| Author |
Could it be a firewall isssue?
|
|
| prasen67@yahoo.com 2006-11-03, 7:19 pm |
| Could it be a firewall isssue?
Commerce Server and the SQL Server database are on the same machine.
Our CS machine is remote to the BizTalk client which uses it and
accesses it thru the Internet. Do I need to open Firewall to the DTC
port 3327 from the BizTalk box and/or the Commerce Server box?
If so this is a security flaw...
| |
|
|
| prasen67@yahoo.com 2006-11-06, 1:16 pm |
| Alan - are you saying open port 3372 (MS-DTC) port on the CLIENT
COMPUTER? It wasnt open till now as I did not think I would have to
open the DTC port on the Client computer. Does this port also have to
be open on the SERVER?
| |
| Alan Faulkner 2006-11-06, 7:24 pm |
|
The Adapter needs to use DTC from Biztalk Server to Commerce Server and
also the database. Therefore, you must have DTC configured for Network
Access on the BizTalk Server, Commerce Server and all database servers. If
DTC ping works across all of these servers, then you shouldn't have any
problem.
Hope this helps and let me know if you need additional information or have
any questions.
Thanks,
Alan Faulkner
[Microsoft]
http://blogs.msdn.com/akfaulkner
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2006 Microsoft Corporation. All rights
reserved.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
| |
| prasen67@yahoo.com 2006-11-07, 7:18 pm |
| Out BizTalk and Commerce Server boxes are separated by a firewall and
access each other only over port 80. To "configure DTC for Network
access" means opening up separate ports over the firewall (minimum of
20 as recommended in this KB article
http://support.microsoft.com/kb/250367/ ).
1) Isnt this a security compromise to open so many ports for DTC over
the public Internet?
2) What if we wanted to work in a non-transactional mode where we dont
care about updating the Order status (the main reason for DTC I
presume) as long as we dont need to open any ports?
thanks
Pras
| |
| Alan Faulkner 2006-11-13, 8:42 am |
|
Hey
Answers are inline: Hope this helps!
1) Isnt this a security compromise to open so many ports for DTC over
the public Internet?
[Alan] While opening any ports on an external system is a risk, there are
ways to mitigate this. See this
http://msdn.microsoft.com/library/d...-us/cossdk/html
/45297f03-7ff2-41c6-99cc-66ca1cc88569.asp for some settings which can be
disabled for DTC to enable a more secure environment. Remember to at least
have the minimum configuration that I have already sent you for our
adapters to function.
2) What if we wanted to work in a non-transactional mode where we dont
care about updating the Order status (the main reason for DTC I
presume) as long as we dont need to open any ports?
[Alan] The Orders adapter does not have to ability to "turn off" the use
of transactions. The Orders Adapter requires DTC transactions to function
correctly.
Thanks,
Alan Faulkner
[Microsoft]
http://blogs.msdn.com/akfaulkner
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2006 Microsoft Corporation. All rights
reserved.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
|
|
|
|