RE: Instant messaging and ISA firewall clients

  • From: "Mark T. Barringer" <Mark@xxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 13 Apr 2002 11:16:29 -0400

Is this E2K IM or MSN IM?  They look quite similar but use different
ports.  MSN IM is proprietary and uses port 1863 for chat, it has
different requirements for the additional file transfer, video and
Internet calling features.  However, E2K IM is really just a slimmed
down browser.  It uses mostly port 80 only just like a plain webpage,
but does have some additional port requirements.

The KB article you mention is for E2K IM only.  And it shouldn't be
necessary to follow this article if you are using MSN IM for your
Internet clients.  The easiest way to determine this is 'did you create
Active Directory accounts AND IM enable them for these Internet clients
that cannot send?'

If the answer is no, then you are talking about MSN IM clients that are
using MSN/Hotmail as their security provider, not your AD and E2K
servers.  In this case, the KB does not apply and you should only need a
packet filter with 1863 open for inbound and TCP all ports for outbound.
Mine doesn't have any local or remote computer restrictions so take
these into account if you do.

If the answer is yes, then the KB does apply and you will need to modify
both the server AND the external IM clients.  Previous versions of
Exchange did not support polling. The Instant Messenger client sent
connection requests to the Instant Messaging server through port 80. The
Instant Messaging server then sent notifications to the Instant
Messenger client using a random port greater than or equal to 1024. 

The two features added with E2K SP1 are Instant Message Polling and
Fixed Port Callback Delivery.  In Instant Message Polling, the Instant
Messenger client polls the Instant Messaging server at regular intervals
to check for pending notifications. The Instant Messenger client
attempts to keep an open connection with the Instant Messaging server
from which a notification is sent.  In Fixed Port callback delivery, the
Instant Messenger client callback port is limited to a single port
specified by a limited range. Fixed Port callback delivery is a
restrictive delivery mechanism. In Fixed Port callback delivery, the
port values can range from 1025 to 65535.

All of this is from
http://www.microsoft.com/exchange/techinfo/deployment/2000/IMPoll.doc

Hope this helps.

-Mark
-----Original Message-----
From: test@xxxxxxxxxxxxxxxxx [mailto:test@xxxxxxxxxxxxxxxxx] 
Sent: Saturday, April 13, 2002 6:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Instant messaging and ISA firewall clients


http://www.ISAserver.org


Clients behind an Exchange 2K - ISA server are able to send instant
messages, but cannot receive them from Internet clients. The internet
client gets: "The following message could not be delivered to all
recipients"

I did everything the Q285781 (XCCC: Configuring Exchange 2000 Instant
Messaging Polling and Fixed Ports) says, but it does not give any
recommendations on how to configure the client or server, besides
registry entries. So, I still have the same problem. Is there any
suggestion or any source I can find the explanation. Thank you Anton

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Mark@xxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


Other related posts: