Sign in
LCSKid
LCS and OCS Product Information
Options
Blog Home
About
Email Blog Author
Share this
RSS for posts
Atom
RSS for comments
Search Blogs
Tags
Archiving
Coexistence/Migration
Communicator
COMO - Communicator Mobile Client
CWA Communicator Web Access
Devices
General IM
Group Chat
LCS
lync 2010
Lync for Mac
Lync Server 2010
Mac Messenger
Monitoring
OC - Office Communicator 2.0
OCS 2007
OCS 2007 R2
Off Topic
PBX
PIC
PowerShell
Telephony
Tools
VoIP
Windows Messenger with LCS
Archive
Archives
April 2013
(1)
February 2013
(1)
January 2013
(2)
October 2012
(1)
September 2012
(1)
August 2012
(1)
June 2012
(2)
April 2012
(1)
March 2012
(1)
February 2012
(1)
January 2012
(2)
December 2011
(4)
November 2011
(2)
October 2011
(5)
September 2011
(1)
August 2011
(1)
July 2011
(3)
June 2011
(3)
April 2011
(3)
March 2011
(3)
February 2011
(6)
January 2011
(2)
December 2010
(3)
November 2010
(5)
October 2010
(3)
September 2010
(5)
August 2010
(2)
July 2010
(1)
June 2010
(4)
May 2010
(5)
April 2010
(3)
March 2010
(4)
January 2010
(1)
December 2009
(2)
November 2009
(4)
October 2009
(6)
September 2009
(5)
August 2009
(2)
July 2009
(4)
June 2009
(3)
May 2009
(5)
April 2009
(3)
March 2009
(5)
February 2009
(4)
January 2009
(4)
December 2008
(6)
November 2008
(1)
October 2008
(2)
September 2008
(2)
August 2008
(6)
July 2008
(2)
June 2008
(3)
May 2008
(2)
March 2008
(3)
February 2008
(1)
January 2008
(4)
November 2007
(6)
October 2007
(4)
September 2007
(4)
August 2007
(1)
July 2007
(7)
June 2007
(4)
May 2007
(1)
April 2007
(7)
March 2007
(5)
February 2007
(5)
January 2007
(5)
December 2006
(4)
November 2006
(1)
October 2006
(2)
September 2006
(2)
August 2006
(5)
July 2006
(3)
June 2006
(2)
May 2006
(1)
April 2006
(4)
March 2006
(2)
February 2006
(2)
January 2006
(2)
December 2005
(7)
October 2005
(2)
September 2005
(1)
August 2005
(1)
July 2005
(3)
May 2005
(4)
April 2005
(2)
March 2005
(2)
February 2005
(1)
December 2004
(5)
November 2004
(6)
LCS 2003 & Windows Messenger 5 Connectivity
TechNet Blogs
>
LCSKid
>
LCS 2003 & Windows Messenger 5 Connectivity
LCS 2003 & Windows Messenger 5 Connectivity
Tom Laciano
30 Nov 2004 3:27 PM
Comments
1
LCS 2003 & Windows Messenger 5 Connectivity
Overall the behavior below is applicable for LCS 2005 but given the new feature of Pools there may be some slight/subtle difference, so for now this is about 2003 and I will edit at a later time with 2005 applicable changes (if any).
When establishing connectivity for Windows Messenger 5 (WM5) to LCS for the first time, the following items need to be checked.
1) The user has been enabled, given a SIP-URI and homed on a server.
2) The user sip-uri (e.g. -
toml@microsoft.com
)
3) The domain in the sip-uri (e.g. -microsoft.com) is listed in LCS. For 2003 you would look on the domain tab under Users Services Global Settings For 2005 you would look at the properties of the Forest
NOTE: Please keep in mind that the domain used for LCS and WM5 does not need to match your Active Directory or DNS namespace. I like to use the example of
toml@fuzzybunny.local
. It is just an attribute that has to be set and the environment supports. While it does not have to match the DNS namespace, users of Autoconfiguration (discussed below) will have some further considerations.
4) The LCS server is configured to accept connections on TCP and/or TLS.
5) WM5 users in the domain can provide credentials using NTLM: DOMAIN\Toml or Kerberos:
toml@domain.com
. Again note that this does not have to match my sip-uri. NOTE: For WM5 clients in a workgroup, if the LCS server is configured for both Kerberos and NTLM when the client connects the server will present both options. If the WM5 client is passing the Kerberos style credentials we will attempt to logon using Kerberos as it is more secure but fail as we are in a workgroup. If we try Kerberos and fail we will not try NTLM as we won't try a less secure method. The solution, in this configuration, is to alter the logon credentials to use the NTLM style.
WM5 using TCP
1) Configure the client under Tools, Options, Accounts, Advanced to use TCP as a protocol and use the IP address of the LCS server. This eliminates name resolution problems and also validates connectivity without the overhead of TLS and certificates. If this fails to connect you need to double check all the items above.
Next you will want to change the settings to use the FQDN of the LCS server to test name resolution. If any of this fails, you can enable client side logging by changing the registry keys in the following location.
[HKEY_CURRENT_USER\Software\Microsoft\Tracing\RTCDLL]
"EnableFileTracing"=dword:1
"FileDirectory"= C:You have to EXIT the WM5 client, and when you restart a file with the name RTCDLL*.log
WM5 using TLS
1) The LCS server needs to have requested a certificate for the FQDN of the machine and also the trusted root authority. See my other posting about LCS 2003 and Certificates.
http://tomllcskid.blogspot.com/2004/10/lcs-2003-certificates.html
2) LCS needs to be configured for TLS with the above certificate. Any errors here, refer to the url in step 1.
3) You have to have the trusted root authority certificate on the client
4) You have to configure WM5 for TLS and the name must be the same as the name on the certificate used by the LCS server. While there are situations in which it would not be the actual FQDN those are typically one-off situations and if you are doing that you probably don't need much of this info
If the client connection fails you want to refer to the above client side logging information. I also recommend to customers trying to use the IP address with TLS as this will almost always help give a certificate error which can help prove a connection is being established.
WM5 using Autoconfiguration
Autoconfiguration is where DNS and your sip-uri start to matter, so pay attention
WM5 using Autoconfiguration will make the following DNS queries when trying to connect and sign-in. We will use the example of
toml@microsoft.com
_sip._tcp.microsoft.com
_sip._tls.microsoft.com
sip.microsoft.com
Notice that the above queries are based on the domain portion of my sip-uri. So for customers that do use a sip-uri that does not match their DNS namespace just have to make sure that they can make an authoritative zone for the namespace. For my wacky example
toml@fuzzybunny.local
you or your ISP would now need to configure a zone for this. Keep in mind that you only need to create a service record and that the HOST record it refers to could be in another domain (_sip._tls.fuzzybunny.local could refer to HOST lcsserver1.microsoft.com)
For customers who have the WM5 client configured for High Security Mode you will need one other registry key change, or change Group Policy (rtclient.adm is on product CD and called Allow Additional DNS Names)
1. Start, Run, Regedit, navigate to HKLM\Software\Policies\Microsoft
2. Under Microsoft create the following key: Messenger
3. Under the new Messenger key create the following key: Client
4. Under the new Client key create the following key: {83D4679F-B6D7-11D2-BF36-00C04FB90A03}
NOTE: that the {} are required in the key with the GUID (Globally Unique Identifier).
5. Under the new GUID key above create the following key: _Default
6. Create a new DWORD value: DisableStrictDNSNaming Set the value data to 1
7. Sign out and exit Windows Messenger
The reason for this key is that in High Security Mode the client is expecting to recieve a certificate for SIP.DOMAIN.COM which you likely did not name the server and get a certificate for. Enabling the group policy or registry value sets the client to ignore the Host name, in fact it will also ignore child domains - bogus.sales.domain.com would be accepted as it was a certificate for domain.com
Hope this helps.
Toml LCS kid
1 Comments
LCS
,
Windows Messenger with LCS
Comments