JSI Tip 9908. The Microsoft Distributed Transaction Coordinator service must run under the NT AUTHORITY\NetworkService Windows account in Windows Server 2003 and in Windows XP?

Starting with Windows NT 5.1, the MSDTC service must run in the NT AUTHORITY\NetworkService account context.

If you change the account context, the MSDTC service fails.

If a 3rd party database needs to perform an XA recovery operation, you must grant the permissions and the roles required to the NT AUTHORITY\NetworkService account. See Managing Accounts and Privileges.

To change the MSDTC service context back to NT AUTHORITY\NetworkService:

1. Open a CMD.EXE window.

2. Type the following commands, pressing Enter after each line:

REG ADD HKLM\SOFTWARE\Microsoft\MSDTC /V TurnOffRpcSecurity /T REG_DWORD /F /D 1
REG ADD HKLM\SOFTWARE\Microsoft\MSDTC /V AllowOnlySecureRpcCalls /T REG_DWORD /F /D 0
REG ADD HKLM\SOFTWARE\Microsoft\MSDTC /V FallbackToUnsecureRPCIfNecessary /T REG_DWORD /F /D 0
net stop msdtc
net start msdtc
3. Type dcomcnfg.exe and press Enter.

4. Expand Component Services / Computers / My Computer.

5. Right-click My Computer and press Properties.

6. Select the MSDTC tab.

7. Press the Security Configuration button.

8. Change the DCT Logon Account to NT AUTHORITY\NetworkService. If a password is required, enter a blank.

9. Press OK and OK.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish