How to configure MSDTC and the firewall for the distributed WCF service

Understanding the distributed transaction support of a WCF service

As we have seen, distributed transaction support of a WCF service depends on the binding of the service, the operation contract attribute, the operation implementation behavior, and the client applications.

The following table shows some possible combinations of the WCF-distributed transaction support:

Testing the distributed transaction support of the WCF service

Now that we have changed the service to support distributed transaction and let the client propagate the transaction to the service, we will test this. We will propagate a transaction from the client to the service, test the multiple database support of the WCF service, and discuss the Distributed Transaction Coordinator and Firewall settings for the distributed transaction support of the WCF service.

Configuring the Distributed Transaction Coordinator

In a subsequent section, we will call two services to update two databases on two different computers. As these two updates are wrapped within one distributed transaction, Microsoft Distributed Transaction Coordinator (MSDTC) will be activated to manage this distributed transaction. If MSDTC is not started or configured properly the distributed transaction will not be successful. In this section, we will explain how to configure MSDTC on both machines.

You can follow these steps to configure MSDTC on your local and remote machines:

1. Open Component Services from Control Panel | Administrative Tools.
2. In the Component Services window, expand Component Services, then Computers, and then right-click on My Computer.
3. Select Properties from the context menu.
4. On the My Computer Properties window, click on the MSDTC tab.
5. If this machine is running Windows XP, click on the Security Configuration button.
6. If this machine is running Windows 7, verify that Use local coordinator is checked and then close the My Computer Properties window. Expand Distributed Transaction Coordinator under My Computer node, right-click on Local DTC, select Properties from the context menu, and then from the Local DTC Properties window, click on the Security tab.
7. You should now see the Security Configuration for DTC on this machine.Set it as in the following screenshot.

You have to restart the MSDTC service after you have changed your MSDTC settings, for the changes to take effect.Also, to simplify our example, we have chosen the No Authentication Required option. You should be aware that not needing authentication is a serious security issue in production. For more information about WCF security, you can go to the MSDN WCF security website at this address:MSDN Library.

Configuring the firewall

Even though Distributed Transaction Coordinator has been enabled the distributed transaction may still fail if the firewall is turned on and hasn’t been set up properly for MSDTC.

To set up the firewall for MSTC, follow these steps:

1. Open the Windows Firewall window from the Control Panel.
2. If the firewall is not turned on you can skip this section.
3. Go to the Allow a program or feature through Windows Firewall window(for Windows XP, you need to allow exceptions and go to the Exceptions tab on the Windows Firewall window).
4. Add Distributed Transaction Coordinator to the program list (windowssystem32msdtc.exe) if it is not already on the list. Make sure the checkbox before this item is checked.
5. Again you need to change your firewall setting for both your local and remote machines.

Now the firewall will allow msdtc.exe to go through so our next test won’t fail due to the firewall restrictions.

You may have to restart IIS after you have changed your firewall settings. In some cases you may also have to stop and then restart your fi rewall for the changes to take effect.