The first question often asked when exposing OCS functionality to the Internet is “what ports do I need to open on my firewall?”.
The answer depends on which Edge functionality (and the associated Edge Role), being exposed to the Internet. Below is a concise recap of the default Ports that need to be opened to expose specific OCS functionality to external users (on the Internet).
|
Edge Role |
Functionality |
External F/W Port |
Internal F/W Port |
Protocol |
|
Reverse Proxy |
Address Book, File Download, etc… |
443 |
443 |
HTTP(S) |
|
Access |
Remote IM and Presence, Federation, Public IM |
443, 5061 |
5061 |
SIP/MTLS |
|
Web Conferencing |
External Web Conf Participation |
443 |
8057 |
PSOM/MTLS |
|
Audio/Video Conferencing |
External A/V Conf Participation |
443, 3478, 50,000-59,999 |
443, 5062, 3478 |
PSOM/TLS/STUN /TCP/UDP |
Step 2.3 in the Office Communications Server 2007 Edge Server Deployment Guide as more details.
If you are deploying the Communicator Web Access 2007 R2 role and want remote Desktop Sharing, port 49152 through 65535 must also be open (http://blog.insideocs.com/2009/11/10/communicator-web-access-top-10/).
Twitter
LinkedIn
Thanks for the reminder; I meant to post the results of looking into that.
After a long drawn-out investigation
, the problem turned out to be anti-virus software – specifically the Kaspersky Anti-Virus suite. The “Web Protection” feature was blocking the desktop sharing, but surprisingly no other OCS features. Adding “Communicator.exe” to the “Trusted Applications” in Kaspersky anti-virus fixed the issue. Also, surprisingly, just disabling Kaspersky did not seem to work (I don’t understand why).
I have the same problem as Thomas_K. Desktop Sharing within OC does not work for an authenticated internal user from his home office. Audio is working…
Any results from the Thomas_K’s environment?
Hi Thomas,
I’ll will try to help (Pro bono) – which involves many questions about your environment, etc.., so I’ll start a dialog with you over email. Any interesting results can be posted back here.
Also, you can take a look at the Microsoft “Office Communications Server and Client Troubleshooting and Support” page (http://technet.microsoft.com/en-us/office/ocs/dd450353.aspx) which includes contact information for Microsoft if you have ruled out basic configuration and environmental factors.
The user is a internal user connected via Internet to the Edge-Server. How should we proceed to get rid of the problem, any tipps? (or maybe we can hire you as consultant on a per hour basis?)
Thanks in advance,
Thomas
Its strange, on the remote client the Remote Desktop connects tries to establish and then just closes, without an error message. On the corporate side, it just says the the connection cannot be established. And one strange event log error message on the corporate client side:
A SIP request made by Communicator failed in an unexpected manner (status code 80ef01e0). More information is contained in the following technical data:
RequestUri: sip:xy@domain.xy
From: sip:abc@domain.xy;tag=b4e60882bb
To: sip:xy@domain.xy;tag=EF737F2074A2BC01A3E8CD2711672E73
Call-ID: a9d04e41440b4b7fab17e63113929f98
Content-type: application/sdp;call-type=im
v=0
o=- 0 0 IN IP4 192.168.1.1
s=session
c=IN IP4 192.168.1.1
t=0 0
m=message 5060 sip null
a=accept-types:text/plain multipart/alternative image/gif text/rtf text/html application/x-ms-ink application/ms-imdn+xml text/x-msmsgsinvite
Response Data:
480 Temporarily Unavailable
ms-diagnostics: 2;reason=”See response code and reason phrase”;source=”SERVER01.domain.local”;AppUri=”http://www.microsoft.com/LCS/DefaultRouting”
Desktop Sharing uses the same communication path as the Edge A/V functionality (it uses the Remote Desktop Protocol (RDP) over SRTP), so if this is working there should be no additional ports to open for Desktop Sharing using Communicator. Also, if an external A/V session is working with the same external client, that eliminates a lot of potential firewall and certificate issues.
Is the client (external) a authenticated internal user running externally? (e.g. not a PIC recipient) What error are they getting when they attempt to establish a desktop sharing session?
Hi,
do you know which ports are required for Desktop sharing via Communicator?
We have a client, which is able to do Video/Audio from the internet via edge to internal clients but no Desktop sharing?
Thanks in advance
No, unfortunately I have never worked with Checkpoint NGX.
HI
Looking at the firewall requirmetns have you any experince of implementing this on checkpoint ngx.
[...] Rick Varvel: http://blogs.technet.com/rickva/archive/2009/04/03/Configuring-A_2F00_V-Edge-Service-for-NAT.aspx Mino – The UC Guy: http://theucguy.wordpress.com/2009/03/04/the-ocs-2007-r2-edge-and-nat/ Elan Shudnow – Audio/Media Negotiation: http://msunified.net/2009/08/30/office-communications-server-2007-r2-audiomedia-negotiation/ Inside OCS – Ports required for OCS 2007 R2 EDGE: http://blog.insideocs.com/2008/08/20/what-ports-do-i-need-to-open-on-my-firewall/ [...]