You cannot sign in to a server that is running Live Communication Server 2005 or Live Communication Server 2003 through a Cisco PIX firewall (911786)


The information in this article applies to:

  • Microsoft Office Live Communications Server 2005 Enterprise Edition
  • Microsoft Office Live Communications Server 2005 Standard Edition
  • Microsoft Office Communicator 2005
  • Microsoft Office Live Communications Server 2003
  • Microsoft Windows Messenger 5.0
  • Microsoft Windows Messenger 5.1

SYMPTOMS

Consider the following scenario. You use a real-time communications (RTC) client to sign in to one of the following programs:
  • Microsoft Office Live Communications Server 2003
  • Microsoft Office Live Communications Server 2005
Additionally, the Live Communications Server computer is using a Cisco PIX firewall. In this scenario, the sign-in process may fail. Additionally, you may receive the following error message:
You have been signed out of SIP Communications Service because that service has been temporarily shutdown. Please try again later

Note This error message may vary depending on the client program that you are using.

Additionally, you may experience intermittent presence issues. You may also experience issues when you try to send or to receive instant messaging (IM) messages.

CAUSE

Some versions of Cisco PIX firewalls and virtual private network (VPN) solutions have built-in program-inspection functions for the Session Initiation Protocol (SIP). However, the built-in program-inspection functions are not fully compatible with real-time communications (RTC) client 5.0 or later versions of RTC client. RTC client includes Microsoft Windows Messenger 5.0, Windows Messenger 5.1, and Microsoft Office Communicator 2005.

This issue only occurs if you are not using Transport Layer Security (TLS) to help secure the communication between the client program and the server that is running Live Communications Server. In other words, the Cisco device cannot examine the traffic if the communication is encrypted.

RESOLUTION

To resolve this issue, use one of the following methods:
  • Implement TLS security from the RTC client computer to the server that is running Live Communications Server. By doing this, you encrypt the SIP traffic between the client and the server that is running Live Communications Server. Therefore, data inspection does not occur on the intermediary device.
  • Disable the fixup SIP function on the Cisco PIX firewall or on the VPN device. To do this, run the following command:
    #no fixup protocol SIP 5060

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Modification Type:MinorLast Reviewed:12/31/2005
Keywords:kbtshoot kbprb KB911786 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.