Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 911786 - Last Review: November 7, 2007 - Revision: 2.2
You cannot sign in to a server that is running Communicator 2007, Live Communications Server 2005, or Live Communications Server 2003 through a Cisco PIX firewall
SYMPTOMS
Consider the following scenario. You
use a real-time communications (RTC) client to sign in to
one of the following programs:
- Microsoft Office Live Communications Server
2003
-
Microsoft Office Live Communications Server 2005
- Microsoft Office Communicator 2007
Additionally, the server that is running Live Communications Server or Communicator 2007 is using a Cisco PIX firewall. In this scenario, the sign-in process may fail. Additionally, you may receive the following error message:
You have been signed out of SIP Communications Service because
that service has been temporarily shutdown. Please try again
later
This error message may vary depending on the client
program that you are using.
Additionally, you may
experience intermittent presence issues. You may also experience issues when you try to send or to receive instant messaging (IM) messages.
CAUSE
Some versions of Cisco PIX firewalls and virtual private network (VPN) solutions have built-in program-inspection functions for the Session Initiation Protocol (SIP). However, the built-in program-inspection functions are not fully compatible with real-time communications (RTC) client 5.0 or with later versions of RTC client. RTC client includes Microsoft Windows Messenger 5.0, Microsoft Windows Messenger 5.1, and Microsoft Office Communicator 2005.
This problem occurs only if you are not using Transport Layer
Security (TLS) to help secure the communication between the client program
and the
server that is running Live Communications Server or Communicator 2007. In other words, the
Cisco device cannot examine the traffic if the communication is
encrypted.
By default, Communicator 2007 uses TLS. However, you can configure Communicator 2007 to use TCP as the transport. If you use TCP, the fixup SIP function will break the connectivity.
RESOLUTION
To resolve this problem, use one of the following methods:
- Implement TLS security from the RTC client computer to the server that is running Live Communications Server. By doing this, you encrypt the SIP traffic between the client and the server that is running Live Communications Server or Communicator 2007. Therefore, data inspection does not occur on the intermediary device.
- Disable the fixup SIP function on the Cisco PIX firewall, on the Cisco ASA firewall, or on the VPN device. To do this, run the following command:
#no fixup protocol SIP 5060
STATUS
Microsoft
has confirmed that this is a problem in the Microsoft products that are listed
in the "Applies to" section.
MORE INFORMATION
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
APPLIES TO
- Microsoft Office Live Communications Server 2005 Enterprise Edition
- Microsoft Office Live Communications Server 2005 Standard Edition
- Microsoft Office Live Communications Server 2003
- Microsoft Office Communicator 2007
- Microsoft Office Communicator 2005
- Microsoft Windows Messenger 5.1
- Microsoft Windows Messenger 5.0
- Microsoft Exchange Online
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please