MSDTC Event ID 4143 and 53258 on Windows Server 2003 SP1 Domain Controller


I got hit by a problem on a freshly installed virtual machine using a slipstreamed SP1 installation and promoted to a domain controller. Two events were appearing in the event log which were unexpected.

Source: MSDTC Event ID: 4143 Information
MS DTC has detected that a DC Promotion has happened since the last time the MS DTC service was started.

followed by

Source: MSDTC Event ID: 53258 Warning
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings.

To resolve this, go through the following steps:
– Start/Administrative Tools/Component Services
– Navigate the tree view on the left to:
    – Console Root
     – Component Services
      – Computers
       – My Computer
– Right click on “My Computer” and select properties
– Select the MSDTC Tab
– Under “Transaction Configuration” near the bottom, click “Security Configuration”
– On the Security Configuration screen, just click OK – don’t change anything.
– Back on the “My Computer Properties” screen, click OK again to dismiss
– Right click on “My Computer” in the tree view and select “Stop MS DTC”
– Right click on “My Computer” in the tree view and select “Start MS DTC”
– Close the Component Services snapin.

All should now be well again. Hope this helps someone.

Comments (63)

  1. Anonymous says:

    I found a really nice Solution for an error on a Domain Controller the Error entry is: Event Type: Warning

  2. Benjamin Mateos says:

    Maybe a wrong registry entry set by SP1 ???

    Interesting at least.

    /r

    Benji

  3. Pims says:

    Indeed, you helped me in a production environment. Thanks.

    Pims

  4. Spencer Steel says:

    Thanks for that – I just came across this odd problem … very odd that just opening and closing should sort it without changing anything !

    Nice clean start-up now … thanks !

  5. Raffi C. says:

    Same bug bit me too, and this strange procedure (like basically change nothing) resolved the problem.

    Heart cheers to the original poster, jhoward!

  6. Raffi C. says:

    Same bug bit me too, and this strange procedure (like basically change nothing) resolved the problem.

    Heart cheers to the original poster, jhoward!

  7. Thilo says:

    Great help, thank you.

  8. pdc says:

    I was expecting a step to sacrifice a chicken and stand on one leg.

    However bizarre, it works.

    Cheers!

  9. Kenneth says:

    I’m chalking this one up under wierd fixes. Thanks

  10. Alan Florance says:

    I have discovered the same problem and this appears to have corrected it.

    Was this caused by changing the service permissions in SP1 ??

  11. Mitchell says:

    Thank you so much for such a simple fix.

  12. Alan (and the literally hundreds of others who have mailed me directly) – Glad the fix works for you too. I’ve had a dig around and can’t find out _why_ this sequence makes a difference, or what the underlying cause is. If I find any more information though, or there’s a hotfix made available, I’ll obviously publish the info.

    Cheers,

    John.

  13. Zeveck says:

    Thanx!!

  14. Steve says:

    Just tried this fix on my DCs and the error came back on the next reboot. Was looking good for a while there.

    Back to the drawing board for me!

  15. JP says:

    Worked for me in a fresh install too. Thanks for the quick and easy fix.

    -JP

  16. armin says:

    Thanks from germany. It works for me too.

    Bye, Armin

  17. saffi says:

    I think it works because by clicking yes on the security tab you reset the security in a registry hive. Network service needs to make extra keys there (at least I read a fix with setting permissions on a hive). So if you troubleshoot, look for that…

  18. saffi says:

    See this:

    Event ID: 53258

    ======================

    CAUSE:

    The Network Service account used to run MSDTC did not have permission to

    update the HKLMSoftwareMicrosoftMSDTC registry key.

    RESOLUTION:

    Either give this account Create Subkey and Set Value permissions on the key.

    Event ID: 1097 & Event ID: 1030

    ======================

  19. Alistair says:

    Thanks. Worked for me

  20. Yoshihao (retired MS Japan) says:

    Thanks from Japan.

    I think that – Microsoft support team must publish its case on KB. πŸ™

  21. Dave says:

    Fantastic – this solved an issue for us in a production environment on our SMS 2003 server no less. Thank you very much. πŸ™‚

  22. Alex Silverberg says:

    U have thanks from Japan and Germany and now thanks from Russia! Great help, thank you very much:)

  23. baloooo says:

    Great stuff, adding your blog to my favorites! Thanks!

  24. ML49448 says:

    I was looking all over the Microsoft web site for a fix for this. Then I google’d it and found this web site. Thanks for it.. I suspected that the one of the settings in the MSDTC section in the registry was mangled after I installed something. Did a diff before and after this fix β€œNO DICE!”. After looking at the setting in that dialog. I would suspect that the built-in account displayed IN the dialog somehow gets reset. Looks like a bug Microsoft!

  25. paul says:

    It’s all good now, thanks a lot…

  26. Jeff25 says:

    Did you ever knoooow that your my heeeeroooo? πŸ˜‰

  27. Alain says:

    And now Thanks from France !

    I too hat the problem on a windows 2003 SP1, under Virtual Server 2005, and your trick solved the problem. I think it updated some security settings somewhere.

    I had also userenv errors 1058 and 1030 "Can’t access to gpt.ini file for policy {….}" and " stop applying strategy" which were solved in a similar manner : "change/restore polcy setting" and reboot ! No more errors.

    See: http://www.eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1

  28. Paul Frazer says:

    You Rock!! Thanks!!!

  29. ML49448 says:

    Have the same problem in clustered configuration. Strange enough but MSDTC runs on the second node but when fails on the first node it blows up the whole cluster server on the first node, fails back to the second node and records  53258 in the log.

  30. Marco says:

    This works in my enviroment too! >Thanks!!!

  31. Marcial Franco says:

    Thanks from Spain (Santiago de Compostela)

    πŸ˜‰

  32. Stefan says:

    for me again, after exchange 2003 installation with sp2 an removing that again it was there again, and by this way it went away again…

  33. Stefan (Germany) says:

    Thank you very much, it works !!

  34. tom says:

    Thanks a million, this worked in my production 2k3 server! πŸ™‚

  35. cbsilcor says:

    Thanks a lot for this resolution, strange but effective, a million thanks

  36. Mike F says:

    Thanks!! This worked on one of my Win2003 production DC’s! Awesome!

  37. Boris says:

    Your solution works fine. Thanks from Bolivia…

  38. Leo says:

    Thanks for Grate Your Help!  From Japan–

  39. cmcirillo says:

    Don’t know how you figured this out, but it worked like a charm.  Thanks!

  40. Beetowen says:

    thx

  41. jomiro says:

    worked for me. thanks

  42. Thanks for that from Poland πŸ™‚

  43. Helpme says:

    Thanks for the straight-forward help. This type of help is far and few between… thanks again.

  44. Gregg5 says:

    That fixed my problem. The next Event id said "The CRM log file was originally created on a computer with a different name."

    Sure enough I had changed the name of a DC and that’s when it started.

    Thanks!!!

  45. andreaccs says:

    on behalf of a customer of mine THANK YOU!!

  46. Wafi Aljunedi says:

    Thanks, It’s wonderful with windows server2003 64 bit too.

  47. Murdock says:

    Thanks!  Helped another production system get healthy again!

  48. Ron Paul says:

    You’ve helped more than any other John Howard ever has.

    Top work for this find XD

  49. mike says:

    Had this problem.  Found your fix.  Worked great.  Thanks.  Happy Father’s Day!  Mike

  50. Froosh says:

    Simply opening and saving the config didn’t work for me, but I noticed that the account name was lacking a space (NetworkService rather than Network Service).  Adding the space got me working, no problems.

  51. Clive Evans says:

    Many many thanks, seems to have fixed it for me too.

  52. The Dave says:

    Years and a service pack later, still a relevant tip for an unfixed bug… Thanks once again!

  53. ECS Systems Administrator says:

    Mad props; solved my MSDTC event log entries as well.  Many thanks!

  54. Stu says:

    I found this today on a client DC (in Alberta, Canada!) and followed the steps above, worked perfect thank you.

  55. Roger Bray says:

    This started last week with no warning and no changes by anyone ( I know because I am the sole IT support). These steps kept me from losing my mind and resolved the issue immediately. Thanks a ton!

  56. Wahyoew says:

    Thanks from Indonesia

  57. Roy says:

    The domain controller in our environment got unexpectedly shutdown. Checked the logs & found this same log event captured just one minute before the shutoff of the machine.

    So, does this event result in a shutdown/reboot as well ?

    Thanks!

  58. Carlos says:

    I've had this error for some time now. The issue we've had is the with the server rebooting without notice. It stopped for about a week then started again. The only error I didn't see was this one while server was up. Not sure if the error only shows after reboot or not.