MSDTC Error 4437

After installing a component that uses MSDTC, I saw the error 4437 in Event Log, reporting "The account that the MS DTC service is running under is invalid". The description went on to advise that you could solve the problem by modifying the MS DTC service account in Component Services Explorer (CSE). However, when I opened CSE, I saw the My Computer icon with a red, downward-facing arrow. When in this state, right-clicking only a "COM Security" tabbed dialog, which won’t allow you to change the identity of the service account.

So, I needed to have the COM identity in synch with the service accounts, but since I couldn’t reset the COM identity using the interface, I reset the service account, granting permissions to the proper roles and removing / reinstalling DTC:

• Open the Services window.
• Navigate to Distributed Transaction Coordinator.
• Modify the "Log on As" account to an account to a domain account that is a local administrator on the server.
• Ensure the DCOM Server Process Launcher and the COM+ services are running under the Local System account.
• Close the services window.
• Open the CSE, right click the My Computer icon and click Properties.
• In the "Access Permissions" panel, click the "Edit Default" button.
• Ensure "SYSTEM", "INTERACTIVE" and the local "Administrators" are allowed Local and Remote access.
• In the "Launch Permissions" panel, click the "Edit Default" button.
  Ensure "SYSTEM", "INTERACTIVE" and the local "Administrators" are allowed Local and Remote launch and Local and Remote Activation (check all four ‘allow’ boxes).
• Click OK to get to the main window and close the CSE.
• Stop the DTC service in a command window by typing "net stop DTC" and press enter.
• Remove the DTC service in a command window by typing "msdtc -uninstall".
• Confirm the DTC service is uninstalled in the Services window. If it isn’t, repeat the previous step. If that still fails, remove the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC key from the registry and repeat the previous step again.
• Reboot the server.

When the server comes back up, reinstall the Network DTC service from Control Panel, Add/Remove Windows components, Application Server. Once installed, open a CMD prompt and type ‘msdtc -install’ to install the service. This should solve the problem.

In one of three instances, DTC still showed as installed even though there was no reference in the services window and logged Event ID 4427. In this case, uncheck the DTC box so setup removes other registry entries and reinstall. You will need to reboot the server if this is the case.

If you still get the Event ID 4427 "Failed to initialize the needed name objects" followed by a bunch of cpp references with a command line reference of: "C:\WINDOWS\system32\sysocmgr.exe" /y /i:C:\WINDOWS\system32\sysoc.inf (note: executing this command runs Windows Component setup, bypassing the Add/Remove icon in Control Panel) you will note MSDTC appears to be uninstalled and the registry reference removed, but reinstalling from Add/Remove programs fails. This seems to be related to the version of MSDTC left behind from removing and reinstalling. I tried to solve this by reinstalling MSSQL SP3a, but no dice.

In the end for this server, I removed and re-added the Application Server Role (removes COM+ and IIS as well as MSDTC) on the system and re-applied Win2kSP1. Oddly enough, I still had to open a CMD prompt and type ‘msdtc -install’ to get the service properly installed, but the rest of the components were there and DTC functioned properly.

I did some other DTC research in “Enabling MSDTC and BizTalk Server 2004”.