Microsoft KB Archive/257410

= FILE: MSDTC Update for New French Encryption Laws =

Article ID: 257410

Article Last Modified on 8/5/2004

-

APPLIES TO


 * Microsoft Transaction Services 2.0
 * Microsoft COM+ 1.0

-



This article was previously published under Q257410



SUMMARY
Due to a French law that restricted the strength of encryption, Microsoft Distributed Transaction Coordinator (MSDTC) in Windows NT sold for use in France used a 40-bit encryption key when it stored information related to XA transaction recovery in its log file. However, due to recent changes in French laws, Windows NT and thus MSDTC can now use strong (56-bit) encryption. MSDTC uses XA transactions if your Microsoft Transaction Server/COM+ application updates an Oracle, IBM, Informix, Ingres, or Sybase database.

This article provides a tool that you can use on an installation of Windows NT 4.0 or Windows 2000 with the locale set to "French standard" to upgrade MSDTC to use 56-bit encryption when it stores information related to XA transaction recovery to its log file. You can run this tool on U.S. or French versions of Windows NT 4.0 or Windows 2000.



MORE INFORMATION
The following files are available for download from the Microsoft Download Center:

DTCEncrypti.exe (English Intel)

DTCEncrypta.exe (English Alpha)

fr_DTCEncrypti.exe (French Intel)

fr_DTCEncrypta.exe (French Alpha)

Release Date: May 10, 2000

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Before You Run this Tool
If you use Microsoft Transaction Server on Windows NT or Windows 2000 and your Microsoft Transaction Server/COM+ application updates an Oracle, IBM, Informix, Ingres, or Sybase database under distributed transaction control, then you must ensure that no XA transactions are in-doubt and require recovery. You can verify this as follows:
 * 1) On Windows NT 4.0, start the Microsoft Transaction Explorer. On Windows 2000, start the Component Services Explorer. Use the Transaction List screen to ensure that there are no in-doubt transactions on your system that affect your Oracle, IBM DB2, Informix, Ingres, or Sybase database.
 * 2) Use your Oracle, IBM DB2, Informix, CA Ingres, or Sybase database administration tools to ensure that there are no in-doubt database transactions that originated with Microsoft Transaction Server.
 * 3) If in-doubt transactions exist, start MSDTC and your database to allow automatic transaction recovery to take place. If in-doubt transactions remain, use your Oracle, IBM DB2, Informix, CA Ingres, or Sybase database administration tools to resolve them.
 * 4) After you have made sure that all in-doubt transactions have been resolved, stop the MSDTC service.

How to Run this Tool on a Non-Clustered System

 * 1) Invoke the appropriate version of the Fencrypt tool from the command prompt (with no arguments). The tool displays some information and prompts you to make sure that there are no in-doubt transactions, that the MSDTC service has been stopped, and so forth.
 * 2) Press  to proceed. The tool automatically updates the encryption key to a strong key and indicates if the tool ran successfully or not.
 * 3) If the tool didn't run successfully, please refer to %winnt%\Dtcinstall.log for details and contact Microsoft Product Services Support.
 * 4) If the tool ran successfully, you can restart MSDTC.

How to Run this Tool on a Clustered System

 * 1) Make sure that there are no in-doubt transactions and that the MSDTC resource is offline.

MSDTC stores encryption information in every node of the cluster, so this tool must be run on all nodes of the cluster. Run the tool serially on each node (don't run the tool in parallel on all of the nodes).
 * 1) If you use Windows NT 4.0, make sure that you have version 1998.8.762.0 or later of MSDTC. Also make sure you have run Msdtc.exe with "-mts2sp1fix" as the command-line option. This is necessary to ensure that the MSDTC XA functionality is working correctly on a cluster. (You can perform this step even if you have may have already run Msdtc.exe.)
 * 2) Invoke the Fencrypt tool from the command prompt (do not use any arguments). The tool prompts you to ensure there are no in-doubt transactions, that the MSDTC service has been stopped, and so forth.
 * 3) Press  to proceed.
 * 4) The tool automatically updates the encryption key to a strong key and indicates if the tool ran successfully or not.
 * 5) If the tool didn't run successfully, refer to %winnt%\Dtcinstall.log for details and contact Microsoft Product Services Support.
 * 6) If the tool indicates that it ran successfully, continue to the next node in the cluster.
 * 7) If the tool ran successfully on all nodes in the cluster, you can restart the MSDTC resource.

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Additional query words: DTCEncrypti DTCEncrypta fr_DCTEncrypta fr_DCTEncrypti

Keywords: kbdownload kbfile KB257410

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.