You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

08: When using a remote SQL Server, GPCR Snapshot fails with error “System.InvalidOperationException” and “MSDTC has been disabled” in Debug log

When using a remote SQL as the database for PolicyPak Group Policy Compliance Reporter, the snapshot operation may fail with the following error.

The Server Log will contain the following error as well:

System.Transactions.TransactionManagerCommunicationException: Network access for Distributed Transaction Manager (MSDTC) has been disabled. Please enable DTC for network access in the security configuration for MSDTC using the Component Services Administrative tool. ---> System.Runtime.InteropServices.COMException: The transaction manager has disabled its support for remote/network transactions. (Exception from HRESULT: 0x8004D024)

To enable diagnostic logging, follow the directions in the article here

The resulting GPCR Server log can be found in: C:\ProgramData\PolicyPak\PolicyPak Group Policy Compliance Reporter Server\Diagnostics

Resolution

To resolve the error and allow snapshots to complete successfully, you must enable Network DTC Access and ensure the firewall allows the traffic through.

Enable DTC

The following is run on both the PolicyPak GPCR Client computer (Where the Admin Console is installed) and the remote SQL Server

  1. Open Component Services

    1. Open the “run” box (Win-R), type “dcomcnfg” and click OK

  2. Expand Console Root -> Component Services -> Computers -> My Computer -> Distributed Transaction Coordinator, Right-Click on Local DTC and click Properties

  3. On the Security tab -> Security Settings and Configure as follows:

    1. Check “Network DTC Access”
    2. Check “Allow Inbound” and “Allow Outbound”
    3. Select “No Authentication Required”
    4. Check “Enable SNA LU 6.2 Transactions”
    5. Click OK

  4. The MSDTC service will need to be restarted for the changes to take affect – Click YES to restart now or NO to restart manually later.

Enable Firewall Rules

Enable DTC through the firewall on both PolicyPak GPCR Server and the remote SQL Server

  1. Open the Windows Defender Firewall
  2. Click on “Allow an app or feature through Windows Defender Firewall”

  3. Find “Distributed Transaction Coordinator”, check and check the appropriate Network profile (e.g. Domain).

  4. Click OK to save and close
  • 882
  • 27-Mar-2020
  • 292 Views