Article ID: 904849
Article Last Modified on 11/29/2005
APPLIES TO
- Microsoft BizTalk Server 2004 Enterprise Edition
- Microsoft BizTalk Server 2004 Standard Edition
- Microsoft BizTalk Server 2004 Developer Edition
- Microsoft BizTalk Server 2004 Partner Edition
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
SYMPTOMS
When you run the Configuration Wizard (ConfigFramework.exe) in Microsoft BizTalk Server 2004, you may receive a message that is similar to the following:
You receive this message before the progress bar indicates that the configuration process has completed.
When you click Retry, the same message appears. When you click Cancel, the Configuration Wizard rolls back the BizTalk Server configuration.
CAUSE
This issue may occur when the remote procedure call (RPC) security that is used by the Microsoft Distributed Transaction Coordinator (MSDTC) fails. The RPC security failure occurs between the computer that is running BizTalk Server 2004 and the computer that is running Microsoft SQL Server 2000.
Note The BizTalk Server databases are located on the computer that is running SQL Server 2000.
By default, when a Distribution Transaction Coordinator (DTC) computer is not running in a Microsoft Windows domain, distributed transactions fail. This behavior occurs because the RPC security that DTC uses does not work in this environment. Therefore, distributed transactions will fail if the DTC computer is not located in a trusted domain.
By default in Microsoft Windows Server 2003, RPC security is turned on. Therefore, distributed transaction operations will fail if the computer is located in a workgroup environment or in a domain that is not a trusted domain.
RESOLUTION
To resolve this issue, move the computer to a trusted domain. To move a computer to a different domain, use the Active Directory Migration Tool (ADMT). For more information about the ADMT, visit the following Microsoft Web site:
WORKAROUND
Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.
If you cannot move the computer to a trusted domain, you can turn off RPC security.
Warning Verify that the computer is in an isolated environment that has a firewall before you turn off RPC security.
To turn off RPC security, use one of the following methods:
- For computers that are running Microsoft Windows Server 2003 with Service Pack 1 (SP1)
- Click Start, click Run, type Dcomcnfg.exe, and then click OK.
- Expand Component Services, expand Computers, right-click My Computer, and then click Properties.
- In the My Computer Properties dialog box, click the MSDTC tab, and then click Security Configuration.
- In the Security Configuration dialog box, click to select the Network DTC Access check box. Then, click to select No Authentication Required under Transaction Manager Communications.
- Click OK, and then click Yes to restart the MSDTC service.
- After the service has restarted, click OK.
- Click OK to close the My Computer Properties dialog box.
- For computers that are running Windows Server 2003 without SP1
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Add the following DWORD registry entry and set the value to 1:TurnOffRpcSecurityTo do this, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC - On the Edit menu, click New, and then click DWORD Value.
- Type TurnOffRpcSecurity, and then press ENTER.
- Right-click TurnOffRpcSecurity, and then click Modify.
- In the Edit DWORD Value dialog box, click Decimal, type 1 to turn off RPC security, and then click OK.
- On the File menu, click Exit.
Additional query words: RPC MSDTC BTS2004
Keywords: kbinfo kbtshoot kbcomservices kbprb kbconfig kbauthentication KB904849
