Microsoft KB Archive/890634

= You cannot bring a Microsoft Distributed Transaction Coordinator resource online after you create it on a Windows Server 2003-based server cluster =

Article ID: 890634

Article Last Modified on 11/7/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

-





SYMPTOMS
After you create a Microsoft Distributed Transaction Coordinator (MSDTC) resource on a Microsoft Windows Server 2003-based server cluster, the resource is created successfully. However, when you try to bring this resource online, you are not successful. In this scenario, the MSDTC resource remains offline with a status of &quot;Failed.&quot;



CAUSE
This problem occurs if the local Administrator account does not have the SE_SECURITY_NAME user right. This problem occurs if the Administrators group has been removed from the Manage auditing and security log setting in the local security settings of the cluster node.

To view this setting, follow these steps:
 * 1) Click Start, point to Administrative Tools, and then click Local Security Policy.
 * 2) Expand Local Policies, and then click User Rights Assignments.
 * 3) In the right pane, double-click Manage auditing and security log.

The MSDTC resource startup code does not verify whether the Administrator has the SE_SECURITY_NAME user right assigned.



RESOLUTION
To resolve this problem, follow these steps:  Install the Windows Server 2003 COM+ 1.5 Rollup Package 3 on each cluster node. For additional information about how to obtain this rollup package, click the following article number to view the article in the Microsoft Knowledge Base:

883955 Availability of Windows Server 2003 COM+ 1.5 Rollup Package 3

This rollup package contains a hotfix to cause the MSDTC resource to verify the permission level that it runs under when it starts. Without this hotfix applied, you must remove and then reinstall the MSDTC service to pick up a change in permissions. For additional information about how to do this, see the &quot;Workaround&quot; section. Remove the MSDTC resource from the cluster. To do this, follow these steps:  Start the Cluster Administrator tool. Expand your cluster, expand Groups, and then click the group that contains the MSDTC resource. In the right pane, right-click MSDTC, and then click Delete. When you receive the following message, click Yes:

Are you sure resource 'MSDTC' should be deleted?

</li></ol> </li> Uninstall the MSDTC. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type cmd, and then click OK.</li> At the command prompt, type MSDTC -uninstall, and then press ENTER.</li></ol> </li> Stop the Cluster Service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type cmd, and then click OK.</li> At the command prompt, type net stop clussvc, and then press ENTER.</li></ol> </li> Add the Administrators group to the Manage auditing and security log local security setting. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, point to Administrative Tools, and then click Local Security Policy.</li> Expand Local Policies, and then click User Rights Assignments.</li> In the right pane, double-click Manage auditing and security log.</li> Click Add User or Group, type Administrators in the Enter the object names to select box, click Check Names, and then click OK.</li> Click OK, and then quit the Local Security Settings tool.</li></ol> </li> Start the Cluster Service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type cmd, and then click OK.</li> At the command prompt, type net start clussvc, and then press ENTER.</li></ol> </li> Follow steps 3 through 5 for each cluster node.</li> <li>Create a new MSDTC resource. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301600 How to configure Microsoft Distributed Transaction Coordinator on a Windows Server 2003 cluster

</li> <li>Right-click the new MSDTC resource that you created, and then click Bring Online.</li></ol>

<div class="workaround_section">

WORKAROUND
To work around this problem, follow these steps: <ol> <li>Remove the MSDTC resource from the cluster. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Start the Cluster Administrator tool.</li> <li>Expand your cluster, expand Groups, and then click the group that contains the MSDTC resource.</li> <li>In the right pane, right-click MSDTC, and then click Delete.</li> <li>When you receive the following message, click Yes:

Are you sure resource 'MSDTC' should be deleted?

</li></ol> </li> <li>On each cluster node, stop the MSDTC service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, click Run, type cmd, and then click OK.</li> <li>Type net stop msdtc, and then press ENTER.</li></ol> </li> <li>Remove the MSDTC service from each cluster node. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, click Run, type cmd, and then click OK.</li> <li>Type msdtc -uninstall, and then press ENTER.</li></ol> </li> <li>Verify that the MSDTC service no longer appears in the Services Microsoft Management Console (MMC) snap-in. To view the Services MMC snap-in, click Start, click Run, type services.msc, and then click OK.</li> <li>Stop the Cluster Service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, click Run, type cmd, and then click OK.</li> <li>At the command prompt, type net stop clussvc, and then press ENTER.</li></ol> </li> <li>Add the Administrators group to the Manage auditing and security log local security setting. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, point to Administrative Tools, and then click Local Security Policy.</li> <li>Expand Local Policies, and then click User Rights Assignments.</li> <li>In the right pane, double-click Manage auditing and security log.</li> <li>Click Add User or Group, type Administrators in the Enter the object names to select box, click Check Names, and then click OK.</li> <li>Click OK, and then quit the Local Security Settings tool.</li></ol> </li> <li>Start the Cluster Service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, click Run, type cmd, and then click OK.</li> <li>At the command prompt, type net start clussvc, and then press ENTER.</li></ol> </li> <li>Install the MSDTC service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, click Run, type cmd, and then click OK.</li> <li>Type msdtc -install, and then press ENTER.</li></ol> </li> <li>Verify that the MSDTC service appears in the Services MMC snap-in.</li> <li>Create a new MSDTC resource. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301600 How to configure Microsoft Distributed Transaction Coordinator on a Windows Server 2003 cluster

</li> <li>Right-click the new Distributed Transaction Coordinator resource that you created, and then click Bring Online.</li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

MORE INFORMATION
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

301600 How to configure Microsoft Distributed Transaction Coordinator on a Windows Server 2003 cluster

258078 Cluster service startup options

Additional query words: MSCS

Keywords: kbpending kbbug kbclustering kbtshoot kbprb KB890634

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.