Open topic with navigation

DTC Through a Firewall

Registry info from Microsoft regarding configuring the DTC through a firewall

1. To start Registry Editor, click Start, click Run, type regedt32, and then click OK.
   
   You must use Regedt32.exe, rather than Regedit.exe, because Regedit.exe does not support the REG_MULTI_SZ data type that is required for the Ports value.
2. In Registry Editor, click HKEY_LOCAL_MACHINE in the Local Machine window.
3. Expand the tree by double-clicking the folders named in the following path:
   
   HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
   
   
4. Click the RPC folder, and then click Add Key on the Edit menu.
5. In the Add Key dialog box, in the Key Name box, type Internet, and then click OK.
6. Click the Internet folder, and then click Add Value on the Edit menu.
7. In the Add Value dialog box, in the Value Name box, type Ports.
8. In the Data Type box, select REG_MULTI_SZ, and then click OK.
9. In the Multi-String Editor dialog box, in the Data box, specify the port or ports you want RPC to use for dynamic port allocation, and then click OK.
   
   Each string value you type specifies either a single port or an inclusive range of ports. For example, to open port 5000, specify "5000". To open ports 5000 to 5020 inclusive, specify "5000-5020". You can specify multiple ports or ports ranges by specifying one port or port range per line. All ports must be in the range of 1024 to 65535. If any port is outside this range or if any string is invalid, RPC will treat the entire configuration as invalid.
   
   Microsoft recommends that you open up ports from 5000 and up, and that you open a minimum of 15 to 20 ports.
10. Follow steps 6 through 9 to add another key for Internet, by using the following values:
    
    Value: PortsInternetAvailable
    
    Data Type: REG_SZ
    
    Data: Y
    
    This signifies that the ports listed under the Ports value are to be made Internet-available.
11. Follow steps 6 through 9 to add another key for Internet, by using the following values:
    
    Value: UseInternetPorts
    
    Data Type: REG_SZ
    
    Data: Y
    
    This signifies that RPC should dynamically assign ports from the list of Internet ports.
12. Configure your firewall to allow incoming access to the specified dynamic ports and to port 135 (the RPC Endpoint Mapper port).
13. Restart the computer. When RPC restarts, it will assign incoming ports dynamically, based on the registry values that you have specified. For example, to open ports 5000 through 5020 inclusive, create the following named values:
    
    Ports : REG_MULTI-SZ: 5000-5020
    
    PortsInternetAvailable : REG_SZ: Y
    
    UseInternetPorts: REG_SZ : Y
    
    

Back to Troubleshooting Menu