Article ID: 817066 - View products that this article applies to.
Starting with Windows Server 2003, Microsoft Distributed Transaction Coordinator (MS DTC) requires that you create registry values for all XA DLLs that you plan to use. This requirement was added to Windows Server 2003 to help you to minimize the risks that are associated with using third-party XA DLLs in the MS DTC process. To retain the same functionality when you use XA transactions, you must add a registry value in the XADLL key for each XA DLL that you plan to use. This article describes these registry values.
For example, when you upgrade an existing system to Windows Server 2003, and the existing system uses MS DTC with third-party XA DLLs, support for XA transactions is disabled until you create these required registry values. Also, if you later install a third-party product that provides XA DLLs to support XA transactions, you must do one of the following:
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756A security risk occurs when MS DTC uses user-specified DLLs. These DLLs are loaded directly in the MS DTC process. MS DTC uses these DLLs to communicate with the Transaction Manager (TM) of the XA partner. This scenario can expose the Resource Manager (RM) databases to serious data corruption. This scenario can also permit denial-of-service attacks if a malicious or defective XADLL does not verify that the distributed transaction commits or aborts correctly. Also, if a malicious or defective XADLL contains code that is not security-enhanced, an attacker might exploit this weakness to cause a denial-of-service attack.
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
To help to prevent this security risk, Windows Server 2003 turns off all XA transactions when you upgrade to Windows Server 2003. By turning off XA transactions, Windows Server 2003 helps to protect MS DTC from denial-of-service attacks.
You may have to turn on support for XA transactions. To do this, follow these steps:
To do this, create a registry named-value under the following registry subkey:
In your registry named-value, Name can be the file name of the XA DLL (for example, dllname.dll), although you are not required to use this naming convention. Also in this named-value, Type is String (REG_SZ), and the value is the full path name (including the file name) of the DLL file.
You must create an entry for each XA DLL file that you plan to use. Also, if you are configuring MS DTC on a cluster, you must create these registry entries on each node in the cluster.
For more information about how to manage XA transactions, go to the following Microsoft website: For more information about XA transactions, go to the following Microsoft website: For more information about security and MS DTC, go to the following Microsoft website: For more information about Microsoft COM+ and MS DTC changes in Microsoft Windows Server 2003, go to the following Microsoft website:
Article ID: 817066 - Last Review: April 5, 2013 - Revision: 10.0