Could not import a DTC transaction During Install BizTalk 2013 Windows/SQL 2012 Cluster

The task: Move the BizTalk SSO and SQL Server cluster from a Windows 2008 R2/SQL Server 2008 setup to a Windows 2012/SQL Server 2012 cluster.

All in all, in theory this was a relatively simple task.

  • setup the new environment with BizTalk SSO components and SQL Server
  • configure MSDTC and Cluster Failover between the two
  • Unconfigure the BizTalk Runtime servers (there are two in our case) to disassociate them from the old SQL/SSO cluster.
  • Reconfigure the BizTalk Runtime servers to use the new cluster
  • import all applications and configuration

In practice it took much longer and had a few more hiccups than expected. The biggest one happened while just trying to get the BizTalk Runtime to just kept failing saying that the SSO server could not be contacted. This was despite the fact that every other component successfully finished configuring (SSO, Group and Business Rules Engine).

It would finish with an error telling me to check the error logs on the SSO server for more details. Which I did and found the following:

Could not import a DTC transaction. Please check that MSDTC is configured correctly for remote operation. See documentation for details. Error Code: 0x80070057, The parameter is incorrect.

Followed by:

Failed to initialize the needed name objects. Error Specifics: hr = 0x80004005, com\complus\dtc\dtc\msdtcprx\src\dtcinit.cpp:575, CmdLine: "C:\Program Files\Common Files\Enterprise Single Sign-On\ENTSSO.exe", Pid: 4200

After some searching I found a post on the Dutch MSDN forums. It wasn't until I saw the post by Tomi Koivisto that figured out what to do. The user posted the following on November 6, 2013:

I got rid of this error by giving Read permission to SSO service account for the cluster.
  Open  “Failover Cluster manager” console.
  Right-click on the cluster name, and click on Properties
  On the “Cluster Properties”  dialog box, click on “Cluster Permissions” tab.
  Grant read Rights for the  EntSSO service account.
Restart the SSO cluster role/group
Thanks to the MS Support!

I ended up having to grant Full Control, but after that I stopped/started the Node and was able to configure the BizTalk Runtime quick as a bunny.