6.3 Timeouts, limits and other settings

6.3.1 Component transaction timeout

SIU reference: SIU-082.

As some operations (for example, PACS operations, Entrust templates, and so on) may take a significant amount of time to complete, you may want to increase the COM+ transaction timeout on the MyID application server.

Note: When you install MyID using the MyID Installation Assistant, these settings are checked on the Pre-Installation Check Results screen; if you need to change these settings, you can use the fix-it script provided on that screen. See section 2.16, Pre-installation check results for details.

To increase the transaction timeout:

1. Start the Windows Component Services.
2. Expand Component Services and Computers.
3. Right-click on My Computer, and click Properties.
4. Click the Options tab.

5. In the Transaction Timeout box, type a number of seconds for the timeout value.

   For example, set the transaction timeout to 180.

6. Click OK.

6.3.2 Windows Firewall settings

SIU references: SIU-085, SIU-086, SIU-260.

The Distributed Transaction Coordinator must be allowed access through the firewall on the web server, application server and database server.

Note: When you install MyID using the MyID Installation Assistant, these settings are checked on the Pre-Installation Check Results screen; see section 2.16, Pre-installation check results for details.

To allow access through the firewall:

1. From the Control Panel, open the Windows Firewall.
2. Select Allow an app or feature through Windows Firewall.
3. Make sure the entry for Distributed Transaction Coordinator is selected for Domain networks.
4. Click OK to return to the main screen.
5. Click the Turn Windows Firewall on or off option.
6. Make sure the Block all incoming connections, including those in the list of allowed apps option is not selected.
7. Click OK.

6.3.3 ISA Server connection limit

If you are using Microsoft Internet Security and Acceleration Server (ISA Server), you may experience issues if the connection limit for ISA Server is set too low. The problem may appear with the following symptoms:

• Users lose connection to the MyID server.

• System Event log contains messages similar to:

  Violation of PRIMARY KEY constraint 'PK_Logons'. Cannot insert duplicate key in object 'dbo.Logons'.

• The HTTPErr.log in the Windows System32\logfiles\HttpErr folder contains client connections from a limited set of addresses with the comment Timer_ConnectionIdle.
• HTTP 500 error messages appearing to clients.

You are recommended to increase the connection limit for the MyID web server.

For example, to set the limit in ISA Server 2004:

1. In the ISA Server Management utility, open the connection limits screen:

   • For ISA Server 2004 Enterprise Edition:

     Expand Microsoft Internet Security and Acceleration Server 2004 > Arrays > Array_Name > Configuration, then click General.

   • For ISA Server 2004 Standard edition:

     Expand Internet Security and Acceleration Server 2004 > Server_Name > Configuration, then click General.

2. In the details pane, click Define Connection Limits.
3. In the Custom connection limit box, type a large number; for example, 1000000.
4. Click the Add button to add the IP address of the MyID web server to the Apply the custom limit to these IP addresses list.
5. Click OK.

For information on setting the connection limit in other versions of ISA Server or Forefront Threat Management Gateway, see your Microsoft documentation.

6.3.4 Post-installation IIS server caching

After you have installed MyID, you must set up your IIS server caching. See section 11.1, IIS server caching for details.

6.3.5 Shutting down COM+ components

If you attempt to shut down COM+ components manually, you may experience problems, with a message similar to:

An error occurred while processing the last operation.
Error code 80004002 - No such interface supported.

To prevent this from occurring, you can disable the related Windows User Profile Service feature.

1. On the MyID application server, open the Group Policy editor (gpedit.msc).
2. Open Local Computer Policy > Computer Configuration > Administrative Templates > System > User Profiles.
3. Set the Do not forcefully unload the user registry at user logoff option to Enabled.

For more information about this option, see the Microsoft documentation.