How to configure MS DTC Transaction Internet Protocol functionality after you install security update 902400

Article translations Article translations
Article ID: 908620 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft security bulletin MS05-051 describes some security-related changes to Transaction Internet Protocol (TIP) functionality in Microsoft Distributed Transaction Coordinator (MS DTC). Security bulletin MS05-051 describes security update 902400. When you install security update 902400 in Microsoft Windows 2000, you disable TIP functionality. By default, TIP is disabled on computers that are running Microsoft Windows XP or Microsoft Windows Server 2003.

On computers that are running Windows XP or Windows Server 2003, or on computers that have security update 902400 installed, you can enable TIP by configuring a registry entry.

Security update 902400 also contains new registry entries to configure TIP functionality. This article describes how to configure MS DTC TIP functionality after you install security update 902400.

IMPORTANT Before you modify the TIP-related registry settings that are described in this article, see security bulletin MS05-051 for information about the following issues:
  • Vulnerabilities that the security bulletin addresses.
  • Why TIP functionality is disabled by default.
  • Recommended potential mitigation factors.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
902400 MS05-051: Vulnerabilities in MS DTC and COM+ could allow remote code execution

MORE INFORMATION

How to enable TIP functionality after you install security update 902400

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then right-click the following registry subkey:
    HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC\Security
  3. Use the following information to set a value for the NetworkDtcAccessTip entry.

    Note If the registry entry does not exist, the TIP protocol is disabled.

    Name: NetworkDtcAccessTip
    Type: REG_DWORD
    Value:
    • 0 (default)
      The TIP protocol is disabled. MS DTC does not listen on port 3372.
    • A non-zero value
      The TIP protocol is enabled. MS DTC listens on port 3372.
    Notes
    • This registry entry already exists on computers that are running Windows XP or Windows Server 2003 and that do not have security update 902400 installed. If a value for this key already exists, security update 902400 leaves the current value unchanged.
    • In Windows XP and in Windows Server 2003, you must enable Network DTC Access to enable TIP support. For more information about how to enable or disable Network DTC Access and other related MS DTC configuration options, click the following article number to view the article in the Microsoft Knowledge Base:
      899191 New functionality in the Distributed Transaction Coordinator service in Windows Server 2003 Service Pack 1 and in Windows XP Service Pack 2
  4. Quit Registry Editor.
  5. Stop and then restart the MS DTC service. To do this, follow these steps:
    1. At a command prompt, type net stop msdtc, and then press ENTER.
    2. Type net start msdtc, and then press ENTER.

How to configure TIP

If security update 902400 is installed and if TIP is enabled, you can configure TIP by modifying the following registry entries. These entries are located under the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC

Note If the registry entry does not exist, the TIP protocol is disabled.
Collapse this tableExpand this table
Entry Type ValuesComments
DisableTipTmIdVerificationREG_DWORD0 (default). Verify that the TmID in a TIP IDENTIFY command matches the IP address from which the command was sent. If the TmID does not match, reject the message.

A non-zero value. Do not verify that the TmID in the TIP IDENTIFY command matches the IP address.
When TIP IDENTIFY commands are received, MS DTC verifies that the TmID in the command matches the IP address from which the command was sent.
DisableTipTmIdPortVerificationREG_DWORD0 (default). Verify that the TIP IDENTIFY command specifies port 3372. If the command does not specify port 3372, reject the message.

A non-zero value. Do not verify that the port that is specified in the TIP IDENTIFY command is 3372.
The TIP protocol uses 3372 in most scenarios. If you have a topology where other ports are used, you can enable that functionality by setting this value to a non-zero value.
DisableTipBeginCheck REG_DWORD0 (default). TIP BEGIN commands are always rejected.

A non-zero value. TIP BEGIN commands are enabled.
In most TIP scenarios, transaction managers do not use the BEGIN command in communications. For example, MS DTC does not use this command. If you use TIP only with MS DTC and if you set this value to 0, you do not disable any functionality.

In a TIP scenario where the BEGIN command must be used in a transaction manager communication, set this value to a non-zero value.
DisableTipPassThruCheckREG_DWORD 0 (default). This value disables a PULL command for a transaction that has not performed local work.

A non-zero value. This value enables PULL commands for transactions that have not performed local work.
In most TIP scenarios, the TIP protocol is used to coordinate between MS DTC and another transaction managers. Therefore, some local activity, such as local application involvement, voter enlistments, or resource manager enlistments, occurs. By default, or if this registry value is set to 0, MS DTC rejects PULL commands for transactions that have not performed any local work.

Note To enable modifications to these registry settings, stop and then restart the MS DTC service.

TIP is an Internet Engineering Task Force (IETF) standard. For more information about TIP, visit the following IETF Web site:
RFC 2371 Transaction Internet Protocol version 3.0

Properties

Article ID: 908620 - Last Review: December 3, 2007 - Revision: 1.6
APPLIES TO
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Small Business Server 2003 Premium Edition
  • Microsoft Windows Small Business Server 2003 Standard Edition
  • Microsoft Windows XP Media Center Edition 2005
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Service Pack 1, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows XP Tablet PC Edition 2005
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Small Business Server 2000 Standard Edition
Keywords: 
kbinfo KB908620

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com