Disabling Native Distributed Transactions

Applies To: Windows Server 2008

In Windows XP and Windows Server 2003, an administrator can disable native distributed transactions on domain controllers. (The term "native" refers to the use of the proprietary remote procedure call (RPC) protocol.) The disabling of native distributed transactions helps protect Microsoft Distributed Transaction Coordinator (MS DTC) from attacks over the network. You can turn off native distributed transactions during setup.

When native transactions are disabled, local transactions—for example, transactions that are performed by users, such as Message Queuing and COM+—are still allowed. However, any attempt to import a transaction or export a transaction to another node fails.

Note

Before you disable distributed transactions, check to ensure that no transactions are currently in progress. Disabling distributed transactions prevents the DTC from communicating the status of in-doubt transactions.

When you want to enable distributed transactions, you have two options, as follows:

• If every node within the domain is a trusted node, you can enable distributed transactions.

• If there are nodes within the domain that are not trusted, you can set up a firewall around the trusted nodes and enable distributed transactions for those nodes only.

When native transactions are disabled, a different protocol, Transaction Internet Protocol (TIP), is still available for distributed transactions. When native transactions are disabled on two nodes and TIP is enabled, distributed transactions can still be performed between the two nodes.