4.3 Timeouts, limits and other settings

4.3.1 Component transaction timeout

SIU reference: SIU-082.

As some operations (for example, PACS operations, Entrust templates, and so on) may take a significant amount of time to complete, you may want to increase the COM+ transaction timeout on the MyID application server.

To increase the transaction timeout:

1. Start the Windows Component Services.
2. Expand Component Services and Computers.
3. Right-click on My Computer, and click Properties.
4. Click the Options tab.

5. In the Transaction Timeout box, type a number of seconds for the timeout value.

   For example, set the transaction timeout to 180.

6. Click OK.

4.3.2 MSDTC security configuration

SIU references: SIU-083, SIU-084, SIU-218.

If your system is split across more than one server you must set up your MSDTC security on the web server, application server and the database server to allow access. If you experience an error similar to the following, you may have to check either your MSDTC or Windows Firewall configuration:

Unable to perform the requested operation
Set up your MSDTC settings on the application and database tiers.

To set up the MSDTC security:

1. Within Component Services, expand Component Services and Computers.
2. Right-click on My Computer, and click Properties.
3. Click the MSDTC tab.
4. Make sure that Use local coordinator is selected.
5. Click OK.
6. Expand My Computer > Distributed Transaction Coordinator.
7. Right-click Local DTC and select Properties.

8. Click the Security tab.

   

9. To ensure that MyID works correctly, set the following options:

   • Network DTC Access.
   • Allow Remote Clients.
   • Allow Inbound.
   • Allow Outbound.
   • Mutual Authentication Required.

   Note: If you are using SQL Server authentication (SQL Azure environments only), select No Authentication Required instead.

   You specify whether to use SQL Server authentication or Windows authentication when installing MyID.

10. Click OK.

Note: You may experience an error similar to the following when using mutual authentication:

Unable to perform the requested operation

For a workaround, see the Microsoft Knowledge Base article KB2172085.

4.3.3 Windows Firewall settings

SIU references: SIU-085, SIU-086, SIU-260.

The Distributed Transaction Coordinator must be allowed access through the firewall on the web server, application server and database server.

To allow access through the firewall:

1. From the Control Panel, open the Windows Firewall.
2. Select Allow an app or feature through Windows Firewall.
3. Make sure the entry for Distributed Transaction Coordinator is selected for Domain networks.
4. Click OK to return to the main screen.
5. Click the Turn Windows Firewall on or off option.
6. Make sure the Block all incoming connections, including those in the list of allowed apps option is not selected.
7. Click OK.

4.3.4 ISA Server connection limit

If you are using Microsoft Internet Security and Acceleration Server (ISA Server), you may experience issues if the connection limit for ISA Server is set too low. The problem may appear with the following symptoms:

• Users lose connection to the MyID server.

• System Event log contains messages similar to:

  Violation of PRIMARY KEY constraint 'PK_Logons'. Cannot insert duplicate key in object 'dbo.Logons'.

• The HTTPErr.log in the Windows System32\logfiles\HttpErr folder contains client connections from a limited set of addresses with the comment Timer_ConnectionIdle.
• HTTP 500 error messages appearing to clients.

You are recommended to increase the connection limit for the MyID web server.

For example, to set the limit in ISA Server 2004:

1. In the ISA Server Management utility, open the connection limits screen:

   • For ISA Server 2004 Enterprise Edition:

     Expand Microsoft Internet Security and Acceleration Server 2004 > Arrays > Array_Name > Configuration, then click General.

   • For ISA Server 2004 Standard edition:

     Expand Internet Security and Acceleration Server 2004 > Server_Name > Configuration, then click General.

2. In the details pane, click Define Connection Limits.
3. In the Custom connection limit box, type a large number; for example, 1000000.
4. Click the Add button to add the IP address of the MyID web server to the Apply the custom limit to these IP addresses list.
5. Click OK.

For information on setting the connection limit in other versions of ISA Server or Forefront Threat Management Gateway, see your Microsoft documentation.

4.3.5 Post-installation IIS server caching

After you have installed MyID, you must set up your IIS server caching. See section 9.2, IIS server caching for details.

4.3.6 ADO and MSADC requirements on the application server

SIU references: SIU-246, SIU-247.

The MyID application server requires ADO and MSADC to be operational to allow database connectivity. Make sure you do not remove or disable these components on your application server.

4.3.7 Shutting down COM+ components

If you attempt to shut down COM+ components manually, you may experience problems, with a message similar to:

An error occurred while processing the last operation.
Error code 80004002 - No such interface supported.

To prevent this from occurring, you can disable the related Windows User Profile Service feature.

1. On the MyID application server, open the Group Policy editor (gpedit.msc).
2. Open Local Computer Policy > Computer Configuration > Administrative Templates > System > User Profiles.
3. Set the Do not forcefully unload the user registry at user logoff option to Enabled.

For more information about this option, see the Microsoft documentation.