XP SP2 and Transactions
The preview (RC2) of Windows XP Service Pack 2 is available for download at https://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
The general info about it can be found at https://msdn.microsoft.com/security/productinfo/XPSP2/default.aspx and https://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx More info about the changes in MSDTC is also available at https://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2otech.mspx#EBAA and https://support.microsoft.com/?id=899191
In this post I will cover what changes are introduced in this SP for distributed transactions, what is the impact on your applications and how can you re-enable your scenarios.
When you install XP SP2, all network MSDTC transactions will be disabled, even if network transactions had been previously enabled. This means that if you are using COM+ or Enterprise Services (or simple OleTx clients and resource managers) to flow transactions from or into the box, you will need to follow the steps defined below to re-enable your scenarios.
The first step is to enable network transactions in the Security Configuration dialog for MSDTC. To do this, open Control Panel\Administrative Tools\Component Services. Then select Component Services\Computer\My Computer, right-click and choose Properties. On the MSDTC tab, press "Security Configuration..." button and then select what you need. You will notice that the old checkbox “Network Transactions” has been replaced with a new group of settings named “Transaction Manager Communication”. This group contains two new checkboxes and 3 radio buttons, defined below.
“Allow Inbound” when enabled will allow a remote computer to flow transactions to the local computer; this is typically needed on the box hosting the MSDTC for a resource manager like Microsoft SQL Server. When enabled, “Allow Outbound” will allow the local computer to flow transactions to a remote computer; this is typically needed on the “client” box, where the transaction is initiated.
When “Mutual Authentication Required” is selected, the local MSDTC (proxy or service) will communicate with a remote MSDTC service using only encrypted messages and mutual authentication (Windows Domain authentication). If a secure communication cannot be established with the remote system, the communication will be denied. “Incoming Caller Authentication Required” means that if mutual authentication cannot be established, but the incoming caller can be authenticated, then the communication will be allowed. Currently only Windows 2003 Server and XP SP2 support the first two options. “No Authentication Required” means that the MSDTC communication on the network can fallback to a non authenticated and non encrypted communication if the attempts to start a secure communication will fail. The “no authentication required” option is for compat communications with previous OSes (W2K, XP RTM and XP SP1); this setting needs also to be used when the computers involved are located in two untrusted Windows domains or in a Windows workgroup. If your XP SP2 box is talking to a Windows 2003 system that has disabled it’s RPC security for MSDTC (using TurnOffRpcSecurity registry key - see https://blogs.msdn.com/florinlazar/archive/2004/03/02/82916.aspx for more info), then you will need to use this third option on the XP SP2 box to enable network transactions between the two systems.
The second step in enabling network transactions is related to the firewall. By default, after installing XP SP2, the Windows Firewall will be on. To enable network transactions through the firewall, you will need to add the msdtc.exe to the exception list of the firewall on all the machines involved in the transactions. You can do this using the UI in Control Panel\Windows Firewall or you can use this command: “netsh firewall set allowedprogram %windir%\system32\msdtc.exe MSDTC enable”.
Another configuration setting that you need to be aware (although I consider it to be an uncommon scenario) is RestrictRemoteClients registry key. If the value of this key is set to 2 (RPC_RESTRICT_REMOTE_CLIENT_HIGH) then MSDTC network transactions will not be able to work properly. MSDTC supports only RPC_RESTRICT_REMOTE_CLIENT_NONE (0) and RPC_RESTRICT_REMOTE_CLIENT_DEFAULT (1) values. See https://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#XSLTsection128121120120 for more info on RestrictRemoteClients.
I recommend and I encourage you to give a try to this release candidate for XP SP2 on your test systems and send your feedback to the XP SP2 preview newsgroups: https://communities.microsoft.com/newsgroups/default.asp?icp=xpsp2&slcid=us . Thanks!
[Updated Sep 20, 2004]
Comments
Anonymous
June 17, 2004
Florian Lazar on DTC Transactions and Windows XP SP2. I'll definitely need this more often than not....Anonymous
June 19, 2004
Yeah, so I am restarting blogging with some updates on XP SP2 security. It seems Microsoft has made significant changes to how COM objects are accessed over the network in XP SP2. Official details are here. Also, check out Florin...Anonymous
June 24, 2004
I read the docs on MSDN awhile ago and don't remember any mention of MSDTC. If this material isn't there, can you get this up there?
KCAnonymous
June 24, 2004
Ken,
Are you referring to MSDTC documentation in general? If so, you can find it at http://msdn.microsoft.com/library/?url=/library/en-us/cossdk/htm/dtc_toplevel_6vjm.asp?frame=trueAnonymous
June 25, 2004
MSDN has a ton of material on XP SP2 changes for both admins and developers. The way they wrote it, their list was everything one needs to know about SP2. Your blog post is important information that (I think) is missing.
I remember seeing the gory details about DCOM and RPC changes. I don't remember seeing anything about MSDTC changing.
KCAnonymous
July 01, 2004
Ken, the information from this post will be added to MSDN.Anonymous
July 12, 2004
http://weblogs.asp.net/angelsb/archive/2004/07/12/180833.aspx
Great information on setting up the operating system! ThanksAnonymous
April 14, 2005
Que les puedo decir, el SP1 de Windows 2K3 tambien afecta a BizTalk de la misma forma que lo hace el...Anonymous
April 14, 2005
Que les puedo decir, el SP1 de Windows 2K3 también afecta a BizTalk de la misma forma que lo hace el...Anonymous
April 26, 2005
In order to allow Windows XP SP2 or Windows Server 2003 SP1 to talk to a remote MSDTC located in a cluster,...Anonymous
May 16, 2005
RePost:
http://www.yeyan.cn/Database/WindowsXPSP2Transactions.aspxAnonymous
May 17, 2005
The comment has been removedAnonymous
June 23, 2005
The comment has been removedAnonymous
July 08, 2005
The comment has been removedAnonymous
July 12, 2005
SOLUTION...[Microsoft][ODBC driver for Oracle]Failure in DTC: not able to validate open information.
I added the key as I mentioned above and it works. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSDTCXALL]
The error only happens when in the VB6 app the MTSTransactionMode is set to 2.Anonymous
August 04, 2005
Thanks so much for this, our admin did an upgrade and I have been trying to track this issue down!Anonymous
September 16, 2005
In today's world, security hardening is causing many headaches to software developers and admins. Especially...Anonymous
October 04, 2005
Thanks a lot. Very good descriptions. It solved my MSDTC problems in Windows Server 2003.Anonymous
November 02, 2005
Any other/or more ideas?This's not solved my problem, and I'm still receiving errors when opening site from Windows Xp SP2 ..such like session variables which return empty etc..I'm sure the site's ok, as tt's still running in a Windows 2000 OS.. thxAnonymous
November 02, 2005
I Solved! IIS could not solve my address, I tried with IP Address and now everything it's ok!Anonymous
February 17, 2006
The comment has been removedAnonymous
February 18, 2006
To: ali
What version of Windows 2003 are you running? Web Edition by chance?Anonymous
March 09, 2006
Problem still there!
I have done exactly as mentioned by you and the error message still says the transcation manager is disabled. I am using windows xp professional sp 2.
I have also turn my firewall off and exclud the msdtc.exe.
My application is running .net 1.1 with com+ iis authentication set to windows integrated. IE is set to prompt for password and uid. Domain userid is entered when running the pages.
Any idea??!!!Anonymous
March 16, 2006
To: Viv
Where do you see this error message? If you do a "net stop msdtc" and then a "net start msdtc" do you any entry created in Event Viewer (Application and System)? I also recommend posting your issue at our transactions forum at http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=388&SiteID=1 for a faster response. Thanks.Anonymous
April 14, 2006
//This content applies to windows 2003,sp1 and windows xp,sp2 machines
Microsoft introduced MSDTC security...Anonymous
April 17, 2006
thanks! 2 days googling around without any result and the only problem was Windows Firewall. Frustrating, but you helped a lot.Anonymous
June 26, 2006
I have an environment with BizTalk 2004 and the MQSeries Adapter which I’m upgrading to BizTalk 2006....Anonymous
July 12, 2006
This information is very good. I have used it to resolve cloned server issue (windows 2003 servers). Right now I am facing an issue with windows XP SP2 machine calling a database server (windows 2003 server). The error is the usual "New transaction cannot enlist in specified transaction coordinator" and "Error 8004d00a. Distributed Transaction error"I have tried diagnozing with DTCPing.exe as suggested; I am getting the following error with DTCPing;The error is:Problem:fail to invoke remote RPC methodError(0x5) at dtcping.cpp @303-->RPC pinging exception-->5(Access is denied.)RPC test failedThe error I am getting is when windows 2003 server tries the DTCPing to communicate with XP SP2 machine; although the communication from XP SP2 to windows 2003 server is successful.I have tried the solutions suggested,1) The correct security configuration for MSDTC on both machines(No Authentication Rquired)2) Adding MSDTC.exe as an exception in the windows firewall3) RestrictRemoteClients key: this key is not present in my registry although I am running windows XP service pack2 machine.Can you help me with this error?Anonymous
July 13, 2006
How to solve the following problem on WIndows 2000 Professional My program uses DTC, when a stored procedure is executed, i get the following error"New transaction cannot enlist in the Specified transaction coordinator"Anonymous
August 03, 2006
The comment has been removedAnonymous
September 09, 2006
i have a client & com+ application installed on a XP SP2, but i can't get the Transaction To Work - i use Oracle 9i Client. I've Done Everything: Allowed everything in the MSDTC Security,Added the oracle Dll to the HKLM...XADLL,Allowed The msdtc.exe in the firewallGave the Network service user permissions on the Oracle Client Directory,and still transactions Won't Work - Any Suggestions ?Anonymous
November 15, 2006
Problem Description After upgrading an application server or database server to Windows 2003 SP1, theAnonymous
February 09, 2007
The Windows Server 2003 Service Pack 1 Release Candidate is available for download at http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspxAnonymous
February 10, 2007
In order to allow Windows XP SP2 or Windows Server 2003 SP1 to talk to a remote MSDTC located in a cluster,Anonymous
February 27, 2007
The comment has been removedAnonymous
February 28, 2007
I recommend posting your issues at http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=388&SiteID=1Anonymous
September 18, 2007
PingBack from http://dev1.wordpress.com/2007/09/19/transaction-scope/Anonymous
February 18, 2008
I have an environment with BizTalk 2004 and the MQSeries Adapter which I’m upgrading to BizTalk 2006.Anonymous
July 17, 2008
PingBack from http://th3nu11.wordpress.com/2008/07/17/msdtc/Anonymous
May 28, 2009
PingBack from http://paidsurveyshub.info/story.php?title=florin-lazar-consistency-checkpoint-xp-sp2-and-transactionsAnonymous
June 19, 2009
PingBack from http://debtsolutionsnow.info/story.php?id=13227