Merge pull request from rothja/msdtclinux

rothja · web-flow · commit 1befd6ee121c · 2018-09-11T09:51:43.000-04:00
Adding MSDTC configuration article
diff --git a/docs/linux/sql-server-linux-configure-msdtc.md b/docs/linux/sql-server-linux-configure-msdtc.md
@@ -0,0 +1,153 @@
+---
+title: How to configure MSDTC on Linux | Microsoft Docs
+description: This article provides a walk-through for configuring MSDTC on Linux.
+author: rothja 
+ms.author: jroth 
+manager: craigg
+ms.date: 09/24/2018
+ms.topic: conceptual
+ms.prod: sql
+ms.component: ""
+ms.suite: "sql"
+ms.custom: "sql-linux"
+ms.technology: linux
+monikerRange: ">= sql-server-ver15 || = sqlallproducts-allversions"
+---
+# How to configure the Microsoft Distributed Transaction Coordinator (MSDTC) on Linux
+
+[!INCLUDE[appliesto-ss-xxxx-xxxx-xxx-md-linuxonly](../includes/appliesto-ss-xxxx-xxxx-xxx-md-linuxonly.md)]
+
+This article describes how to configure the Microsoft Distributed Transaction Coordinator (MSTDC) on Linux. MSDTC support on Linux was introduced in SQL Server 2019 CTP 2.0.
+
+## Supported MSDTC configurations
+
+The following MSDTC configurations are supported:
+
+- OLE-TX Distributed transactions against SQL Server on Linux for both ODBC/JDBC providers.
+- XA Distributed transactions against SQL Server on Linux using both ODBC/JDBC provider (requires the use of the latest ODBC provider).
+- Distributed transactions on Linked server.
+
+For limitations and known issues for MSDTC in CTP 2.0, see [Release notes for SQL Server 2019 CTP on Linux](sql-server-linux-release-notes-2019.md#msdtc).
+
+## MSDTC configuration overview
+
+Distributed transactions are enabled on SQL Server on Linux by introducing MSDTC and RPC endpoint mapper functionality within SQL Server. By default, an RPC endpoint mapping process listens on port 135 for incoming RPC requests and routes that to appropriate components (such as the MSDTC service). A process requires super user privilege to bind to system ports (port numbers less than 1024) on Linux. To avoid starting SQL Server with root privileges for the RPC endpoint mapper process, system administrators must use iptables to create NAT translation to route traffic on port 135 to SQL Server's RPC endpoint mapping process.
+
+SQL Server 2019 introduces two configuration parameters for the mssql-conf utility.
+
+| mssql-conf setting | Description |
+|---|---|
+| **network.rpcport** | The RPC port that the RPC endpoint manager process binds to. |
+| **network.servertcpport** | The port that the MSDTC server listens to. |
+
+For more information about these settings and other related MSDTC settings, see [Configure SQL Server on Linux with the mssql-conf tool](sql-server-linux-configure-mssql-conf.md#msdtc).
+
+There are three steps to configure MSDTC communication and functionality.
+
+- Configure **network.rpcport** and **distributedtransaction.servertcpport** using mssql-conf.
+- Configure Linux server routing so that RPC communication on port 135 is redirected to SQL Server's **network.rpcport**.
+- Configure the firewall to allow communication on both **rpcport** and **servertcpport** so the RPC endpoint mapping process and MSDTC process can communicate externally to other transaction managers and coordinators.
+
+> [!IMPORTANT]
+> If the neccessary configuration steps are not done, SQL Server will not enable MSDTC functionality.
+
+The following sections provide detailed instructions for each step.
+
+## Configure RPC and MSDTC ports
+
+First, configure **network.rpcport** and **distributedtransaction.servertcpport** using mssql-conf.
+
+1. Use mssql-conf to set the **network.rpcport** value. The following example sets it to 13500.
+
+   ```bash
+   sudo /opt/mssql/bin/mssql-conf set network.rpcport 13500
+   ```
+
+1. Set the **distributedtransaction.servertcpport** value. The following example sets it to 51999.
+
+   ```bash
+   sudo /opt/mssql/bin/mssql-conf set distributedtransaction.servertcpport 51999
+   ```
+
+1. Restart SQL Server.
+
+   ```bash
+   sudo systemctl restart mssql-server
+   ```
+
+## Configure port routing
+
+Configure the Linux server routing table so that RPC communication on port 135 is redirected to SQL Server's **network.rpcport**. The iptable rules may not persist during reboots, so the following commands also provide instructions for restoring the rules after a reboot.
+
+1. Create routing rules for port 135. In the following example, port 135 is directed to the RPC port, 13500, defined in the previous section. Replace `<ipaddress>` with the IP address of your server.
+
+   ```bash
+   iptables -t nat -A PREROUTING -d <ip> -p tcp --dport 135 -m addrtype --dst-type LOCAL -j DNAT --to-destination <ip>:13500
+
+   iptables -t nat -A OUTPUT -d <ip> -p tcp --dport 135 -m addrtype --dst-type LOCAL -j DNAT --to-destination <ip>:13500
+   ```
+
+1. View the routing rules you created with the following command:
+
+   ```bash
+   sudo iptables -t nat -L
+   ```
+
+1. Save the routing rules to a file on your machine.
+
+   ```bash
+   iptables-save > /etc/iptables.conf
+   ```
+
+1. Add the following command to `/etc/rc.local` to reload the rules after a reboot.
+
+   ```bash
+   iptables-restore < /etc/iptables.conf
+   ```
+
+> [!TIP]
+> If you need to recreate or delete existing routing rules, you can use the `-D` parameter of **iptable** and specify the name of the routing rule to remove.
+
+## Configure the firewall
+
+The final step is to configure the firewall to allow communication on both **rpcport** and **servertcpport**. The actual steps for this will vary depending on your Linux distribution and firewall. The following example shows how to create these rules on Ubuntu.
+
+```bash
+sudo ufw allow from any to any port 13500 proto tcp
+sudo ufw allow from any to any port 51999 proto tcp
+```
+
+The following example shows how this could be done on Red Hat Enterprise Linux:
+
+```bash
+sudo firewall-cmd --zone=public --add-port=51999/tcp --permanent
+sudo firewall-cmd --zone=public --add-port=13500/tcp --permanent
+sudo firewall-cmd --reload
+```
+
+## Verify
+
+At this point, SQL Server should be able to participate in distributed transactions. To verify that SQL Server is listening, run the following command:
+
+```bash
+sudo netstat -tulpn | grep sqlservr
+```
+
+You should see output similar to the following:
+
+```bash
+tcp 0 0 0.0.0.0:1433 0.0.0.0:* LISTEN 13911/sqlservr
+tcp 0 0 127.0.0.1:1434 0.0.0.0:* LISTEN 13911/sqlservr
+tcp 0 0 0.0.0.0:13500 0.0.0.0:* LISTEN 13911/sqlservr
+tcp 0 0 0.0.0.0:51999 0.0.0.0:* LISTEN 13911/sqlservr
+tcp6 0 0 :::1433 :::* LISTEN 13911/sqlservr
+tcp6 0 0 ::1:1434 :::* LISTEN 13911/sqlservr
+tcp6 0 0 :::13500 :::* LISTEN 13911/sqlservr
+tcp6 0 0 :::51999 :::* LISTEN 13911/sqlservr
+```
+
+However, after a restart, SQL Server does not start listening on the **servertcpport** until the first distributed transaction. In this case you would not see SQL Server listening on port 51999 in this example until the first distributed transaction.
+
+## Next steps
+
+For more information about SQL Server on Linux, see [SQL Server on Linux](sql-server-linux-overview.md).
diff --git a/docs/linux/sql-server-linux-configure-mssql-conf.md b/docs/linux/sql-server-linux-configure-mssql-conf.md
@@ -24,7 +24,7 @@ ms.assetid: 06798dff-65c7-43e0-9ab3-ffb23374b322
 | [Agent](#agent) | Enable SQL Server Agent |
 | [Collation](#collation) | Set a new collation for SQL Server on Linux. |
 | [Customer feedback](#customerfeedback) | Choose whether or not SQL Server sends feedback to Microsoft. |
-| [Database Mail Profile](#dbmail) | Set the default database mail profile for SQL Server on Linux |
+| [Database Mail Profile](#dbmail) | Set the default database mail profile for SQL Server on Linux. |
 | [Default data directory](#datadir) | Change the default directory for new SQL Server database data files (.mdf). |
 | [Default log directory](#datadir) | Changes the default directory for new SQL Server database log (.ldf) files. |
 | [Default master database file directory](#masterdatabasedir) | Changes the default directory for the master database files on existing SQL installation.|
@@ -37,6 +37,7 @@ ms.assetid: 06798dff-65c7-43e0-9ab3-ffb23374b322
 | [Local Audit directory](#localaudit) | Set a a directory to add Local Audit files. |
 | [Locale](#lcid) | Set the locale for SQL Server to use. |
 | [Memory limit](#memorylimit) | Set the memory limit for SQL Server. |
+| [Microsoft Distributed Transaction Coordinator](#msdtc) | Configure and troubleshoot MSDTC on Linux. |
 | [TCP port](#tcpport) | Change the port where SQL Server listens for connections. |
 | [TLS](#tls) | Configure Transport Level Security. |
 | [Traceflags](#traceflags) | Set the traceflags that the service is going to use. |
@@ -441,6 +442,46 @@ The **memory.memorylimitmb** setting controls the amount physical memory (in MB)
    sudo systemctl restart mssql-server
    ```
 
+## <a id="msdtc"></a> Configure MSDTC
+
+The **network.rpcport** and **distributedtransaction.servertcpport** settings are used to configure the Microsoft Distributed Transaction Coordinator (MSDTC). To change these settings, run the following commands:
+
+1. Run the mssql-conf script as root with the **set** command for "network.rpcport":
+
+   ```bash
+   sudo /opt/mssql/bin/mssql-conf set network.rpcport <rcp_port>
+   ```
+
+2. Then set the "distributedtransaction.servertcpport" setting:
+
+   ```bash
+   sudo /opt/mssql/bin/mssql-conf set distributedtransaction.servertcpport <servertcpport_port>
+   ```
+
+In addition to setting these values, you must also configure routing and update the firewall for port 135. For more information on how to do this, see [How to configure MSDTC on Linux](sql-server-linux-configure-msdtc.md).
+
+There are several other settings for mssql-conf that you can use to monitor and troubleshoot MSDTC. The following table briefly describes these settings. For more information on their use, see the details in the Windows support article, [How to enable diagnostic tracing for MS DTC](https://support.microsoft.com/en-us/help/926099/how-to-enable-diagnostic-tracing-for-ms-dtc-on-a-windows-based-compute).
+
+| mssql-conf setting | Description |
+|---|---|
+| distributedtransaction.allowonlysecurerpccalls | Configure secure only rpc calls for distributed transactions |
+| distributedtransaction.fallbacktounsecurerpcifnecessary | Configure security only rpc calls for distributed |transactions
+| distributedtransaction.maxlogsize | DTC transaction log file size in MB. Default is 64MB |
+| distributedtransaction.memorybuffersize | Circular buffer size in which traces are stored. This size is in MB and default is 10MB |
+| distributedtransaction.servertcpport | MSDTC rpc server port |
+| distributedtransaction.trace_cm | Traces in the connection manager |
+| distributedtransaction.trace_contact | Traces the contact pool and contacts |
+| distributedtransaction.trace_gateway | Traces Gateway source |
+| distributedtransaction.trace_log | Log tracing |
+| distributedtransaction.trace_misc | Traces that cannot be categorized into the other categories |
+| distributedtransaction.trace_proxy | Traces that are generated in the MSDTC proxy |
+| distributedtransaction.trace_svc | Traces service and .exe file startup |
+| distributedtransaction.trace_trace | The trace infrastructure itself |
+| distributedtransaction.trace_util | Traces utility routines that are called from multiple locations |
+| distributedtransaction.trace_xa | XA Transaction Manager (XATM) tracing source |
+| distributedtransaction.tracefilepath | Folder in which trace files should be stored |
+| distributedtransaction.turnoffrpcsecurity | Enable or disable RPC security for distributed transactions |
+
 ## <a id="tcpport"></a> Change the TCP port
 
 The **network.tcpport** setting changes the TCP port where SQL Server listens for connections. By default, this port is set to 1433. To change the port, run the following commands:
@@ -451,13 +492,13 @@ The **network.tcpport** setting changes the TCP port where SQL Server listens fo
    sudo /opt/mssql/bin/mssql-conf set network.tcpport <new_tcp_port>
    ```
 
-1. Restart the SQL Server service:
+2. Restart the SQL Server service:
 
    ```bash
    sudo systemctl restart mssql-server
    ```
 
-1. When connecting to SQL Server now, you must specify the custom port with a comma (,) after the hostname or IP address. For example, to connect with SQLCMD, you would use the following command:
+3. When connecting to SQL Server now, you must specify the custom port with a comma (,) after the hostname or IP address. For example, to connect with SQLCMD, you would use the following command:
 
    ```bash
    sqlcmd -S localhost,<new_tcp_port> -U test -P test
@@ -544,6 +585,9 @@ accepteula = Y
 captureminiandfull = true
 coredumptype = full
 
+[distributedtransaction]
+servertcpport = 51999
+
 [filelocation]
 defaultbackupdir = /var/opt/mssql/data/
 defaultdatadir = /var/opt/mssql/data/
@@ -563,6 +607,7 @@ memorylimitmb = 4096
 forceencryption = 0
 ipaddress = 10.192.0.0
 kerberoskeytabfile = /var/opt/mssql/secrets/mssql.keytab
+rpcport = 13500
 tcpport = 1401
 tlscert = /etc/ssl/certs/mssql.pem
 tlsciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
diff --git a/docs/linux/sql-server-linux-release-notes-2019.md b/docs/linux/sql-server-linux-release-notes-2019.md
@@ -20,7 +20,7 @@ monikerRange: ">= sql-server-linux-ver15  || >= sql-server-ver15 || = sqlallprod
 The following release notes apply to SQL Server 2019 CTP running on Linux. This article is broken into sections for each release. Each release has a link to a support article describing the CU changes as well as links to the Linux package downloads.
 
 > [!TIP]
-> To learn about new Linux features in SQL Server 2019, see [What's new in SQL Server 2019 CTP 2.0 for Linux](../sql-server/what-s-new-in-sql-server-ver15.md#sqllinux).
+> To learn about new Linux features in SQL Server 2019, see [What's new in SQL Server 2019](../sql-server/what-s-new-in-sql-server-ver15.md).
 
 ## Supported platforms
 
@@ -58,9 +58,9 @@ If you are updating existing SQL Server packages, run the appropriate update com
 - [Install SQL Server vNext Machine Learning Services R and Python support on Linux](sql-server-linux-setup-machine-learning.md)
 - [Enable SQL Server Agent](sql-server-linux-setup-sql-agent.md)
 
-## <a id="CU9-GDR2"></a> CU9-GDR2 (August 2018)
+## <a id="CTP20"></a> CTP 2.0 (September 2018)
 
-This is a security update that also includes the previously released CU (CU9) for SQL Server 2017. The SQL Server engine version for this release is 14.0.3035.2. For information about the fixes and improvements in this release, see [https://support.microsoft.com/en-us/help/4293805](https://support.microsoft.com/en-us/help/4293805).
+The following sections provide package locations and known issues for the CTP 2.0 release. To learn more about new features for Linux on SQL Server 2019, see the [What's new in SQL Server 2019](../sql-server/what-s-new-in-sql-server-ver15.md).
 
 ### Package details
 
@@ -72,6 +72,12 @@ For manual or offline package installations, you can download the RPM and Debian
 | SLES RPM package | xx.x.xxxx.xx-1 | [mssql-server Engine RPM package](https://packages.microsoft.com/sles/12/mssql-server-2017/mssql-server-xx.x.xxxx.xx-1.x86_64.rpm)</br>[High Availability RPM package](https://packages.microsoft.com/sles/12/mssql-server-2017/mssql-server-ha-xx.x.xxxx.xx-1.x86_64.rpm)</br>[Full-text Search RPM package](https://packages.microsoft.com/sles/12/mssql-server-2017/mssql-server-fts-xx.x.xxxx.xx-1.x86_64.rpm) | 
 | Ubuntu 16.04 Debian package | xx.x.xxxx.xx-1 | [Engine Debian package](https://packages.microsoft.com/ubuntu/16.04/mssql-server-2017/pool/main/m/mssql-server/mssql-server_xx.x.xxxx.xx-1_amd64.deb)</br>[High Availability Debian package](https://packages.microsoft.com/ubuntu/16.04/mssql-server-2017/pool/main/m/mssql-server-ha/mssql-server-ha_xx.x.xxxx.xx-1_amd64.deb)</br>[Full-text Search Debian package](https://packages.microsoft.com/ubuntu/16.04/mssql-server-2017/pool/main/m/mssql-server-fts/mssql-server-fts_xx.x.xxxx.xx-1_amd64.deb)<br/> |
 
+### Known issues
+
+#### <a id="msdtc"></a> Microsoft Distributed Transaction Coordinator
+
+Currently, MSDTC requires transactions to be unauthenticated. For example, if you are using a linked server from SQL Server on Windows to SQL Server on Linux or use a Windows client application to start a distributed transaction against SQL Server on Linux, then MSDTC on Windows server/client is required to use option "No Authentication Required".
+
 ## Next steps
 
 To get started, see the following quickstarts:
diff --git a/docs/linux/toc.yml b/docs/linux/toc.yml
@@ -87,7 +87,9 @@
       href: sql-server-linux-configure-environment-variables.md
     - name: Configure Docker containers
       href: sql-server-linux-configure-docker.md
-    - name: Customer Feedback
+    - name: Configure MSDTC
+      href: sql-server-linux-configure-msdtc.md
+    - name: Customer feedback
       href: sql-server-linux-customer-feedback.md
   - name: Develop
     href: sql-server-linux-develop-overview.md
