Distributed Transaction Coordinator

It is worth noting that by default MS DTC uses dynamic ports. I have seen firewall rules open the following ports for MSDTC: 135, 1024-65535. Which might as well have been open all ports!
The default dynamic port ranges are as follows: Windows Server 2003: 1024~65535; Windows Server 2008: 49152~65535

However, it is possible to restrict the ports that MS-DTC uses. When working in Clusters, this is of course more complicated. Some say you just need to update all the nodes in the cluster, however How to configure the MS-DTC service to listen on a specific RPC server port suggests otherwise. If you need to restrict the ports, then one option is to do this:

  • Start a Command Prompt and enter the following command: dcomcnfg
  • Expand "Component Services" and find "My Computer"
  • Right click "My Computer" and select "Properties"
  • Select the "Default Protocols" tab, highlight "Connection-oriented TCP/IP" and click "Properties"
  • Add a range, for example 5000-5020
  • Click OK a few times
This is a better approach than editing the registry, in my opinion.

It is worth searching for other articles on this subject, however I have found the following: