Thursday, May 25, 2006

LCS, Audio/video, file transfers and firewalls

I was responding to a question on the ASP.NET forums and thought it would be a good contribution to msgoodies (Almost unedited so maybe I will update it some day to be more thorough ;-)

The question was

What happens when a LCS solution sits behind a firewall/nat?

The answer is -

It is possible to do file transfers and audio/video in a hosted or enterprise LCS environment, where LCS sits behinds a NAT/firewall but it all depends on your configuration of LCS and/or Office Communicator and/or your firewall.

For a start LCS is basically a SIP Server and SIP is of course Session Initiation Protocol. In SIP you use what we refer to as a triangle. User A will initally communicate with User B through the LCS server and SIP, but when a user decides to start a session with e.g. audio/video or file transfers, the server will help the client negotiate the right protocols etc. and when this is in place the clients will communicate directly with each other (Thereby creating the SIP triangle between both User A, User B talking with each other and both talking with the LCS server). So only SIP is passed through the server and the rest is usually done peer to peer.

So why is it not working for you? A lot of reasons for this might apply, which I try to explain in the following -

Office Communicator
Well for one you need to check or set the relevant Group Policies. You can do this by importing the Communicator.adm file in to the Administrative Templates in the Computer Configuration part of the GPO (Or by setting the relevant registry keys manually). The interesting parts here are SIP Security mode, where High Security mode will require encrypted SIP communication but still allow P2P filetransfers and audio/video, but it disables the use of uPnP, which sometimes is necessary if one of the parties involved in the communication is sitting behind e.g. a Wireless ADSL Router/Packet filtering firewall. The other interesting policy is obviously the policy called "Prevent File Transfer".

On the server side is enabled by default on the Access Proxy and it disables file transfers and URLs in IM's, so instead I would deploy the LCS Intelligent IM Filter which is more configurable in terms of allowing certain file types.
Furthermore if you implement e.g. Sybari Antivirus on the server all file transfers are forced to go through the server (Thereby needing to open the ports used for TFTP through the Service Providers firewall).

In the case of file transfers the protocol used is TFTP over TCP and it runs over port 6891-6900 (Allowing for 10 concurrent file transfers). For application sharing T.120 through Port 1503 is used and for audio/video a combination of RTP / RTCP is used. You can find more info in KB 903056 and in the article Windows Messenger in Windows XP (Note that Office Communicator uses the underlying technologies of Windows Messenger and thereby have the same restrictions).

The sum is that in a hosted or enterprise LCS scenario, all audio/video, file transfers and application sharing can work perfectly internally between desktops and mobile devices (Communicator Mobile) at the customer (Assuming they are not firewalling between internal network segments). But when a client needs to communicate with users outside their firewall, the same restrictions apply that apply for companies deploying their own LCS solution. NetMeeting is an old product and just doesn't handle traversing firewalls and NATs very well (even though some workarounds can be made) and this is probably why it is deprecated in Windows Vista (See RTC Client API's and Vista). The next version of LCS called Live Server and Office Communicator will supposedly handle this "in another way" but we will have to wait a couple of months until Microsoft will go public with more info in this product (Launching just after Office 2007).

Monday, May 22, 2006

How to delete a contact for several users in LCS / Office Communicator

A little follow-up to my earlier post on Populating Users in Office Communicator / LCS. If you want to delete a contact for all users (E.g. for a employee leaving the company) - you can remove the /contactsgroup parameter and instead use the /delete paramater e.g. -

cscript LCSAddContacts.wsf /usersfile:contacts.txt
/contactsfile:delete.txt /delete
(Wrapped for readability)

The syntax of the contacts.txt and delete.txt input file is -

Check my earlier post for further info.

Tuesday, May 02, 2006

What drink should I serve?

Well, simply look at the drink property in Active Directory. Yes, it really exists!

Came across it from this blog.

BTW: The answer is G&T if you are going to buy me one...