Disabling TIP, LU and XA Transactions

 

Updated: July 19, 2016

Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

Windows XP and Windows Server 2003 include security changes related to the use of Transaction Internet Protocol (TIP) and XA transactions.

Before the release of Windows XP, Windows Server 2003, and subsequent versions the TIP service, by default, listened on a fixed port, which made the DTC vulnerable to attack on that port, introducing an unwanted security risk. In Windows XP, Windows Server 2003, and subsequent versions the TIP service is turned off by default, helping reduce the risk of attack on the TIP port.

System_CAPS_ICON_note.jpg Note

If you have enabled TIP transactions and want to disable them, first check to ensure that no transactions are currently in progress. Disabling TIP transactions prevents the DTC from communicating the status of in-doubt transactions. To avoid this outcome, you must either manually abort the transaction, using the DTC user interface, or briefly enable distributed transactions to perform automatic recovery.

In Windows XP , Windows Server 2003, and subsequent versions you can disable XA transactions to help prevent the security risk that arises when a user-specified DLL, used by the DTC to communicate with the XA partner's transaction manager, is loaded directly into the DTC process. This situation exposes a resource manager's databases to serious data corruption and can cause Denial of Service (DOS) attacks. The disabling of XA transactions helps to protect the DTC from this DLL attack.

System_CAPS_ICON_note.jpg Note

If you have XA transactions enabled and want to disable them, first check to ensure that no transactions are currently in progress. The disabling of XA transactions prevents the DTC from communicating the status of in-doubt transactions. To avoid this outcome, you must either manually abort the transaction, using the DTC user interface, or briefly enable distributed transactions to perform automatic recovery.

XA transactions are disabled by default on domain controllers.

In the Windows°7 operating system, you can now disable or enable SNA LU 6.2 Transactions. Enabling LU transactions determines whether the transaction object can participate in LU network transactions. You can enable LU transactions by using the Component Services MMC snap-in. To do so on your local machine:

  1. Open the Component Services MMC snap-in. You can find the snap-in in the Control Panel, under Administrative Tools, which is located under System and Security.

  2. Under Console Root, expand Computers, then My Computer, and then the Distributed Transaction Coordinator folder.

  3. Right-click Local DTC and click Properties to display the Local DTC Properties.

  4. On the Security tab, click Enable SNA LU 6.2 Transactions, and then click OK.

System_CAPS_ICON_note.jpg Note

Do not enable LU transactions unless you have determined that the current configuration allows LU network transactions.

Disabling Native Distributed Transactions
Disabling Transaction Services for Network Clients
DTC Security Considerations
Managing the DTC Service Remotely
Managing Accounts and Privileges

Community Additions

ADD
Show: