Disabling Native Distributed Transactions

 

Updated: July 19, 2016

Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

In Microsoft Windows XP, Windows Server 2003, and subsequent versions, an administrator can disable native distributed transactions on domain controllers. (The term native refers to the use of the proprietary RPC protocol.) The disabling of native distributed transactions helps protect the DTC from attacks over the network. Turning off native distributed transactions is performed during setup.

When native transactions are disabled, local transactions—for example, those performed by users such as Message Queuing and COM+—are still allowed. However, any attempt to import a transaction or export a transaction to another node fails.

System_CAPS_ICON_note.jpg Note

Before disabling distributed transactions, check to ensure that no transactions are currently in progress. Disabling distributed transactions prevents the DTC from communicating the status of in-doubt transactions.

When you want to enable distributed transactions, you essentially have two options available, as follows:

  • If every node within the domain is a trusted, you can enable distributed transactions.

  • If there are nodes within the domain that are not trusted, you can set up a firewall around the trusted nodes and enable distributed transactions for those nodes only.

When native transactions are disabled, a different protocol, Transaction Internet Protocol (TIP), is still available for distributed transactions. When native transactions are disabled on two nodes and TIP is enabled, distributed transactions can still be performed between the two nodes.

Disabling Transaction Services for Network Clients
Disabling TIP, LU and XA Transactions
DTC Security Considerations
Managing the DTC Service Remotely
Managing Accounts and Privileges

Community Additions

ADD
Show: