Export (0) Print
Expand All
0 out of 2 rated this helpful - Rate this topic

Disabling TIP, LU and XA Transactions

Windows XP and Windows Server 2003 include security changes related to the use of Transaction Internet Protocol (TIP) and XA transactions.

TIP Transactions

Before the release of Windows XP, Windows Server 2003, and subsequent versions the TIP service, by default, listened on a fixed port, which made the DTC vulnerable to attack on that port, introducing an unwanted security risk. In Windows XP, Windows Server 2003, and subsequent versions the TIP service is turned off by default, helping reduce the risk of attack on the TIP port.

ms681242.note(en-us,VS.85).gifNote
If you have enabled TIP transactions and want to disable them, first check to ensure that no transactions are currently in progress. Disabling TIP transactions prevents the DTC from communicating the status of in-doubt transactions. To avoid this outcome, you must either manually abort the transaction, using the DTC user interface, or briefly enable distributed transactions to perform automatic recovery.

XA Transactions

In Windows XP , Windows Server 2003, and subsequent versions you can disable XA transactions to help prevent the security risk that arises when a user-specified DLL, used by the DTC to communicate with the XA partner's transaction manager, is loaded directly into the DTC process. This situation exposes a resource manager's databases to serious data corruption and can cause Denial of Service (DOS) attacks. The disabling of XA transactions helps to protect the DTC from this DLL attack.

ms681242.note(en-us,VS.85).gifNote
If you have XA transactions enabled and want to disable them, first check to ensure that no transactions are currently in progress. The disabling of XA transactions prevents the DTC from communicating the status of in-doubt transactions. To avoid this outcome, you must either manually abort the transaction, using the DTC user interface, or briefly enable distributed transactions to perform automatic recovery.

XA transactions are disabled by default on domain controllers.

LU Transactions

In the Windows°7 operating system, you can now disable or enable SNA LU 6.2 Transactions. Enabling LU transactions determines whether the transaction object can participate in LU network transactions. You can enable LU transactions by using the Component Services MMC snap-in. To do so on your local machine:

  1. Open the Component Services MMC snap-in. You can find the snap-in in the Control Panel, under Administrative Tools, which is located under System and Security.

  2. Under Console Root, expand Computers, then My Computer, and then the Distributed Transaction Coordinator folder.

  3. Right-click Local DTC and click Properties to display the Local DTC Properties.

  4. On the Security tab, click Enable SNA LU 6.2 Transactions, and then click OK.

ms681242.note(en-us,VS.85).gifNote
Do not enable LU transactions unless you have determined that the current configuration allows LU network transactions.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.