OCS / LCS

Thankfully, this has nothing to do with the buyout talks.

On May 5, 2008, Yahoo Inc. will move their servers that provide instant messaging (IM) federation with Microsoft Office Communications Server 2007 and with Microsoft Office Live Communications Server 2005. These changes may affect users of these products.

This change will affect only those users whose external firewalls accept traffic on TCP port 5061 only from known IP addresses. If your external firewall accepts incoming TCP traffic on port 5061 from any IP address, this change will not affect you.

You can read more about it, and the IP changes, here.

Check it out the announcement here.

You can check out the Mac site here.

If I had a Mac, I would try it out to see what it is like, but hopefully some others can try it out and leave comments here? That would be great, because I'm curious how well it integrates with everything.

Check out this update - KB 949260 - here.

Normally I’d write this off as a one-off or an isolated issue, but what caught my interest was the fact that it appears as a High-Priority Update to be installed on all your OCS servers in your organization.

And here is the other oddity that doesn’t seem to be documented very well – which basically requires a LOT of client updates, and makes it sound like someone figured out how to spoof OCS/LCS packets:

This update package replaces the OCS2007-KB946763-x86-Server.msp update package KB 946763 - Update package for Communications Server 2007 (Web Components, Admin Tools, Web Conferencing, Audio Video, Mediation, Archiving, and Server): January 31, 2008

Note: The authentication protocol that is used by Communications Server and its clients has been updated to require a signature in all messages. This includes the first message that carries the challenge response. The version number of the protocol that is advertised in the challenge response has increased to version 4. Challenge responses that use version 4 of the protocol must contain a signature. The signature is a digest of the identifying headers in the message that is calculated by using the session key. To make the Conferencing Add-in for Microsoft Office Outlook work correctly, this update for the Conferencing Add-in must be installed.

Additionally, to make sure that all other clients work effectively against this update, the following hotfixes must be installed on the clients:

KB 948738 - Update for the Conferencing Add-in for Outlook: April 11, 2008

KB 946764 - Windows-based Live Meeting 2007 client update package: April 11, 2008

KB 946164 - Update for Communicator 2007: April 2, 2008

I am asked about OCS/UM certificates quite a bit lately and I am always forgetting off the top of my head who is providing the certificates. Choosing a provider is key for PIC (interaction with public IM networks) and ease of federation with other companies. One pain point you can avoid by going with a "big name" is that they are most likely already a trusted authority in your smartphones and computer systems.

If you want a list of providers that have been 'blessed' by Microsoft for UM certificates, read KB article 929395.

Update #1: Tom Pacyk left a great comment about this entry:

"What you don't see though is that there's only ONE of those that shows up by default in XP, Vista, Mobile 5, and Mobile 6 and that's Entrust. We've been recommending them to our clients for certs and it's worked out great.

As far as defaults...
GoDaddy and Comodo aren't in Vista.
Comodo and Digicert aren't in WM5.
Digicert is not in WM6.

Update #2: One of the things I love about this site is that I get almost immediate feedback when something I post is either popular, or incorrect. In this case, Digicert contacted me to let me know that due to an agreement between EnTrust and them, the information about DigiCert in Update #1 is not accurate. I don't want to spread false information out there so that is why Update #2 exists.