Detect Duplicate MSDTC CID

Any time two Windows Servers need to communicate to support application data requests, there’s a good chance the Distributed Transaction Coordinator or MSDTC will be involved. When two servers are configured and functioning correctly, like most things, you won’t even notice this layer of coordination between the two exists.

The problem is that in modern VM based corporate environments, it is very common for these DTC’s to be unable to communicate with one another if a VM admin builds machines from templates that are not properly sysprep’ed.

The bug is that if two MSDTC’s have the same CID (a GUID identifier), they cannot communicate with one another. They both believe they should have the same name effectively, so that can’t talk with one another.

As you can imagine this can be an annoying bug to track down as some servers will have issues connecting to only some servers, and only if the communication goes through MSDTC.

Fortunately, with PowerShell and a little bit of registry foo, we can test conclusively for this issue, and it’s an easy one to fix. Below is the script to detect it.

$machines = 'Server1','Server2'

$cidCol = @()

ForEach( $machine in $machines ) {
$objReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('ClassesRoot',$machine);
$objRegKeys = $objReg.OpenSubKey('CID');
$keys = $objRegKeys.GetSubKeyNames();

$objRegKeys = $keys | %{$objRegKeys.OpenSubKey($_)};

$cid = New-Object PSObject
        $cid | add-member Noteproperty computername $machine
        $cid | add-member Noteproperty id ($objRegKeys | %{$_.OpenSubKey('Description')} | ?{$_.GetValue("") -eq 'MSDTC' } | %{$_.Name.Replace('\Description','').Replace('HKEY_CLASSES_ROOT\CID\','')})
$cidCol += $cid

$cidCol | Sort-Object -Property id,computername | Format-Table

The output will be a table showing you the list of servers and their MSDTC CID’s. Any two or more entries with the same CID will be unable to participate in distributed transactions with one another.

The immediate fix is to uninstall and reinstall the DTC on each of the affected machines or at least $numberOfAffectedMachines – 1 machines, to ensure they all have unique ID’s.

The long term fix is to have a chat with your VM admin about sysprepping machines so you don’t have to deal with this anymore.

This could easily be turned into a function that will detect and then remotely fix this, but since I don’t run into this problem on a regular basis, I’ll leave that task as an exercise for any readers that do.