Symptoms
The purpose of this article is to help you in the setup or in the troubleshooting of a configuration for a COM+ Application Server or a configuration for an Internet Information Server (IIS) computer that interacts with a clustered server that uses Microsoft Cluster Server (MSCS) that is behind a firewall.
You may have one of the following scenarios: COM+ or IIS computer (client computer)SQL Server clustered that uses MSCSMicrosoft Distributed Transaction Coordinator (MSDTC) as a clustered resource in its own resource group (own name and IP address)Cluster and client computer that are separated by a firewall Certain Internet Protocol (IP) addresses and their corresponding network names must be known by the client computer for MSDTC to work correctly. The client computer can resolve the following names and the following IP addresses by using Domain Name System (DNS), hosts file, or another name resolution method: MSDTC resourceAn instance of SQL Server if the cluster configuration is either active-passive or active-activeCluster Name Certain IP addresses and their corresponding network names must be known by the nodes in the cluster for MSDTC to work correctly. Both nodes in the cluster can resolve the client computer name to an IP address by using DNS, hosts file, or another name resolution method.
Resolution
Additionally, the firewall must be configured to allow bidirectional traffic to occur between the client computer and the cluster. The firewall rules must include the following: The IP network names and the addresses of both physical nodes on the clusterThe SQL Server Instances network names and addressThe client network name and addressesThe child network name and IP resource of the MSDTC Resource Firewall rules must include the range of IP ports that are defined in the registry to allow traffic. See the “References” section.
You may also have to open an additional range of available IP ports as a requirement for the cluster server. See the “References” section for more information.