Udostępnij za pośrednictwem


XP SP2 and Transactions

The preview (RC2) of Windows XP Service Pack 2 is available for download at https://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx

The general info about it can be found at https://msdn.microsoft.com/security/productinfo/XPSP2/default.aspx and https://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx More info about the changes in MSDTC is also available at https://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2otech.mspx#EBAA and https://support.microsoft.com/?id=899191

In this post I will cover what changes are introduced in this SP for distributed transactions, what is the impact on your applications and how can you re-enable your scenarios.

When you install XP SP2, all network MSDTC transactions will be disabled, even if network transactions had been previously enabled. This means that if you are using COM+ or Enterprise Services (or simple OleTx clients and resource managers) to flow transactions from or into the box, you will need to follow the steps defined below to re-enable your scenarios.

The first step is to enable network transactions in the Security Configuration dialog for MSDTC. To do this, open Control Panel\Administrative Tools\Component Services. Then select Component Services\Computer\My Computer, right-click and choose Properties. On the MSDTC tab, press "Security Configuration..." button and then select what you need. You will notice that the old checkbox “Network Transactions” has been replaced with a new group of settings named “Transaction Manager Communication”. This group contains two new checkboxes and 3 radio buttons, defined below.

Allow Inbound” when enabled will allow a remote computer to flow transactions to the local computer; this is typically needed on the box hosting the MSDTC for a resource manager like Microsoft SQL Server. When enabled, “Allow Outbound” will allow the local computer to flow transactions to a remote computer; this is typically needed on the “client” box, where the transaction is initiated.

When “Mutual Authentication Required” is selected, the local MSDTC (proxy or service) will communicate with a remote MSDTC service using only encrypted messages and mutual authentication (Windows Domain authentication). If a secure communication cannot be established with the remote system, the communication will be denied. “Incoming Caller Authentication Required” means that if mutual authentication cannot be established, but the incoming caller can be authenticated, then the communication will be allowed. Currently only Windows 2003 Server and XP SP2 support the first two options. “No Authentication Required” means that the MSDTC communication on the network can fallback to a non authenticated and non encrypted communication if the attempts to start a secure communication will fail. The “no authentication required” option is for compat communications with previous OSes (W2K, XP RTM and XP SP1); this setting needs also to be used when the computers involved are located in two untrusted Windows domains or in a Windows workgroup. If your XP SP2 box is talking to a Windows 2003 system that has disabled it’s RPC security for MSDTC (using TurnOffRpcSecurity registry key - see https://blogs.msdn.com/florinlazar/archive/2004/03/02/82916.aspx for more info), then you will need to use this third option on the XP SP2 box to enable network transactions between the two systems.

The second step in enabling network transactions is related to the firewall. By default, after installing XP SP2, the Windows Firewall will be on. To enable network transactions through the firewall, you will need to add the msdtc.exe to the exception list of the firewall on all the machines involved in the transactions. You can do this using the UI in Control Panel\Windows Firewall or you can use this command: “netsh firewall set allowedprogram %windir%\system32\msdtc.exe MSDTC enable”.

Another configuration setting that you need to be aware (although I consider it to be an uncommon scenario) is RestrictRemoteClients registry key. If the value of this key is set to 2 (RPC_RESTRICT_REMOTE_CLIENT_HIGH) then MSDTC network transactions will not be able to work properly. MSDTC supports only RPC_RESTRICT_REMOTE_CLIENT_NONE (0) and RPC_RESTRICT_REMOTE_CLIENT_DEFAULT (1) values. See https://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#XSLTsection128121120120 for more info on RestrictRemoteClients.

I recommend and I encourage you to give a try to this release candidate for XP SP2 on your test systems and send your feedback to the XP SP2 preview newsgroups: https://communities.microsoft.com/newsgroups/default.asp?icp=xpsp2&slcid=us . Thanks!

 

[Updated Sep 20, 2004]

Comments

  • Anonymous
    June 17, 2004
    Florian Lazar on DTC Transactions and Windows XP SP2. I'll definitely need this more often than not....

  • Anonymous
    June 19, 2004
    Yeah, so I am restarting blogging with some updates on XP SP2 security. It seems Microsoft has made significant changes to how COM objects are accessed over the network in XP SP2. Official details are here. Also, check out Florin...

  • Anonymous
    June 24, 2004

    I read the docs on MSDN awhile ago and don't remember any mention of MSDTC. If this material isn't there, can you get this up there?

    KC

  • Anonymous
    June 24, 2004
    Ken,

    Are you referring to MSDTC documentation in general? If so, you can find it at http://msdn.microsoft.com/library/?url=/library/en-us/cossdk/htm/dtc_toplevel_6vjm.asp?frame=true

  • Anonymous
    June 25, 2004

    MSDN has a ton of material on XP SP2 changes for both admins and developers. The way they wrote it, their list was everything one needs to know about SP2. Your blog post is important information that (I think) is missing.

    I remember seeing the gory details about DCOM and RPC changes. I don't remember seeing anything about MSDTC changing.

    KC

  • Anonymous
    July 01, 2004
    Ken, the information from this post will be added to MSDN.

  • Anonymous
    July 12, 2004
    http://weblogs.asp.net/angelsb/archive/2004/07/12/180833.aspx

    Great information on setting up the operating system! Thanks

  • Anonymous
    April 14, 2005
    Que les puedo decir, el SP1 de Windows 2K3 tambien afecta a BizTalk de la misma forma que lo hace el...

  • Anonymous
    April 14, 2005
    Que les puedo decir, el SP1 de Windows 2K3 también afecta a BizTalk de la misma forma que lo hace el...

  • Anonymous
    April 26, 2005
    In order to allow Windows XP SP2 or Windows Server 2003 SP1 to talk to a remote MSDTC located in a cluster,...

  • Anonymous
    May 16, 2005
    RePost:
    http://www.yeyan.cn/Database/WindowsXPSP2Transactions.aspx

  • Anonymous
    May 17, 2005
    The comment has been removed

  • Anonymous
    June 23, 2005
    The comment has been removed

  • Anonymous
    July 08, 2005
    The comment has been removed

  • Anonymous
    July 12, 2005
    SOLUTION...[Microsoft][ODBC driver for Oracle]Failure in DTC: not able to validate open information.
    I added the key as I mentioned above and it works. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSDTCXALL]
    The error only happens when in the VB6 app the MTSTransactionMode is set to 2.

  • Anonymous
    August 04, 2005
    Thanks so much for this, our admin did an upgrade and I have been trying to track this issue down!

  • Anonymous
    September 16, 2005
    In today's world, security hardening is causing many headaches to software developers and admins. Especially...

  • Anonymous
    October 04, 2005
    Thanks a lot. Very good descriptions. It solved my MSDTC problems in Windows Server 2003.

  • Anonymous
    November 02, 2005
    Any other/or more ideas?This's not solved my problem, and I'm still receiving errors when opening site from Windows Xp SP2 ..such like session variables which return empty etc..I'm sure the site's ok, as tt's still running in a Windows 2000 OS.. thx

  • Anonymous
    November 02, 2005
    I Solved! IIS could not solve my address, I tried with IP Address and now everything it's ok!

  • Anonymous
    February 17, 2006
    The comment has been removed

  • Anonymous
    February 18, 2006
    To: ali
    What version of Windows 2003 are you running? Web Edition by chance?

  • Anonymous
    March 09, 2006
    Problem still there!

    I have done exactly as mentioned by you and the error message still says the transcation manager is disabled. I am using windows xp professional sp 2.
    I have also turn my firewall off and exclud the msdtc.exe.
    My application is running .net 1.1 with com+ iis authentication set to windows integrated. IE is set to prompt for password and uid. Domain userid is entered when running the pages.

    Any idea??!!!

  • Anonymous
    March 16, 2006
    To: Viv

    Where do you see this error message? If you do a "net stop msdtc" and then a "net start msdtc" do you any entry created in Event Viewer (Application and System)? I also recommend posting your issue at our transactions forum at http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=388&SiteID=1 for a faster response. Thanks.

  • Anonymous
    April 14, 2006
    //This content applies to windows 2003,sp1 and windows xp,sp2 machines
    Microsoft introduced MSDTC security...

  • Anonymous
    April 17, 2006
    thanks! 2 days googling around without any result and the only problem was Windows Firewall. Frustrating, but you helped a lot.

  • Anonymous
    June 26, 2006
    I have an environment with BizTalk 2004 and the MQSeries Adapter which I’m upgrading to BizTalk 2006....

  • Anonymous
    July 12, 2006
    This information is very good. I have used it to resolve cloned server issue (windows 2003 servers). Right now I am facing an issue with windows XP SP2 machine calling a database server (windows 2003 server). The error is the usual "New transaction cannot enlist in specified transaction coordinator" and "Error 8004d00a. Distributed Transaction error"I have tried diagnozing with DTCPing.exe as suggested; I am getting the following error with DTCPing;The error is:Problem:fail to invoke remote RPC methodError(0x5) at dtcping.cpp @303-->RPC pinging exception-->5(Access is denied.)RPC test failedThe error I am getting is when windows 2003 server tries the DTCPing to communicate with XP SP2 machine; although the communication from XP SP2 to windows 2003 server is successful.I have tried the solutions suggested,1) The correct security configuration for MSDTC on both machines(No Authentication Rquired)2) Adding MSDTC.exe as an exception in the windows firewall3) RestrictRemoteClients key: this key is not present in my registry although I am running windows XP service pack2 machine.Can you help me with this error?

  • Anonymous
    July 13, 2006
    How to solve the following problem on WIndows 2000 Professional My program uses DTC, when a stored procedure is executed, i get the following error"New transaction cannot enlist in the Specified transaction coordinator"

  • Anonymous
    August 03, 2006
    The comment has been removed

  • Anonymous
    September 09, 2006
    i have a client & com+ application installed on a XP SP2, but i can't get the Transaction To Work - i use Oracle 9i Client. I've Done Everything: Allowed everything in the MSDTC Security,Added the oracle Dll to the HKLM...XADLL,Allowed The msdtc.exe in the firewallGave the Network service user permissions on the Oracle Client Directory,and still transactions Won't Work - Any Suggestions ?

  • Anonymous
    November 15, 2006
    Problem Description After upgrading an application server or database server to Windows 2003 SP1, the

  • Anonymous
    February 09, 2007
    The Windows Server 2003 Service Pack 1 Release Candidate is available for download at http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx

  • Anonymous
    February 10, 2007
    In order to allow Windows XP SP2 or Windows Server 2003 SP1 to talk to a remote MSDTC located in a cluster,

  • Anonymous
    February 27, 2007
    The comment has been removed

  • Anonymous
    February 28, 2007
    I recommend posting your issues at http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=388&SiteID=1

  • Anonymous
    September 18, 2007
    PingBack from http://dev1.wordpress.com/2007/09/19/transaction-scope/

  • Anonymous
    February 18, 2008
    I have an environment with BizTalk 2004 and the MQSeries Adapter which I’m upgrading to BizTalk 2006.

  • Anonymous
    July 17, 2008
    PingBack from http://th3nu11.wordpress.com/2008/07/17/msdtc/

  • Anonymous
    May 28, 2009
    PingBack from http://paidsurveyshub.info/story.php?title=florin-lazar-consistency-checkpoint-xp-sp2-and-transactions

  • Anonymous
    June 19, 2009
    PingBack from http://debtsolutionsnow.info/story.php?id=13227