Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 834469 - Last Review: May 17, 2004 - Revision: 2.1
Cannot connect to Live Communications Server 2003 through a network address translation (NAT) device
When you try to connect a Microsoft Windows Messenger 5.0 real-time communications client to Microsoft Office Live Communications Server 2003 through a Transmission Control Protocol (TCP) connection, the connection does not work.
This issue occurs if you try to connect to Live Communications Server through one of the following devices:
- A network address translation (NAT) device
- A firewall device
- A proxy device
This issue occurs because of the way that the Session Initiation Protocol (SIP) client must communicate with the Live Communications Server computer. To complete the SIP connection, Live Communications Server must establish a connection back to the SIP client's listening address.
To resolve this issue and to permit Windows Messenger clients to connect to Live Communications Server through devices that perform network address translation, configure a Transport Layer Security (TLS) connection between the Windows Messenger clients and Live Communications Server. To do this, follow these steps:
- Install a computer certificate on the Live Communications Server Home Server computer. For information about how to request a certificate, search on "Request a certificate" in the Help and Support Center for Microsoft Windows Server 2003.
- Start the Live Communications Server tool.
- Expand Servers, right-click the Home Server that you want to configure, and then click Properties.
- Click the Connections tab, and then click Add.
- In the Transport type list, click TLS, and then click Change Certificate.
Note If you have multiple Home Servers, you must leave the Authenticate remote server (TLS Mutual) check box selected. - In the Select Certificate dialog box, click the computer certificate that you want to use, and then click OK.
- Verify that 5061 appears in the Listen on this port box, click OK, and then click OK again.
- On the client computer, start Windows Messenger.
- On the Tools menu, click Options.
- Click the Accounts tab, and then under SIP Communications Service Account, click Advanced.
- Click Configure settings, click TLS, and then type the fully qualified domain name of the Live Communications Server Home Server in the Server name or IP address box.
- Click OK, and then click OK again.
- If you receive the following message, click OK:
The changes you have made to your sign-in information won't take effect until the next time you sign in.
- If you are not already signed out of Windows Messenger, sign out and then sign back in to Windows Messenger.
When you try to connect to Live Communications Server through a NAT device, the NAT device translates the source IP address of the TCP packet from your client computer. However, the NAT device does not modify the IP address that is in the Contact header of the SIP packet. When Live Communications Server detects that the SIP client requests a response on an IP address that is different from the source IP address, Live Communications Server rejects the SIP client's
REGISTER request. In this scenario, Live Communications Server returns a
400 Invalid Contact Information response. This response helps to prevent a malicious user from connecting to Live Communications Server as a different user.
For additional information about how to configure TLS connections in Live Communications Server, see the "Configuring a Home Server and Windows Messenger for TLS" section of the
Microsoft Office Live Communications Server 2003 Deployment Guide. This guide is located in the Documentation folder of the Microsoft Office Live Communications Server CD.
Also, see the "Enabling Outside User Scenarios" document. This document provides an alternative to using Virtual Private Networks and describes how to deploy Microsoft Office Live Communications Server 2003 to permit outside users to connect by using Transport Layer Security. To download this document, visit the following Microsoft Web site:
APPLIES TO
- Microsoft Office Live Communications Server 2003
- Microsoft Windows Messenger 5.0
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate