Scott Oseychik

Microsoft | Exchange G&C Team (Public Folders, Modern Groups, Site Mailboxes, Shared Mailboxes, ... )

RESOLVED - OCS 2007 R2 PIC fails against AOL

RESOLVED - OCS 2007 R2 PIC fails against AOL

Rate This
  • Comments 45

 

Issue:

 

Microsoft Office Communicator 2007 R2 in conjunction with Office Communications Server 2007 R2 would intermittently fail to communicate with AOL AIM clients via PIC.  Note that this would only reproduce if your OCS 2007 R2 Edge role is running Windows Server 2008 (x64); not Windows Server 2003 (x64).

 

 

Resolution:

 

Essentially, it boils down to tweaking the Windows Server 2008 Edge role to initially establish the SSL dialog using the TLS_RSA_WITH_RC4_128_MD5 cipher suite.

 

 

In order to change the cipher suite order, do the following on your Windows Server 2008 (x64) Edge server:

 

1.       Start -> Run -> gpedit.msc -> OK

2.       Within the Group Policy Object Editor, expand Computer Configuration, Administrative Templates, Network

3.       Under Network, select SSL Configuration, and then double-click on SSL Cipher Suite Order (by default, the SSL Cipher Suite Order is set to "Not Configured")

4.       Select the “Enabled” radio button, and in the in the SSL Cipher Suites text box, copy the entire string into Notepad.  It should look like the following:

 

TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_MD5,TLS_RSA_WITH_NULL_SHA 

 

5.       The objective here is to move TLS_RSA_WITH_RC4_128_MD5 to be a the front of the list.  So, in your Notepad document, find TLS_RSA_WITH_RC4_128_MD5, cut it, navigate to the beginning of your notepad document, and paste TLS_RSA_WITH_RC4_128_MD5.  The new order should look like the following:

 

TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_MD5,TLS_RSA_WITH_NULL_SHA 

 

6.       Paste the newly-formatted string back into the text field in the GPO Editor, click OK, then restart your Windows Server 2008 (x64) Edge server for these changes to take effect.

 

 

We have verified (and re-verified) these steps work, and can now successfully communicate with AOL AIM clients using Office Communicator 2007 R2 via PIC.

 

Comments
  • Microsoft OCS 2007 R2 users were having communications issues with AOL's AIM when federating using PIC (Public IM Connectivity) and using a Windows Server 2008 (x64) Edge role server - Windows Server 2003 (x64) is unaffected by this problem....

  • Come to find out, the issue does not appear on Windows 2003 x64 servers but only Windows 2008 x64. This is due to the order of the ciphers offered. Not to steal the thunder of the Microsoft fellow that figured it out, check out the full solution here.

  • As all are aware Office Communication Server 2007 R2 was recently released and with it the ability to

  • Fixing interoperability problems between OCS 2007 R2 Public Internet Connectivity and AOL IM

  • Scott,

    Just wanted to note that you talk about cutting and pasting the TLS_RSA_WITH_RC4_128_MD5 entry into the front of the list in Notepad, but there's no step to copy and paste the entire string back into the GPO Editor.

  • Good catch; I appreciate the feedback & have updated step 6 accordingly ... thx again!

    Scott

  • Решил свести информацию об известных ошибках / странностях в работе OCS R2 и методах решения проблем...

  • Решил свести информацию об известных ошибках / странностях в работе OCS R2 и методах решения проблем

  • Just for men only works if nobody has met you before, bish.

  • When I make these changes I can then send to AOL no problem at all but then I get the following error when I try to send from AOL back to OCS  

    Unable to deliver your text sent to remote user. Remote enterprise user is unable to receive your message at this time. Please try again later.

    Any ideas?  Also do we still have to install the cert for AOL???

  • Should have mention that sending and receiving from both Yahoo and MSN is working great.

  • My provisioning request is approved now. But i cant seem to conatct with windows live. I can not get any presence info.. My messages from ocs gets through..but vice versa fails as the contact seems offline although not.any ideas

  • I had to do this on my Communicator Web Access server as well in order to support my customers who use CWA & PIC.  

  • Great follow-up, Matt ... many thanks for the feedback.

    Regards,

    Scott Oseychik

  • I have tried this fix and am not having any luck. I've run gpupdate and restarted 3 times and still no aol contacts. MSN is working just fine. Is the edge server the only server i need to appliy this to?

Page 1 of 3 (45 items) 123
Leave a Comment
  • Please add 3 and 7 and type the answer here:
  • Post