MSDTC Error 4437

After installing a component that uses MSDTC, I saw the error 4437 in Event Log, reporting "The account that the MS DTC service is running under is invalid". The description went on to advise that you could solve the problem by modifying the MS DTC service account in Component Services Explorer (CSE). However, when I opened CSE, I saw the My Computer icon with a red, downward-facing arrow. When in this state, right-clicking only a "COM Security" tabbed dialog, which won’t allow you to change the identity of the service account.

So, I needed to have the COM identity in synch with the service accounts, but since I couldn’t reset the COM identity using the interface, I reset the service account, granting permissions to the proper roles and removing / reinstalling DTC:

  • Open the Services window.
  • Navigate to Distributed Transaction Coordinator.
  • Modify the "Log on As" account to an account to a domain account that is a local administrator on the server.
  • Ensure the DCOM Server Process Launcher and the COM+ services are running under the Local System account.
  • Close the services window.
  • Open the CSE, right click the My Computer icon and click Properties.
  • In the "Access Permissions" panel, click the "Edit Default" button.
  • Ensure "SYSTEM", "INTERACTIVE" and the local "Administrators" are allowed Local and Remote access.
  • In the "Launch Permissions" panel, click the "Edit Default" button.
    Ensure "SYSTEM", "INTERACTIVE" and the local "Administrators" are allowed Local and Remote launch and Local and Remote Activation (check all four ‘allow’ boxes).
  • Click OK to get to the main window and close the CSE.
  • Stop the DTC service in a command window by typing "net stop DTC" and press enter.
  • Remove the DTC service in a command window by typing "msdtc -uninstall".
  • Confirm the DTC service is uninstalled in the Services window. If it isn’t, repeat the previous step. If that still fails, remove the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC key from the registry and repeat the previous step again.
  • Reboot the server.

When the server comes back up, reinstall the Network DTC service from Control Panel, Add/Remove Windows components, Application Server. Once installed, open a CMD prompt and type ‘msdtc -install’ to install the service. This should solve the problem.

In one of three instances, DTC still showed as installed even though there was no reference in the services window and logged Event ID 4427. In this case, uncheck the DTC box so setup removes other registry entries and reinstall. You will need to reboot the server if this is the case.

If you still get the Event ID 4427 "Failed to initialize the needed name objects" followed by a bunch of cpp references with a command line reference of: "C:\WINDOWS\system32\sysocmgr.exe" /y /i:C:\WINDOWS\system32\sysoc.inf (note: executing this command runs Windows Component setup, bypassing the Add/Remove icon in Control Panel) you will note MSDTC appears to be uninstalled and the registry reference removed, but reinstalling from Add/Remove programs fails. This seems to be related to the version of MSDTC left behind from removing and reinstalling. I tried to solve this by reinstalling MSSQL SP3a, but no dice.

In the end for this server, I removed and re-added the Application Server Role (removes COM+ and IIS as well as MSDTC) on the system and re-applied Win2kSP1. Oddly enough, I still had to open a CMD prompt and type ‘msdtc -install’ to get the service properly installed, but the rest of the components were there and DTC functioned properly.

I did some other DTC research in “Enabling MSDTC and BizTalk Server 2004”.

About Michael Coates
I am a pragmatic evangelist. The products, services and solutions I write about fulfill real-world expectations and use cases. I stay up-to-date on real products I use and review, and share my thoughts here. I apply the same lens when designing an architecture, product or when writing papers. I am always looking for ways that technology can create or enhance a business opportunity .. not just technology for technology's sake. My CV says: Seasoned technology executive, leveraging years of experience with enterprise and integration architectural patterns, executed with healthy doses of business acumen and pragmatism. That's me. My web site says: Technology innovations provide a myriad of opportunities for businesses. That said, having the "latest and greatest" for its own sake isn't always a recipe for success. Business successes gained through exploiting innovation relies on analysis of how the new features will enhance your business followed by effective implementation. Goals vary far and wide: streamlining operations, improving customer experience, extending brand, and many more. In all cases, you must identify and collect the metrics you can apply to measure your success. Analysis must be holistic and balanced: business and operational needs must be considered when capitalizing on a new technology asset or opportunity.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: