Firewall Requirements for Integrating OCS and OWA

If you follow my directions for integrating Office Communications Server 2007 R2 with Exchange Server 2010 OWA, and you also have either a host firewall on your CAS servers or a firewall between the OCS frontend pool and your CAS servers, you may find yourself with only half the intended functionality. You’ll be able to send IMs just fine from OWA clients, but, if you try to receive an IM in OWA, the user on the far side will get an error like this:

image

The following message was not delivered to <user>. More details (ID:504)
This message was not delivered to <user> because there was no response from the server:

This usually indicates some sort of network connectivity issue, and to troubleshoot this, I captured a network trace on the OCS frontend and filtered the display to just show me traffic between my OCS frontend and my CAS server. This is what I found:

image

In the above capture, “.103” is my OCS frontend, and “.90” is the CAS server. The presence of TCP SYNs with no corresponding SYN ACK is a surefire symptom of a firewall issue. I took a look at the CAS servers with TCPView and discovered that the addition of OCS to OWA led to IIS listening on TCP 5075.

image

Once I added a firewall exemption to the Windows Firewall for the IIS Worker Process for TCP 5075 from the OCS pool, everything started working immediately. If you’re using hardware firewalls between your OCS pool and CAS servers, you’ll likewise need to exempt TCP 5075.

Leave a Reply

Your email address will not be published. Required fields are marked *