Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Live communication server 2005 : Failed to sign in

Posted on 2006-06-11
6
Medium Priority
?
382 Views
Last Modified: 2011-04-14
I setup Live communication server 2005 with SP1 enterprise edition and SQL Database on the same member server. Installation went well.

I am able to ping the pool name, LCS server name, AD server & domain name. LCS service is running.

I confiugred the user logon name in a test client as username&domain.com  But got the following error (both in windows messenger 5.1 or communicator I recieve the following error)" Signing in to SIP Communications Service failed because
the communication service is unavailable. Please try again later"

I use the same domain name in my login name. No change in domain name.

Can anyone pls suggest me on this?

Thanks,
0
Comment
Question by:magesh_m
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 

Author Comment

by:magesh_m
ID: 16881071
I tried this. http://support.microsoft.com/?kbid=834470 It is not my problem
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 16881222
Reported Problem:
Users could not connect to Live Communications Server with 6 or more contacts in the list. They would receive the error: Signing in to SIP communications service failed because the service is temporarily unavailable. Please try again later.

Actual Problem:
The number of contacts was not the issue but the client server attempting to establish a secondary connection (ephemeral port range above 1024) through a firewall. The firewall saw the particular port range which was defined to be traffic type to disallow.

Recommendation:
TLS
TCP is not secure

Information for TCP implementation (info is aggregation of all who were involved with issue)
Windows Messenger and Live Communication Server will use a secondary connection and this can be controlled through group policy. If the server is listening on TCP, then the client will use a dynamic (source) port on the client, connecting to the (target) 5060. At the same time the client may specify a dynamic port in the registration Contact header indicating its listening port. Consequently server has no choice but to connect back to this port since SIP requires in-dialog messages to be delivered to the location specified in the Contact header. The firewall MUST allow this port for SIP/TCP logons to work, and hence the group policy applies to this port in particular. The server's source port for outbound connections is picked by WinSock and ranges between 1024-5000. Again this connection is only for SIP traffic.
Additionally, size of a message has no impact on whether the server opens a new connection or not – As mentioned above, the server opens a new connection if the Contact header in the registration requires it to.

Specify dynamic port ranges
Disabled
By default, the client application (for example Windows Messenger) will use a randomly selected port between 1024 and 65535 for SIP signaling and media traffic. When enabled, it allows for specifying the minimum and maximum port addresses used for dynamic port allocation. Default is 7100 minimum and 7103 maximum for SIP traffic; 5350 minimum and 5353 maximum for media.

The port range is configured by the system administrator. The values for the port ranges can be set in the registry under the registry key HKLM\Software\Policies\Microsoft\Windows\RTC\PortRange.
The ‘MinSipDynamicPort’ and ‘MaxSipDynamicPort’ values are used for setting the port range for SIP signaling traffic.
The ‘MinMediaPort’ and ‘MaxMediaPort’ values under the above registry keys are used for setting the port range for Audio/Video RTP and RTCP traffic.

No matter the communication is TLS or TCP, if the clients want to do file transfer, A/V, communication, they will negotiate a set of dynamic ports to use for the file transfer or RTP. These will be dynamic on both sides of the communication.

We can use registry setting to limit the range of dynamic port the client software use for communication, but we can’t really control exactly which port to use.

Source port is not a security concern. We know the server only listens to port 5061 (or other selected port) if we use TLS connection. If one is really concern about security, they can actually close all ports except port 5061 and IM will still work. (That is assuming they have other NIC/access to the server for administration and necessary infrastructure access.)
We can limit the client range of dynamic ports for A/V file communication.
If there is any firewall between/in front of the client, it can effective block all dynamic ports traffic, so dynamic port will not be an issue. TLS IM will still work, only advance communication fail.

Ref:
http://tomllcskid.blogspot.com/

Another useful links..
http://www.mcse.ms/archive246-2005-6-1673141.html
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B830550
0
 

Author Comment

by:magesh_m
ID: 16881291
Just to add another point,
I am not able to open "telnet LCSServer 5060 /5061". It says the connection failed.

Is it needed to open? If so, how?

Thanks,
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 24

Accepted Solution

by:
Mohammed Hamada earned 1500 total points
ID: 16881457
This is what you need...! the ports are needed for the

http://www.microsoft.com/technet/itsolutions/msit/infowork/lcs2005twp.mspx
0
 

Author Comment

by:magesh_m
ID: 16942947
I don't know how to open. Finally I reinstalled LCS and everything worked fine.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question