persistancy projects classes has almost all their
individual
> > classes marked as requires, so should in effect get the same effect as
your
> > project.
> >
> >
> > The only thing with my project is that all my Windows Server 2003
servers
> > are in the same domain.
> >
> > // Henrik
> >
> >
> >
> >
> >
> >
> >
> >
> > "Ronan" <Ronan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:20C8DDD4-DE8F-4B31-A8B9-1CA0AE8DDF1B@xxxxxxxxxxxxxxxx
> > > Hi Henrik
> > >
> > > Yes I have a COM+ comp "A" which runs in a transaction which calls
another
> > > COM+ comp "B". "B" is a common DLL which is used to connect to SQL.
> > > I made a change to the ASP code so that the ASP calls "B" directly
rather
> > > than "A" calls "B" and again it only worked if transaction=supported
NOT
> > > transaction=required
> > > The COM+ comps are VB6 not .NET. The components were already working
on a
> > > Win2k machine so I just copied them over to the Win2k3 server as they
were
> > > without changing any of the settings.
> > > I'm going to set up a SQL database on the same machine as the web
server
> > and
> > > see what happens.
> > >
> > >
> > > --
> > > Ronan
> > >
> > >
> > > "Henrik" wrote:
> > >
> > > > Hello Ronan.
> > > >
> > > > So let me be clear on this.
> > > >
> > > > You have a COM+ DLL, which handles call to the database.
> > > > This dll supports transactions, but does not initiate transaction
calls.
> > > >
> > > > The other dll, calls on the first dll.
> > > > This dll, requires transactions, and as it calls on the first
component,
> > > > makes dll 1 enlist in the transaction.
> > > >
> > > >
> > > > If this is correct, I have a couple of questions:
> > > >
> > > > Are the dll's .NET Framework dll, using System.EnterpriseServices?
> > > > If so, are they registered in GAC?
> > > > Are the dll's correctly installed? You can use RegistrationHelper to
> > > > automate installation of COM+ components, and there are other ways
also.
> > > >
> > > > If you do a "dummy" call to to DLL which requires transactions,
without
> > > > going on to the database dll, does it work then?
> > > > If it works, then the problem might lie between the different
machines,
> > as a
> > > > call to the "local" dll works, but when calling on, and executes a
query
> > > > agains a database on another machine, gets DTC error.
> > > > If it doesn't work, then the problem seems to be isolated to the
machine
> > > > that hosts the dlls.
> > > >
> > > >
> > > > As the DTCping tool did not find any errors, it migh concievably be
an
> > error
> > > > in the COM+ registration for your particular set of files.
> > > >
> > > > // Henrik
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > "Ronan" <Ronan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > news:225A1BDF-759B-48C5-86B4-2C54821DC305@xxxxxxxxxxxxxxxx
> > > > > Hi Henrik
> > > > >
> > > > > Thanks for your suggestions. I downloaded the DTCPing from
Microsofts
> > web
> > > > > site.
> > > > > It worked in both directions on both machines for DTC and RPC.
> > > > > I tried running the 'BEGIN DISTRIBUTED TRANSACTION' in query
analyser
> > on
> > > > the
> > > > > web server and again this worked fine.
> > > > > TurnOffRPCSecurity flag in the registry was set to 1 anyway. I
> > rebooted
> > > > both
> > > > > machines but unfortunately it still doesn't work.
> > > > > One thing I didn't mention is the COM+ DLL which calls the stored
> > > > procedure
> > > > > is a common "data access" DLL which in turn is called by a another
DLL
> > "A"
> > > > > (this DLL has transaction support = required) and the "data
access"
> > DLL
> > > > has
> > > > > transaction support = supported. So "A" calls the "data access".
> > > > >
> > > > > Any other suggestions?
> > > > >
> > > > >
> > > > > --
> > > > > Ronan
> > > > >
> > > > >
> > > > > "Henrik" wrote:
> > > > >
> > > > > > There is a tool that Microsoft provides to check this problem,
and
> > it is
> > > > > > called DTCPing.
> > > > > > We got it after calling MS support over the same issue. I would
> > enclose
> > > > the
> > > > > > tool with this Post, but I'm unsure if it is publicly available.
> > > > > >
> > > > > > Check this out.
> > > > > > Mail from tech guy
> > > > > >
> > > > > > Let's start changing the registry value for NetworkDTCAccess.
The
> > formal
> > > > way
> > > > > > to accomplish this is to change value in Component Services
console.
> > You
> > > > > > right click the 'My PC' icon then go to the DTC tab, then click
> > > > 'Security
> > > > > > Configuration' and enable the 'Network DTC Access' option.
> > > > > >
> > > > > > Open again DTCPing and check the reported value. If it's still
> > showing
> > > > wrong
> > > > > > value, let's go thru the registry. Keys are located at
> > > > > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security
> > > > > >
> > > > > > Values there should be 0 or 1 depending on the marked checks in
the
> > > > screen.
> > > > > > Go and switch the NetworkDTCAccess from 0 to 1
> > > > > >
> > > > > > If the above does not work , we should go through other things.
> > First
> > > > one is
> > > > > > network. WINS should not be a problem here ,but provide me
details
> > with
> > > > > > teaming .
> > > > > >
> > > > > > Another easy test here is to open a Query Analyzer from the
> > webserver
> > > > > > machine and try a 'BEGIN DISTRIBUTED TRANS' command. If this
fails,
> > the
> > > > > > problem is on DTC, but if this works, then we should have a look
to
> > the
> > > > > > application itself.
> > > > > >
> > > > > > If you need me to provide any detail please let me know. Regards
> > > > > > [Protected]
> > > > > >
> > > > > >
> > > > > > My response to his mail as follows:
> > > > > > We changed the flag on the SQL server machine, and it worked
(after
> > the
> > > > > > machine was restarted).
> > > > > > The tool was a great help, though it makes me wonder how big the
> > problem
> > > > is,
> > > > > > since you have developed a
> > > > > > custom diagnostic tool just for this. :-)
> > > > > >
> > > > > > I've read about this problem on the internet, and so would like
to
> > ask
> > > > what
> > > > > > to do if the machines are in different domains, and no trusts
exist.
> > > > > > Is the only solution then to change the TurnOffRpcSecurity flag
to
> > 1, or
> > > > is
> > > > > > there any smarter way to enable transactions?
> > > > > >
> > > > > >
> > > > > > Which resulted in the following mail from the tech again:
> > > > > > Glad to hear this Henrik.
> > > > > > Regarding the RPC question, I'm afraid there's no choice. This
> > article
> > > > > > details how to change this value:
> > > > > >
> > > > > > 827805 BUG: MSDTC Fails to Mutually Authenticate When Computers
Do
> > Not
> > > > Run
> > > > > > in
> > > > > > http://support.microsoft.com/?id=827805
> > > > > >
> > > > > > If you need further information please let me know. Also, if we
can
> > > > close
> > > > > > this support request also drop me an email
> > > > > >
> > > > > > Thanks & regards
> > > > > > [Protected]
> > > > > >
> > > > > >
> > > > > >
> > > > > > To distill this into something useful
> > > > > > Make sure all is configured as it should be, and then RESTART
both
> > > > machines.
> > > > > > While this problem persisted after making sure that all settings
> > were as
> > > > > > they should, the problem disappeared "magically" after
rebooting.
> > > > > >
> > > > > > // Henrik
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Ronan" <Ronan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > > > news:1544C9BD-6F7C-4606-80D9-92F19EB199B9@xxxxxxxxxxxxxxxx
> > > > > > >
> > > > > > > Hi
> > > > > > >
> > > > > > > I'm testing a migration from windows 2000 to a windows 2003
> > server.
> > > > > > > We have a test LAN composed of a domain called "FITNESS"
composed
> > of a
> > > > > > > Win2k3 Standard Edition SP1 server (PROD_COM1) with IIS, COM+
and
> > > > another
> > > > > > > WIN2K3 SP1 server running SQL Server 2000 (SP3a) called
> > PROD_OPDB1.
> > > > > > > I have an ASP web page installed on PROD_COM1 calling COM+
> > components
> > > > > > > installed on PROD_COM1 which in turn call SQL Server stored
> > procedures
> > > > on
> > > > > > > PROD_OPDB1. The COM+ components have transaction support set
to
> > > > Required
> > > > > > but
> > > > > > > I keep getting this ADO error "New tranasction cannot enlist
in
> > the
> > > > > > specified
> > > > > > > transaction coordinator" 8004d00a. The only way I can get it
to
> > work
> > > > is by
> > > > > > > setting the transaction support to Supported.
> > > > > > > In the MSDTC tab in My Computer in Component Servcices in
security
> > > > > > > configuration I have set the Trnsaction Manager Communication
to
> > > > "Allow
> > > > > > > Inbound" and "Allow Outbound" and "no authentication required"
..
> > The
> > > > > > FITNESS
> > > > > > > domain doesn't have a firewall. MSDTC is running on PROD_COM1
and
> > > > > > > PROD_OPDB1. The COM+ components are written in VB6. I have
> > installed
> > > > > > network
> > > > > > > DTC access components on both machines. I disabled RPC
secuirty
> > for
> > > > MSDTC
> > > > > > > service on SQL server in the registry but all to no availl.
> > > > > > > I have looked all over the web and on these Microsoft
newsgroups
.
- Follow-Ups:
- References:
- Win2k3 SP1 error: New transaction cannot enlist in the specified
- From: Ronan
- Re: Win2k3 SP1 error: New transaction cannot enlist in the specified
- From: Henrik
- Re: Win2k3 SP1 error: New transaction cannot enlist in the specifi
- From: Ronan
- Re: Win2k3 SP1 error: New transaction cannot enlist in the specifi
- From: Henrik
- Re: Win2k3 SP1 error: New transaction cannot enlist in the specifi
- From: Ronan
- Re: Win2k3 SP1 error: New transaction cannot enlist in the specifi
- From: Henrik
- Re: Win2k3 SP1 error: New transaction cannot enlist in the specifi
- From: Ronan
- Win2k3 SP1 error: New transaction cannot enlist in the specified
- Prev by Date: RE: Terminal Services
- Next by Date: Re: Windows 2003 server screensaver
- Previous by thread: Re: Win2k3 SP1 error: New transaction cannot enlist in the specifi
- Next by thread: Re: Win2k3 SP1 error: New transaction cannot enlist in the specifi
- Index(es):
Relevant Pages
|
