Starting with Windows Server 2003, Microsoft Distributed Transaction Coordinator (MS DTC) requires that you create registry values for all XA DLLs that you plan to use. This requirement was added to Windows Server 2003 to help you to minimize the risks that are associated with using third-party XA DLLs in the MS DTC process. To retain the same functionality when you use XA transactions, you must add a registry value in the XADLL key for each XA DLL that you plan to use. This article describes these registry values.
For example, when you upgrade an existing system to Windows Server 2003, and the existing system uses MS DTC with third-party XA DLLs, support for XA transactions is disabled until you create these required registry values. Also, if you later install a third-party product that provides XA DLLs to support XA transactions, you must do one of the following:
- Create these registry values manually.
-or- - Verify that the third-party installer creates these registry values.
A security risk occurs when MS DTC uses user-specified DLLs. These DLLs are load…
A security risk occurs when MS DTC uses user-specified DLLs. These DLLs are loaded directly in the MS DTC process. MS DTC uses these DLLs to communicate with the Transaction Manager (TM) of the XA partner. This scenario can expose the Resource Manager (RM) databases to serious data corruption. This scenario can also permit denial-of-service attacks if a malicious or defective XADLL does not verify that the distributed transaction commits or aborts correctly. Also, if a malicious or defective XADLL contains code that is not security-enhanced, an attacker might exploit this weakness to cause a denial-of-service attack.
To help to prevent this security risk, Windows Server 2003 turns off all XA transactions when you upgrade to Windows Server 2003. By turning off XA transactions, Windows Server 2003 helps to protect MS DTC from denial-of-service attacks.
You may have to turn on support for XA transactions. To do this, follow these steps:
- Open Component Services.
- Expand the tree view to locate the computer where you want to turn on support for XA transactions (for example, My Computer).
- Right-click the computer name, and then click Properties.
- Click the MSDTC tab, and then click Security Configuration.
- Under Security Settings, click to select the check box for XA Transactions to turn on this support.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. Windows Server 2003 provides a registry entry for you to specify the XA DLLs that you will use. When you upgrade to Windows Server 2003, you can work with XA transactions in the same way that you worked with them in earlier versions of Microsoft Windows Server.
To do this, create a registry named-value under the following registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSDTCXADLL
In your registry named-value, Name is the file name of the XA DLL (in the format dllname.dll), Type is String (REG_SZ), and the value is the full path name (including the file name) of the DLL file.
You must create an entry for each XA DLL file that you plan to use. Also, if you are configuring MS DTC on a cluster, you must create these registry entries on each node in the cluster.
Reference: http://support.microsoft.com/kb/817066