Login |  About us, Contact us & Follow us |   
Index   UC Articles... Important Links!

 

IM Slowness, IM Failure issue when using OCS/Lync Public IM Connectivity with AOL.

Problem description: When you are using OCS/Lync Server you might face issue with Public IM connectivity with AOL. Public IM connectivity works fine with Yahoo.com and MSN. However with AOL you might face IM delays, IM drops etc. Well Guys!!! You don’t have to worry, I too have faced this issue and after lots of efforts I was able to resolve this issue. Below is the detailed resolution for the same.

Cause:  Microsoft Office Communicator 2007 R2 and Lync 2010 client in conjunction with Office Communications Server 2007 R2/Lync Server 2010 would intermittently fail to communicate with AOL AIM clients via PIC.  Note that this would only reproduce if your OCS 2007 R2/Lync 2010 Edge role is running Windows Server 2008 (x64); not Windows Server 2003 (x64). This happens because Windows 2008 (x64) bit uses a predefined set of cipher suites. These cipher suites are in a particular order and the started few suites are not compatible with the cipher suites that AOL uses. When OCS/Lync Edge tries to establish a connection it starts picking these suites in the default order and keep using the next one if the earlier does not work. AOL uses TLS_RSA_WITH_RC4_128_MD5, which comes at very far position in the default order in windows 2008.

Resolution: To resolve this you will have to tweak to make Windows Server 2008 Edge role to initially establish the SSL dialog using the TLS_RSA_WITH_RC4_128_MD5 cipher suite.

In order to change the cipher suite order, do the following on your Windows Server 2008 (x64) Edge server:

1.     Start -> Run -> gpedit.msc -> OK

2.     Within the Group Policy Object Editor, expand Computer Configuration, Administrative Templates, Network

3.     Under Network, select SSL Configuration, and then double-click on SSL Cipher Suite Order (by default, the SSL Cipher Suite Order is set to "Not Configured")

4.     Select the “Enabled” radio button, and in the in the SSL Cipher Suites text box, copy the entire string into Notepad.  It should look like the following:

 

TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA , TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_ AES_128_CBC_SHA_P256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384, TLS_ECDHE_ ECDSA_WITH_AES_128_ CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256, TLS_ECDHE_ECDSA_ WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_ MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_MD5,TLS_RSA_WITH_NULL_  SHA

 

5.     The objective here is to move TLS_RSA_WITH_RC4_128_MD5 to be a the front of the list.  So, in your Notepad document, find TLS_RSA_WITH_RC4_128_MD5, cut it, navigate to the beginning of your notepad document, and paste TLS_RSA_WITH_RC4_128_MD5.  The new order should look like the following:

 

TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_ SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_ AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_ WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_ ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_ DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_ 3DES_EDE_CBC_SHA,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_ RSA_WITH_NULL_MD5,TLS_RSA_WITH_NULL_SHA

 

6.     Paste the newly-formatted string back into the text field in the GPO Editor, click OK, then restart your Windows Server 2008 (x64) Edge server for these changes to take effect.

After doing the above steps you should now be able to communicate with AOL users without any issues using OCS/Lync Federation services.

By

Mohit Verma, Unified Communication Specialist

 

 



 

Latest updates...

Skip Navigation Links
Microsoft News center - UC
Ten Predictions for UC in 2009
Download Center
 
         
    
Copyright, OCSpedia.com. Microsoft, MS-DOS, Windows, Windows 2000, Windows XP, Windows Server 2003, Windows NT, Windows 98, Windows 95 are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and other countries. All other names are registered trademarks of their respective companies. Should any right be ran afoul, it is totally unintentional. Send us an e-mail and we will promptly and gladly rectify it. All external sites will open in a new browser. Ocspedia.com does not endorse external sites and is not responsible for their content. For broken links, site problems or any feedback - please send at uc@ocspedia.com