PDF Creator | PDF Converter | PDF Software | Create PDF Send posts as PDF to


Share/Bookmark

IM Slowness, IM Failure issue when using OCS/Lync Public IM Connectivity with AOL

IM Slowness, IM Failure issue when using OCS/Lync Public IM Connectivity with AOL

Postby Ernie » Tue Mar 27, 2012 3:45 pm

Problem description:
When you are using OCS/Lync Server you might face issue with Public IM connectivity with AOL. Public IM connectivity works fine with Yahoo.com and MSN. However with AOL you might face IM delays, IM drops etc. Well Guys!!! You don’t have to worry, I too have faced this issue and after lots of efforts I was able to resolve this issue. Below is the detailed resolution for the same.

Cause:
Microsoft Office Communicator 2007 R2 and Lync 2010 client in conjunction with Office Communications Server 2007 R2/Lync Server 2010 would intermittently fail to communicate with AOL AIM clients via PIC. Note that this would only reproduce if your OCS 2007 R2/Lync 2010 Edge role is running Windows Server 2008 (x64); not Windows Server 2003 (x64). This happens because Windows 2008 (x64) bit uses a predefined set of cipher suites. These cipher suites are in a particular order and the started few suites are not compatible with the cipher suites that AOL uses. When OCS/Lync Edge tries to establish a connection it starts picking these suites in the default order and keep using the next one if the earlier does not work. AOL uses TLS_RSA_WITH_RC4_128_MD5, which comes at very far position in the default order in windows 2008.

Resolution:
To resolve this you will have to tweak to make Windows Server 2008 Edge role to initially establish the SSL dialog using the TLS_RSA_WITH_RC4_128_MD5 cipher suite.

In order to change the cipher suite order, do the following on your Windows Server 2008 (x64) Edge server:

    1. Start -> Run -> gpedit.msc -> OK
    2. Within the Group Policy Object Editor, expand Computer Configuration, Administrative Templates, Network
    3. Under Network, select SSL Configuration, and then double-click on SSL Cipher Suite Order (by default, the SSL Cipher Suite Order is set to "Not Configured")
    4. Select the “Enabled” radio button, and in the in the SSL Cipher Suites text box, copy the entire string into Notepad. It should look like the following:

      TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA , TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_ AES_128_CBC_SHA_P256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384, TLS_ECDHE_ ECDSA_WITH_AES_128_ CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256, TLS_ECDHE_ECDSA_ WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_ MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_MD5,TLS_RSA_WITH_NULL_ SHA
    5. The objective here is to move TLS_RSA_WITH_RC4_128_MD5 to be a the front of the list. So, in your Notepad document, find TLS_RSA_WITH_RC4_128_MD5, cut it, navigate to the beginning of your notepad document, and paste TLS_RSA_WITH_RC4_128_MD5. The new order should look like the following:

      TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_ SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_ AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_ WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_ ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_ DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_ 3DES_EDE_CBC_SHA,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_ RSA_WITH_NULL_MD5,TLS_RSA_WITH_NULL_SHA
    6. Paste the newly-formatted string back into the text field in the GPO Editor, click OK, then restart your Windows Server 2008 (x64) Edge server for these changes to take effect.
After doing the above steps you should now be able to communicate with AOL users without any issues using OCS/Lync Federation services.
Ernie
Site Administrator
User avatar
Ernie

i'm still here

Site Admin
Site Admin
 
Posts: 206
Joined: Sat Nov 22, 2008 5:32 pm
Location: New Jersey
Highscores: 20
WordPress Blog: Visit User's Blog

Share/Bookmark

Similar topics


Return to Lync Server 2010

Who is online

Users browsing this forum: No registered users and 0 guests

cron