JSI Tip 9908. The Microsoft Distributed Transaction Coordinator service must run under the NT AUTHORITY\NetworkService Windows account in Windows Server 2003 and in Windows XP?

Starting with Windows NT 5.1, the MSDTC service must run in the NT AUTHORITYNetworkService account context.

If you change the account context, the MSDTC service fails.

If a 3rd party database needs to perform an XA recovery operation, you must grant the permissions and the roles required to the NT AUTHORITYNetworkService account. See Managing Accounts and Privileges.

To change the MSDTC service context back to NT AUTHORITYNetworkService:

1. Open a CMD.EXE window.

2. Type the following commands, pressing Enter after each line:

REG ADD HKLMSOFTWAREMicrosoftMSDTC /V TurnOffRpcSecurity /T REG_DWORD /F /D 1REG ADD HKLMSOFTWAREMicrosoftMSDTC /V AllowOnlySecureRpcCalls /T REG_DWORD /F /D 0REG ADD HKLMSOFTWAREMicrosoftMSDTC /V FallbackToUnsecureRPCIfNecessary /T REG_DWORD /F /D 0net stop msdtcnet start msdtc

3. Type dcomcnfg.exe and press Enter.

4. Expand Component Services / Computers / My Computer.

5. Right-click My Computer and press Properties.

6. Select the MSDTC tab.

7. Press the Security Configuration button.

8. Change the DCT Logon Account to NT AUTHORITYNetworkService. If a password is required, enter a blank.

9. Press OK and OK.