Article ID: 2694730 - View products that this article applies to.
Microsoft has released Hotfix Rollup 4 for Forefront Security for Office Communications Server. This article contains a description of the hotfix rollup as well as information about how to obtain the hotfix rollup.
Features of the hotfix rollupHotfix Rollup 4 allows FSOCS to be installed on Lync 2010 (running on Windows 2008 R2 or Windows 2008 SP2 x64) in addition to Office Communications Server 2007 and Office Communications Server 2007 R2. As the feature set and patch level are the same as RU3, customers who have already deployed RU3 can update but are not required to do so.
Important Notes1.) File Transfer Scanning and Filtering Limitations:
Lync 2010 clients are capable of performing peer-to-peer as well as group file transfers. Forefront is able to scan and filter file transfers only when 2 participants are involved. When 3 or more participants are involved in the conversation, file transfers are exchanged using a conferencing role that Forefront does not protect. In this scenario, files will not be scanned or filtered by Forefront.
The Lync 2010 client added additional functionality (ICE, TURN, STUN) to overcome previous limitations in which attempts to create a direct connection between peers failed due to firewall issues such as clients sitting behind a NAT. Lync also changed the protocol for peer to peer file transfers from using FTP in 2007 / 2007 R2 to using RTP. With Forefront installed, Lync clients can be expected to use the earlier client behavior with respect to establishing connections as well as the use of FTP.
2.) Forefront for OCS can be installed on the Front End, Edge, and Director Roles on OCS 2007 and OCS 2007 R2 and on the Front End and Edge roles on Lync 2010. Installation on the Edge and Director Roles enables Forefront to offload some scanning from the Front End role to these other roles.
3.) There are several important notes specifically related to installing on the Edge role on Lync 2010:
- On the FSOCS setup panel “Notification Account Setup”, you must provide the fully qualified domain name of the SIP URI user account that will be used to login to the Front End box.
- You must select Transport type TLS and not TCP.
- Note: If the two settings above are not done correctly during install, the Forefront logs will show errors with attempting to log in. This can be corrected after installation by making changes in the Forefront Administrative console under “General Settings\IM Notification Agent”.
- After installing on the Edge role, you MUST register the Forefront deployment with the Front End in order for it to work.
- To register it, you must know the fully qualified domain name of the Edge server as in myedgeserver.mydomain.com. You must then run the following command from a Lync PowerShell prompt on the Front End server:
New-CsServerApplication -Identity "Service:<FQDN of Edge Server>/ForeFrontRTCProxy" -Uri "http://www.microsoft.com/ForefrontServerSecurity/ForefrontRTCProxy" -Enabled $True -Critical $True
- After uninstalling from an Edge role, you MUST unregister the Forefront deployment with the Front End by running the following command from a Lync PowerShell prompt on the Front End server:
- After you run either of the commands above to register or unregister, you can verify that the registration is present or removed by either looking for the Forefront Edge server registration in PowerShell using the command Get-CsServerApplication or from the Lync Server Control Panel.
Known IssuesInstallation and uninstallation on Lync 2010 Edge role requires that some specific steps be followed including manual registration with the Front End. (see "Important Notes" #3 above)
There are some known File Transfer Scanning and Filtering Limitations when used with Lync 2010 (see "Important Notes" #1 above)
Download informationIf the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
How to install the hotfix rollupTo install the hotfix rollup, follow these steps:
PrerequisitesThe minimum server requirements for FSOCS RU4+ are the same as the corresponding OCS 2007, 2007 R2, or Lync 2010 minimum requirements on which FSOCS is installed. At the time of this writing they are:
- For Lync 2010: (64 bit only) 2008 R2, 2008 SP2
- For OCS 2007 R2: (64 bit only) Windows 2008, Windows 2003 R2 SP2, Windows 2003 SP2
- For OCS 2007: (2003 SP1+)
Microsoft Office Communications Server Standard Edition, or, Enterprise Edition with one of the following server roles configured: Front End, Access Edge, Director.
1 gigabyte (GB) of free memory, in addition to that required to run OCS (2 GB recommended). NOTE: with each additional scan engine used, more memory is needed for each scanning process.
2 GB of available disk space. This is in addition to the disk space required for Microsoft OCS.
Intel processor (1 GHz)
File informationThis hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.
The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table
Contact us for more help
Connect with Answer Desk for expert help.