BizTalk 2006 and Active Directory
I had a tremendously frustrating experience recently configuring BizTalk Server 2006, but I walked away from the situation a little wiser. We wanted BizTalk Server on an Application Server communicating with a seperate Database Server running SQL Server 2005. I have performed multi-server environments before, but the vast majority had been installation and configuration on a single server (BizTalk and SQL Server on the same machine).
Having created the Domain Groups and Domain Accounts which were required, we set about to perform the Custom Configuration. The BizTalk Server 2006 Configuration Helper is a huge improvement when it comes to configuring BizTalk: a much cleaner interface and the ability to configure each service seperately. However, when we attempted to configure the BizTalk Group or Run Time configuration, we consistently saw the Red Warning Icon when we entered our Domain Group Names.
Initially, we were convinced that the problem was a configuration error. We read reams of documentation about the privileges required by the account running the Configuration Helper. We then verified that the domain group name was spelled correctly and that the application server could communicate with both the domain controller and the database server. As a side note, we wasted a good deal of time messing with the Distributed Transaction Coordinator (DTC), trying various accounts with elevated priveleges for this service: all of these made changes only made the issue worse. Finally we concluded that the issue must be an infrastructure one.
Well, it was an infrastructure problem, and an obscure one. The product documentation clearly states that BizTalk Server 2006 multi-server environments require an Active Directory domain; it cannot be installed in a Windows NT domain. This is good to know, but there is something else you need to know.
Active Directory has two modes: Native Mode and Mixed Mode. Native Mode means that every single server in the domain is a Windows Server 2000/2003 server. If you have even one NT server in the domain, you need to run your Active Directory in “Mixed Mode”. This is not a huge problem, except for the fact that in order for your Windows NT servers to communicate with the Active Directory Domain Controllers, the DC’s need to have a registry entry which allows the DC to appear like an NT Domain Controller to other NT servers; the registry key is called “NT4Emulator”. But it gets better! In order for your non-NT servers to see the Active Directory DC for what it is, each need a second registry key “NeutralizeNT4Emulator” so that these servers see the Active Directory Domain Controller. This issue is described in the following KB article:
We were aware that we were running in Mixed Mode, but not aware that this would have any impact upon BizTalk. Well, we added the appropriate registry key to both the Application Server and Database Server and the configuration went through.
Next time you configure BizTalk Server, be sure to ask about the domain environment in which it is planned to be deployed. It will save you some headache!