Tag Archives: MSDTC

K2 Setup Manager – MSDTC is not configured correctly

The other day I’ve been doing installation of K2 4.7 on standalone (i.e. non-joined to domain) Windows Server 2016 machine with SQL Server installed locally on the same box, and bump into MSDT Network Access analysis result failure, receiving error shown below:

MSDTC Network Access Analysis Result: Failed

That’s quite a standard warning which explicitly says you what kind of check boxes you need to tick in Local DTC Properties (be sure to use comexp.msc or dcomcfg commands to open Component Services snap-in). K2 Setup Manager will explicitly tell you what checkbox is not set as shown on sample screenshot below:

Configuration Analysis reporting MSDTC options not configured correctly

But if you look at the first screenshot – there is no incorrectly configured settings, and I was pretty sure that I know these settings quite well, having couple of old posts on the topic (see #1, #2). So I was a bit baffled by this warning. After consulting related K2 documentation section I realized that it also indicates that it is necessary to configure relevant firewall rules :

Enable and Configure the DTC Components

Configure firewall to allow MSDTC access with the following command:

netsh advfirewall firewall add rule name=”MSDTC” dir=in action=allow program=”%windir%\system32\msdtc.exe” enable=yes

Configure firewall to allow SQL Server access with the following command:
netsh advfirewall firewall add rule name=”MSSQLSERVER” dir=in action=allow program=”C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Sqlservr.exe” enable=yes

These firewall settings must be activated on SQL server in order for MSDTC to work:

Distributed Transaction Coordinator (RPC)
Distributed Transaction Coordinator (RPC-EPMAP)
Distributed Transaction Coordinator (TCP-In)

Despite in my case SQL and K2 servers very hosted on the side machine I tried to add required firewall settings – and, somewhat naturally, it didn’t resolve the error. So it took me searching a bit more till I found relevant MSFT documentation (New functionality in the Distributed Transaction Coordinator service in Windows) which clarifies that “No Authentication Required” option must be used in the following scenarios:

  • The network access is between computers that are running Microsoft Windows 2000.
  • The network access is between two domains that do not have a mutual trust configured.
  • The network access is between computers that are members of a workgroup.

As you can understand having both SQL and K2 on the same server in workgroup mode translates into “network” access is between computers that are members of a workgroup. So to resolve K2 setup manager warning in this scenario it is necessary to tick “No Authentication Required” option in Local DTC Propertis:

Local DTC Properties – No Authentication Required

I do realize that installation on a member server not joined to domain is not the most frequent scenario (although it is if you install K2 on cloud servers non-joined to domains), it is sad that K2 installer does not report what kind of setting is necessary in the workgroup mode scenario – that goes into nice to have list of additional checks, but until it’s not there you have this post 🙂

K2 blackpearl Installation: Configuring MSDTC properties – Part 2

This post is an addition to my older post about configuring MSDTC in K2 environment and it has been triggered by the following error:

K2 Designer error - Partner Transaction manager disabled support for remote transactions

So basically I had freshly installed K2 4.6.6 environment (don’t ask me why I’m using such an old version 🙂 ) and it was first deployment of a simplistic workflow which gave me this error.

And if error message text which says: “The partner transaction manager has disabled its support for remote/network transactions. (Exception from HRESULT: 0x8004D025)” doesn’t tell you that something wrong with your MSDTC config then quick google search will confirm this to you.

The thing is that all you need to know is indeed covered by K2 documentation, but problem of any software documentation is that somewhat like a good dictionary its creation is driven by certain standards making it perfect for specific look ups for information but at the same time deter reader from reading it end to end, and by contrast with dictionaries software documentation does not have super simple data organization facilitating quick and precise look ups. So I mean rarely people do read specific sections of it unless they driven by specific error to specific page 🙂

To recap MSDTC side requirements for K2: You need to have it configured on all K2 servers and SQL servers used by K2 (have clusters? do config it on all nodes). As you have seen in my previous blog post it boils down to setting number of check boxes on Security tab of Local DTC properties which is reachable through the following commands: dcomcngf or comexp.msc (still keep forgetting these 🙂 ).

It is worth noting that K2 Setup Manager is capable to set these properties on K2 servers, but you have to go to SQL and set the same settings too. This was first correction I made in my environment after seeing this error. But it was enough. Looking a little bit more into K2 documentation I noticed this:

MSDTC Firewall config 1

I actually decided to this via GUI on SQL server, and what you need to do is to enable all 3 rules from MSDTC group:

MSDTC Firewall config 2

And you have to enable this on all K2 servers and SQL servers. Trust me, I tried to enable this on SQL servers only first 🙂 The same error persist till you enable it both on K2 and SQL servers.