- 12 minutes to read

Release Notes

Prerequisites for the Microsoft BizTalk Server Monitoring Agent

This page details the prerequisites for installing and running the Nodinite Microsoft BizTalk Server Monitoring Agent to Monitor BizTalk Server Applications.

graph LR subgraph "Nodinite Instance" roMonitoringService(fal:fa-watch-fitness Monitoring Service) end subgraph "BizTalk Group - PROD" roMonitoringService --> roNI roNI(fal:fa-monitor-waveform BizTalk Server Monitoring Agent) --> roBT(fal:fa-server Any BizTalk node ) end subgraph "BizTalk SQL Instances" roNI --> roBTMgmtDB(fal:fa-database BizTalkMgmtDb) roNI --> roBTmsgboxDB(fal:fa-database BizTalkMsgboxDb) roNI --> roBTDTADb(fal:fa-database BizTalkDTADb) end subgraph "Nodinite SQL Instance" roNI-.-> roDBMonitoringDatabase(fal:fa-database Monitoring database) end subgraph "BizTalk Group - Test" roMonitoringService -.-> roNIT roBTT(fal:fa-server Any BizTalk node ) roNIT(fal:fa-monitor-waveform BizTalk Server Monitoring Agent) --> roBTT end

High-level architecture for deploying the Nodinite BizTalk Server Monitoring Agent.

Install the Agent on the same network as the BizTalk Server group you want to monitor. Nodinite can be installed anywhere—including the cloud or offsite—using Service Bus Relaying to securely connect to the Nodinite Microsoft BizTalk Server Monitoring Agent.

We recommend installing the Agent close to the BizTalk Server group (ideally on a BizTalk processing node) to unlock all features and maximize performance.

Verified Topic
Software Requirements
What Windows User Rights does the BizTalk Server Monitoring Agent require?
What Firewall settings are required for the Microsoft BizTalk Server Monitoring Agent?
What SQL user rights does the Microsoft BizTalk Server Monitoring Agent require?

Software requirements

Product
Windows Server Windows 2025
Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012
Windows 2008 R2		 Should be the same as the Windows version that BizTalk is installed on
.NET Framework .NET Framework 3.5.1 or later This is actually a prerequisite on the BizTalk Administrative Tools; The Agent makes use of the ExplorerOM.dll
.NET Framework .NET Framework 4.8 or laterNew 6.1 NOTE: Different versions of BizTalk have varying requirements
BizTalk Server Client Tools (free) Use a version equal to or higher than the target BizTalk Environment
SQL Server Binaries 1. DACFramework.msi Download SQL Server DACPAC binaries
Optionally SQL SSMS Latest SSMS

Versions <= 6.0 make use of the .NET Framework 4.5.2 or later.

Nodinite requires DACPAC SQL Binaries from Microsoft and is used to install and update databases. You can (and should) install a higher version (latest) than your SQL Server since Microsoft provides backwards compatibility. The other way around is not supported. No licensing cost is associated with installing and running the Microsoft DACPAC binaries.

Use the latest SSMS version to ensure you have a valid version of the required SQL Server binaries and it's only one installer (although more extensive)

If you experience issues installing or updating the Nodinite databases, the problem is almost always with an incompatible client version. Simply update either the SSMS tool or the DACFramework.msi to the latest available version.

If you cannot install the SQLPackage.exe on the BizTalk Application server, you can always manually update the Nodinite BizTalk Server Monitoring database directly on the SQL Server Instance.

Which versions of Microsoft BizTalk Server are supported?

Nodinite Microsoft BizTalk Server Monitoring Agent has support for the following Microsoft BizTalk Server versions (all editions, also regarding CU, SP, HotFix)

Product/Version Comment Enterprise Standard Developer
BizTalk Server 2020
BizTalk Server 2016
  • .NET 4.8 requires CU7 or later
  • .NET 4.7.2 requires CU2 or later
BizTalk Server 2013 R2 .NET 4.5.2 requires CU2 or later
BizTalk Server 2013
BizTalk Server 2010
  • .NET 4.5.2 Requires CU7 or later to run locally*
BizTalk Server 2009 *
BizTalk Server 2006 R2 *
BizTalk Server 2006 *

* .NET Framework 4.8New 6.1 or later and an appropriate version of the BizTalk Server Administration console must be installed on the server where the Nodinite Microsoft BizTalk Server Monitoring Agent is run.

What Windows User Rights does the BizTalk Server Monitoring Agent require?

The Agent usually runs as a Windows Service on one or more BizTalk Server application servers.

Fail-over cluster support exists for high availability.

The service account must be a member of the following Active Directory groups:

  • BizTalk Server Administrators - The Windows Service Account running the BizTalk Server Monitoring Agent must belong to the Windows Group used with the BizTalk Server Administrators (most Remote Actions require this level).
  • SSO Administrators - The Windows Service Account running the BizTalk Server Monitoring Agent must belong to the Windows Group used with the SSO Administrator role (some details and remote actions require this level)
  • Local Administrators -The Windows Service Account running the BizTalk Server Monitoring Agent must be a local administrator on all BizTalk Server nodes to read performance counters and allow the Start/Stop of Host Instances (which are actually Windows Services)

What Firewall settings are required for the Microsoft BizTalk Server Monitoring Agent?

The TCP/UDP ports that must be open for communication depend on the type of installation.

This section describes enterprise-grade installations with services on multiple servers; hence, many protocols are used for the different services.

graph TD subgraph "Nodinite Instance" roMonitoringService(fal:fa-watch-fitness Monitoring Service) end subgraph "BizTalk Group" roMonitoringService --> |8000| roNI roNI(fal:fa-monitor-waveform BizTalk Server Monitoring Agent) --> |WMI/RPC| roBT(fal:fa-server Any BizTalk node ) end subgraph "BizTalk SQL Instances" roNI --> |SQL, DTC, RPC, DNS| roBTMgmtDB(fal:fa-database BizTalkMgmtDb) roNI --> |SQL, DTC, RPC, DNS| roBTmsgboxDB(fal:fa-database BizTalkmsgboxDb) roNI --> |SQL, DTC, RPC, DNS| roBTDTADb(fal:fa-database BizTalkDTADb) end subgraph "Nodinite SQL Instance" roNI-.-> |SQL,DTC,RPC,DNS |roDBMonitoringDatabase(fal:fa-database Monitoring database) end

The Microsoft BizTalk Server Monitoring Agent has both inbound and outbound communication:

1. TCP Ports between the Monitoring Service and the Microsoft BizTalk Server Monitoring Agent

The following ports must be allowed on the Windows server where the Agent is installed and running :

Port Name Inbound Outbound TCP UDP Nodinite Version Comment
53 DNS All The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file)

And further with 'Option 1' or 'Option 2' as documented next:

Option 1a (Nodinite v7 - IIS hosted on local network)

Port Name Inbound Outbound TCP UDP Nodinite Version Comment
Custom HTTP/HTTPS v7 Agent IIS site port (configured during installation in the Portal). Only required if agent is on a remote IIS server

Note

Nodinite v7 IIS Hosting: When agents are hosted in IIS on the same server as the Nodinite application (typical installation), firewall rules are not required between the Monitoring Service and the agent. The custom port is assigned during installation via the Nodinite Portal and only needs to be opened if the agent is hosted on a remote IIS Windows Server.

Option 1b (Nodinite v6 and earlier - Windows Service on local network)

Port Name Inbound Outbound TCP UDP Nodinite Version Comment
8000 RPC v6 and earlier Communication is initiated by the Monitoring Service. Only used with legacy MSI installer on remote Windows servers

Note

Nodinite v6 Legacy: Port 8000 is only used when agents have default installations on remote Windows servers using the legacy MSI installer. This port is not required for Nodinite v7 IIS-hosted agents.

Option 2 (Cloud/Hybrid - All versions)

Use Service Bus Relayed connections when Nodinite and the Agent are on different networks.

Nodinite uses the On-Premise data gateway. Review the 'Adjust communication settings for the on-premises data gateway' user guide for additional information.

Port Name Inbound Outbound TCP UDP Nodinite Version Comment
443 HTTPS All Secure outbound traffic
5671, 5672 Secure AMQP All
9350 - 9354 Net.TCP All

2. Between the BizTalk Server Monitoring Agent and Target Servers

The following sections detail firewall requirements organized by service. Four types of servers participate in the monitoring interchange:

  • Agent Server - Where the Nodinite Microsoft BizTalk Server Monitoring Agent is installed (typically on a BizTalk processing node)
  • BizTalk Servers - All BizTalk Server nodes in the group being monitored
  • SQL Server - SQL Server instances hosting BizTalk databases (BizTalkMgmtDB, BizTalkDTADb, BizTalkMsgBoxDb) and optionally the Nodinite Monitoring database
  • Domain Controller (DC) - Active Directory server for Kerberos/LDAP authentication

WMI/RPC Monitoring (Agent → BizTalk Servers)

Required for monitoring BizTalk Server nodes, reading performance counters, and managing Host Instances. The Nodinite Microsoft BizTalk Server Monitoring Agent uses WMI, which is highly configurable in Windows.

Direction Source Destination Protocol Port(s) Purpose Notes
Outbound Agent Server BizTalk Servers TCP 135 RPC Endpoint Mapper Required for WMI and DCOM communication
Outbound Agent Server BizTalk Servers TCP 445 SMB / RPC over Named Pipes Required for Windows Performance Counter access and remote registry
Outbound Agent Server BizTalk Servers TCP 50000–50200 WMI / RPC Dynamic Ports BizTalk is aggressive on TCP port usage. Actual range depends on Windows RPC configuration. Review 'Configure RPC dynamic port allocation' and 'Configure MSDTC'
Inbound BizTalk Servers Agent Server TCP Same as outbound Response traffic Automatically allowed by stateful firewall inspection

Note

RPC Dynamic Port Range: Some documents online state 5000–5020, which is incorrect. BizTalk Server environments typically require a broader range like 50000–50200. You may need to allow additional dynamic ports depending on your configuration. The standard Windows dynamic range is 49152–65535, but this can be restricted using netsh commands.

SQL Server Connection (Agent → BizTalk SQL Servers)

Required for connecting to BizTalk databases (BizTalkMgmtDB, BizTalkDTADb, BizTalkMsgBoxDb) and optionally the Nodinite Monitoring database for extended metrics and clustering support. For performance reasons, the agent directly queries BizTalk databases rather than using the ExplorerOM.dll binary.

Direction Source Destination Protocol Port(s) Purpose Notes
Outbound Agent Server SQL Server TCP 1433 SQL Server default instance Default port. Named instances use dynamic ports in range 49152–65535
Outbound Agent Server SQL Server TCP 49152–65535 SQL Server named instances Dynamic port range. Check SQL Server Configuration Manager for specific port
Outbound Agent Server SQL Server TCP 135 RPC Endpoint Mapper Required for MSDTC distributed transactions and remote procedure calls
Inbound SQL Server Agent Server TCP Same as outbound Response traffic Automatically allowed by stateful firewall inspection

Tip

Multiple Messageboxes: BizTalk environments often have multiple messagebox databases on different SQL Server instances. Ensure firewall rules allow the Agent Server to reach all SQL Server instances hosting BizTalk databases (BizTalkMgmtDB, BizTalkDTADb, and all BizTalkMsgBoxDb instances).

Tip

Nodinite Monitoring Database: If you use extended metrics/statistics or agent clustering, the Agent also connects to a SQL Server instance hosting the Nodinite Monitoring database. Use the same firewall rules as documented above. See the Configuration and Monitoring Agent Databases user guides for details.

Authentication (Agent → Domain Controller)

Required for Kerberos authentication and Active Directory queries. The agent service account must be a domain account with membership in BizTalk Server Administrators, SSO Administrators, and Local Administrators groups.

Direction Source Destination Protocol Port(s) Purpose Notes
Outbound Agent Server Domain Controller TCP/UDP 88 Kerberos authentication Required for domain authentication. Review 'Microsoft Kerberos'
Outbound Agent Server Domain Controller TCP/UDP 389 LDAP Standard LDAP queries for Active Directory
Outbound Agent Server Domain Controller TCP 636 LDAPS (Secure LDAP) Required for secure LDAP authentication
Outbound Agent Server Domain Controller TCP 445 SMB Used if Group Policy or certificate access is needed
Inbound Domain Controller Agent Server TCP/UDP Same as outbound Response to Kerberos / LDAP Usually allowed by stateful firewall inspection

Note

DNS Resolution: All servers (Agent, BizTalk Servers, SQL Servers, and Domain Controllers) require outbound access to DNS on TCP/UDP port 53 for name resolution. This is already listed in section 1 and applies universally. You can optionally solve this using entries in the local hosts file on each server. Review 'DNS works on TCP and UDP'.

Important

Stateful Firewalls: Most modern Windows Firewall implementations are stateful, meaning inbound response traffic for established outbound connections is automatically allowed. The inbound rules listed above are primarily for reference and troubleshooting scenarios where stateful inspection may be disabled or restricted.

2. TCP Ports between Nodinite BizTalk Server Monitoring Agent and Microsoft BizTalk Server

The Nodinite Microsoft BizTalk Server Monitoring Agent uses WMI, which is highly configurable in Windows. Actual ports used may therefore be different from what's documented here.

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance). Review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 DTC/RPC This port is shared between many Windows Services
445 SMB, RPC/NP Windows Performance Counters Access
50000 - 50200 RPC dynamic ports) WMI/RPC Depends on policies and settings in the target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide and the Learn how to configure the Microsoft Distributed Transaction Coordinator (MSDTC) Windows Service

Note

Some documents online state 5000 - 5020, which is a typo; BizTalk is aggressive on the usage of TCP ports, and you may need to allow many other dynamic ports, depending on the configuration.

3. TCP Ports between the Nodinite Microsoft BizTalk Server Monitoring Agent and SQL Server instance with Nodinite Monitoring database

This section applies if you use the extended metrics and statistics or if you have clustered the Nodinite Microsoft BizTalk Server Monitoring Agent. The Configuration user guide explains how to enable this feature.

The Monitoring Agent Databases user guide explains in detail which TCP/UDP ports are in use.

4. TCP Ports between Microsoft BizTalk Server Monitoring Agent and SQL Server with BizTalk databases

There are at least three BizTalk Server databases:

  1. BizTalkMgmtDB
  2. BizTalkDTADb
  3. BizTalkMsgboxDb

Note

There may be multiple messageboxes depending on the type of environment/installation.

For performance reasons, the Nodinite Microsoft BizTalk Server Monitoring Agent uses the data from the BizTalk databases to get lightning-fast access to the data without using the 'ExplorerOM.dll' binary from the Microsoft SDK.

The BizTalk Server databases may also be scattered on different SQL Server instances. From a firewall perspective, the same ports are involved; hence, they are only documented once.

The Monitoring Agents require opening outbound ports. Since Nodinite is highly configurable, the actual ports in use may differ from what's being illustrated here.

You must ensure that the TCP/UDP ports in use are allowed by your firewalls. Depending on the location of the SQL databases, the used ports may differ. The following Windows Services are involved:

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance). Review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 DTC/RPC This port is shared between many Windows Services
1433/... SQL Server instance ports (multiple) Depend on policies and settings in the target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide

What SQL user rights does the Microsoft BizTalk Server Monitoring Agent require?

The service account running the BizTalk Server Monitoring Agent must have the following rights assigned:

Note

db_ddladmin is required for the service account to have proper rights to read statistics. Performance may be degraded Without this permission, especially for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

BizTalkMGMTDb

  • DataReader
  • DataWriter (Changes to BizTalk artifacts can be performed using Remote Actions)
  • db_ddladmin (see note)

BizTalkDTADb

  • DataReader
  • DataWriter (for BizTalk Health check related operations/actions)
  • db_ddladmin (see note)
  • BTS_OPERATORS (should be inherited by the membership with BizTalk Server Administrators)

BizTalkMSGBoxDb

  • DataReader
  • DataWriter (for BizTalk Health check related operations/actions)
  • db_ddladmin (see note)
  • BTS_OPERATORS (should be inherited by the membership with BizTalk Server Administrators)

Nodinite BizTalk Monitoring database

If you have multiple Monitoring Agents installed, there is one database per instance. Repeat as necessary.

  • db_owner (required to apply DACPAC updates)

Frequently asked questions

Additional solutions to common problems for the Nodinite Microsoft BizTalk Server Monitoring Agent FAQ exist in the Troubleshooting user guide.

Next Step

Add or manage a Monitoring Agent Configuration
Install BizTalk Monitoring Agent

Monitoring
Administration