G
Guest
In short: I have an application using the CommittableTransaction class that
works fine when run locally, but does not escalate to MSDTC when deployed to
a Windows 2003 R2 server.
More Specifically:
I have a web service that saves data to a database. This service uses a
CommittableTransaction to decide when to Commit or Abort the underlying
transaction. When this service is run locally, or by someone in the "User"
group on the web server it works fine.
But if the service has been deployed to the web server, the following
happens:
1) If the user is in the "User" group on the web server, it still works fine
(this is not allowed in a production situation).
2) If a transaction does not need to be escallated to MSDTC, then it works
fine.
3) BUT - as soon as a transaction needs to be escalated to MSDTC and the
user is not in the "User" group on the server, the transaction fails
a) A trace on the database revealed that the first stored procedure call
succeeded, but each additional stored procedure call failed with an "Access
Denied to xyz stored procedure" (this is running the exact same stored
procedure that just succeeded)
b) Monitoring the MSDTC logs on the server shows that the transaction is
never actually escalated to MSDTC (no aborts, etc were logged) on the web
server unless the user is in the "User" group on the web server, then it
escalates (and works) as expected.
c) In the security logs, I am seeing Audit Failure's for the user trying
to run the app, there are 2 types: EventID 560, Category "Object Access",
Object Name: MSDTC, Object Type: "Service Object"; the second type is the
same except the Object Name: "ServicesActive". From looking into these, it
looks more like they may be a side effect of the transaction not escalating
to MSDTC rather than the cause.
Does anyone know what permissions (or otherwise) may be preventing
transactions from escalating to MSDTC???
I am using Delegation from a Windows front-end through a web service on a
Windows 2003 server back to a SQL Server 2005 DB.
Any help would be greatly appreciated.
works fine when run locally, but does not escalate to MSDTC when deployed to
a Windows 2003 R2 server.
More Specifically:
I have a web service that saves data to a database. This service uses a
CommittableTransaction to decide when to Commit or Abort the underlying
transaction. When this service is run locally, or by someone in the "User"
group on the web server it works fine.
But if the service has been deployed to the web server, the following
happens:
1) If the user is in the "User" group on the web server, it still works fine
(this is not allowed in a production situation).
2) If a transaction does not need to be escallated to MSDTC, then it works
fine.
3) BUT - as soon as a transaction needs to be escalated to MSDTC and the
user is not in the "User" group on the server, the transaction fails
a) A trace on the database revealed that the first stored procedure call
succeeded, but each additional stored procedure call failed with an "Access
Denied to xyz stored procedure" (this is running the exact same stored
procedure that just succeeded)
b) Monitoring the MSDTC logs on the server shows that the transaction is
never actually escalated to MSDTC (no aborts, etc were logged) on the web
server unless the user is in the "User" group on the web server, then it
escalates (and works) as expected.
c) In the security logs, I am seeing Audit Failure's for the user trying
to run the app, there are 2 types: EventID 560, Category "Object Access",
Object Name: MSDTC, Object Type: "Service Object"; the second type is the
same except the Object Name: "ServicesActive". From looking into these, it
looks more like they may be a side effect of the transaction not escalating
to MSDTC rather than the cause.
Does anyone know what permissions (or otherwise) may be preventing
transactions from escalating to MSDTC???
I am using Delegation from a Windows front-end through a web service on a
Windows 2003 server back to a SQL Server 2005 DB.
Any help would be greatly appreciated.