You cannot bring a Microsoft Distributed Transaction Coordinator resource online after you create it on a Windows Server 2003-based server cluster

Symptoms

After you create a Microsoft Distributed Transaction Coordinator (MSDTC) resource on a Microsoft Windows Server 2003-based server cluster, the resource is created successfully. However, when you try to bring this resource online, you are not successful. In this scenario, the MSDTC resource remains offline with a status of "Failed."

Cause

This problem occurs if the local Administrator account does not have the SE_SECURITY_NAME user right. This problem occurs if the Administrators group has been removed from the Manage auditing and security log setting in the local security settings of the cluster node.

To view this setting, follow these steps:
  1. Click Start, point to
    Administrative Tools, and then click Local Security Policy.
  2. Expand Local Policies, and then click
    User Rights Assignments.
  3. In the right pane, double-click Manage auditing and security log.
The MSDTC resource startup code does not verify whether the Administrator has the SE_SECURITY_NAME user right assigned.

Resolution

To resolve this problem, follow these steps:
  1. Install the Windows Server 2003 COM+ 1.5 Rollup Package 3 on each cluster node.
    For additional information about how to obtain this rollup package, click the following article number to view the article in the Microsoft Knowledge Base:

    883955 Availability of Windows Server 2003 COM+ 1.5 Rollup Package 3

    This rollup package contains a hotfix to cause the MSDTC resource to verify the permission level that it runs under when it starts. Without this hotfix applied, you must remove and then reinstall the MSDTC service to pick up a change in permissions. For additional information about how to do this, see the "Workaround" section.
  2. Remove the MSDTC resource from the cluster. To do this, follow these steps:
    1. Start the Cluster Administrator tool.
    2. Expand your cluster, expand Groups, and then click the group that contains the MSDTC resource.
    3. In the right pane, right-click MSDTC, and then click Delete.
    4. When you receive the following message, click Yes:
      Are you sure resource 'MSDTC' should be deleted?
  3. Uninstall the MSDTC. To do this, follow these steps:
    1. Click Start, click
      Run, type cmd, and then click
      OK.
    2. At the command prompt, type MSDTC -uninstall , and then press ENTER.
  4. Stop the Cluster Service. To do this, follow these steps:
    1. Click Start, click
      Run, type cmd, and then click
      OK.
    2. At the command prompt, type net stop clussvc, and then press ENTER.
  5. Add the Administrators group to the Manage auditing and security log local security setting. To do this, follow these steps:
    1. Click Start, point to
      Administrative Tools, and then click Local Security Policy.
    2. Expand Local Policies, and then click
      User Rights Assignments.
    3. In the right pane, double-click Manage auditing and security log.
    4. Click Add User or Group, type
      Administrators in the Enter the object names to select box, click Check Names, and then click
      OK.
    5. Click OK, and then quit the Local Security Settings tool.
  6. Start the Cluster Service. To do this, follow these steps:
    1. Click Start, click
      Run, type cmd, and then click
      OK.
    2. At the command prompt, type net start clussvc, and then press ENTER.
  7. Follow steps 3 through 5 for each cluster node.
  8. Create a new MSDTC resource. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

    301600 How to configure Microsoft Distributed Transaction Coordinator on a Windows Server 2003 cluster

  9. Right-click the new MSDTC resource that you created, and then click Bring Online.

Workaround

To work around this problem, follow these steps:
  1. Remove the MSDTC resource from the cluster. To do this, follow these steps:
    1. Start the Cluster Administrator tool.
    2. Expand your cluster, expand Groups, and then click the group that contains the MSDTC resource.
    3. In the right pane, right-click MSDTC, and then click Delete.
    4. When you receive the following message, click Yes:
      Are you sure resource 'MSDTC' should be deleted?
  2. On each cluster node, stop the MSDTC service. To do this, follow these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. Type net stop msdtc, and then press ENTER.
  3. Remove the MSDTC service from each cluster node. To do this, follow these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. Type msdtc -uninstall, and then press ENTER.
  4. Verify that the MSDTC service no longer appears in the Services Microsoft Management Console (MMC) snap-in. To view the Services MMC snap-in, click Start, click Run, type services.msc, and then click OK.
  5. Stop the Cluster Service. To do this, follow these steps:
    1. Click Start, click
      Run, type cmd, and then click
      OK.
    2. At the command prompt, type net stop clussvc, and then press ENTER.
  6. Add the Administrators group to the Manage auditing and security log local security setting. To do this, follow these steps:
    1. Click Start, point to
      Administrative Tools, and then click Local Security Policy.
    2. Expand Local Policies, and then click
      User Rights Assignments.
    3. In the right pane, double-click Manage auditing and security log.
    4. Click Add User or Group, type
      Administrators in the Enter the object names to select box, click Check Names, and then click
      OK.
    5. Click OK, and then quit the Local Security Settings tool.
  7. Start the Cluster Service. To do this, follow these steps:
    1. Click Start, click
      Run, type cmd, and then click
      OK.
    2. At the command prompt, type net start clussvc, and then press ENTER.
  8. Install the MSDTC service. To do this, follow these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. Type msdtc -install, and then press ENTER.
  9. Verify that the MSDTC service appears in the Services MMC snap-in.
  10. Create a new MSDTC resource. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

    301600 How to configure Microsoft Distributed Transaction Coordinator on a Windows Server 2003 cluster

  11. Right-click the new Distributed Transaction Coordinator resource that you created, and then click Bring Online.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

301600 How to configure Microsoft Distributed Transaction Coordinator on a Windows Server 2003 cluster

258078 Cluster service startup options

Propriedades

ID do Artigo: 890634 - Última Revisão: 24 de mar de 2009 - Revisão: 1

Comentários