locked
IM Filtering not working as expected RRS feed

  • Question

  • Hello,

     

    I know there have been a few topics about this already, but they are based on Beta code and I have more details.

     

    I have been trying to configure Intelligent IM Filtering to allow URL's to be hypertext clickable in instant messages within Office Communicator 2007 for both internal and external addresses.

     

    I am able to configure Intelligent IM Filter settings by using the OCS Administration tool, right clicking on the pool, and selecting Application Properties > Intelligent IM Filter (just so we're all on the same page).

     

    I have configured the options as:

     

    Setting

    Value(s)

    URL Filter Tab

    Enable URL Filtering

    Checked

    Block all hyperlinks, both intranet and Internet, that contain any of the file extensions defined on the File Transfer Filter tab

    Unchecked

    Allow local intranet URLs

    Checked

    Hyperlinks handling

    Allow instant messages that contain hyperlinks

    Message text:

    Please use caution whenever clicking on hyperlinks. Only do so if the link is from a trusted source and looks legitimate.

    Enter the prefixes, separated by a space that you want the URL filter to block

    href www*. ftp. http: https: ftp: gopher: nntp: news: file: mailto: sip: sips: tel: callto: ldap: telnet:

    File Transfer Filter Tab

    Enable file transfer filtering

    Checked

    Block all file extensions

    Unselected

    Block only file extensions in the list below

    Selected

    File extensions

    <default>

     

     

     

    Using the above settings all URL's entered, whether internal (as defined by IE settings on the OCS server) or external, are retained as plain text in Communicator with the applicable warning message text displayed (so I know IM Filtering is involved). I would have expected the URL to be displayed as clickable hypertext.

     

    Turning off IM Filtering (uncheck the Enable URL Filtering checkbox) has no effect on the text only result. Removing the prefixes has no effect on the text only result.

     

    An interesting point is that when a user has logging of instant messages turned on, the messages are stored in Outlook under the "Conversation History" container. The URL's are displayed in the messages there, but that's not really a solution, just a potential security problem for those that do want to filter URL's.

     

    I then found an old article on here, http://forums.microsoft.com/Ocs2007/ShowPost.aspx?PostID=1560567&SiteID=57, which says that there is a group policy setting as well to enable URL's in Communicator. So I made the necessary changes and now when I type in a URL, such as www.google.com, it is converted to hypertext as I type it. In my sent window the message is in hypertext, however the receivor, who has the group policy applied as well, still gets the message as plain text. It is in hypertext in Outlook's conversation history.

     

    From my point-of-view, this appears to be a bug, but I'm happy for someone to shed some light on what I may be doing wrong.

     

    Any/all input is welcomed.

     

    Rgds,

     

    Morris

     

    Tuesday, October 9, 2007 1:46 PM

All replies

  • I would like to add my experience. I also believe this is a bug. I am posting in hopes to find a solution to this problem. Below is my Event log errors.

     

    Code Block

    Unable to load settings from WMI

     

    Exception: Object reference not set to an instance of an object.

    Cause: The Office Communications Server Intelligent IM Filter

    application is incorrectly configured or application does not have

    permissions to read WMI.

    Resolution:

    Verify that the RTCSRV service account has read permissions on WMI

    and that the MSFT_SIPIIMFilterUrlFilterSetting and

    MSFT_SIPIIMFilterFileFilterSetting classes are correctly configured.

     

    For more information, see Help and Support Center at

     

     

     

     

    Code Block

    The process AcpMcuSvc(2132) failed to send health notifications to the

    MCU factory at https://WLABC-

    PR.SUMEX.DARTMOUTH.EDU:444/LiveServer/MCUFactory/.

    Failure occurrences: 5, since 11/12/2007 5:13:47 PM.

     

    For more information, see Help and Support Center at

    http://go.microsoft.com/fwlink/events.asp.

     

     

     

    What I have found to cause these errors is changing the settings for Imfiltering. The changes I made did not take effect on the client side.  To make matters worse changing the settings caused the server to stop responding to the client. I tried restarting services, rebooting OCS and Domain server as well as restarting services on the client and reboots. I was at a loss and not able to send IM's to anyone or start web conferences.  I later disabled IM filtering and everything started working.

     

    So I rebuilt the OCS server and the Domain server from scratched made images just incase and tried to make changes to the imfilters again. I found the same problem occured. I have done 3 rebuilds total, in our test enviroment, and everything works 100% until I do something like check the box that says allow html links. 

     

    Can anyone give more information on this problem?

    Wednesday, November 14, 2007 9:50 PM
  •  Loren@TuckSchoolIT wrote:

    I would like to add my experience. I also believe this is a bug. I am posting in hopes to find a solution to this problem. Below is my Event log errors.

     

    What I have found to cause these errors is changing the settings for Imfiltering. The changes I made did not take effect on the client side.  To make matters worse changing the settings caused the server to stop responding to the client. I tried restarting services, rebooting OCS and Domain server as well as restarting services on the client and reboots. I was at a loss and not able to send IM's to anyone or start web conferences.  I later disabled IM filtering and everything started working.

     

    So I rebuilt the OCS server and the Domain server from scratched made images just incase and tried to make changes to the imfilters again. I found the same problem occured. I have done 3 rebuilds total, in our test enviroment, and everything works 100% until I do something like check the box that says allow html links. 

     

    Can anyone give more information on this problem?

     

     

    I had the same thing happen to me while attempting to get clickable URLs working - I ended up rebuilding the OCS server because I could not get IM traffic back up and running. 

     

    I just tried implementing the a registry key from LCS 2005 client but that didn't work either - I'm starting to think this is a bug as well.

    Wednesday, November 28, 2007 6:21 PM
  •  

    I'll add to this thread that the same thing happened to me. I installed the filter on both the Proxy and Internal servers. I first removed "http" from the list of filtered prefixes, and configured the warning message "Be careful what you click" but links were unclickable. After making all sorts of changes, and having no luck, I disabled filtering completely and rebooted both servers, but the behavior is the same. I can paste in a hyperlink but the recipient gets unlinked text.
    Wednesday, February 13, 2008 12:15 AM
  • I want to also add that I think it is a bug. I had modified the filter list prior to getting my edge server running. Then, when I did get the edge server running, all IM stopped. I had to restore the defaults on the intelligent IM and restart the services and then I had instant messaging back. I disabled both the Intelligent IM and the File Transfer Filter, so no filtering should occur, but hyperlinks are still just text.

     

    Thursday, February 21, 2008 7:10 PM
  • I had clickable links working at one point during my testing using the following client side registry key:


    Code Snippet

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Communicator]
    "EnableURL"=dword:00000001


    And then enabling IM filtering with all the options disabled. That being said, I have since had to rebuild the environment and I cannot get the links clickable again. I plan on working on this again shortly and posting my results, but it is possible to get this working.



    Friday, February 22, 2008 4:44 PM
  • Ran into the same deal this week during a deployment. No way to get the URLs actually clickable on both ends. You can enable that reg key, but it only creates a usable link for the sender - which is worthless. The receiver stills get a text-only link. Verified this both from domain member to domain member, external to internal, etc. Setting the option to anything other than the defaults actually causes very flaky IM conferencing. Flip everything back to the defaults, reboot the server(s) and you should be back to full functionality. Definitely seems like a bug.
    Friday, February 22, 2008 6:32 PM
  •  

    Ok, i've spent the morning playing with this and just finally got links working.  There are definately still some bugs in the system though.  For those interested I'm going to give a brief run down of what I did this morning.

     

    I started out with the default IM filtering settings which was working as you would expect, ie putting an underscore in front of any sent URL.  I applied the above Registry hotfix to both clients so that the client would recognize URLs as clickable

     

    From here I tried just configuring the filter to be less restrictive.  I unchecked 'block all hyperlinks..." and "allow local intranet URLs".  I then changed the selection to "allow instant message that contain hyperlinks" , and I filled ina test 'warning' message.  I removed ALL of the prefexes from the filter box.  I then completely disabled file transfer filtering, then restarted all services. 

     

    What happened was clients could no longer IM each other.  I had full presence, but no IM communication. 

     

    I went back to the URL Filter and checked the "allow local intranet URLs" box, and restarted services.  Result was the same, full presence but no ability to IM. 

     

    Next I changed the setting to "Allow instant messages that contain hyperlinks, but convert the links to plain text".  I put a test "warning" message in the field box. 

     

    Again, same result, full presence but no IM.

     

    Next, i reset the filter back to Full Defaults in an attempt to get IM working again, and restarted services.  At this point everything was back to where I started, which is to say at least I could IM again.

     

    Finally in a last ditch effort I simply disabled the URL Filter all together by unchecking the filter box.  I left File filtering enabled.  Stopped and restarted services and to my astonishment, it is working now.  Clients and send links that are clickable to one another with no underscores or warning text.

     

    I hope this helps some of you out.  Also, i don't know if this is the reason or not, but I have the OCS client installed on my front end server for testing (got tired of asking co-workers to IM back and forth) so I have the EnableURL Reghack on the Front end server.

     

    My config is:

     

    1 Standard edition OCS 2007 Front end server (Windows 2003 R2 Sp2) with SQL 2005 SP2

    1 Standard edition OCS 2007 Edge Server (Windows 2003 R2 Sp2)

    AD is Windows 2008 RTM Native Mode

     

    My client is Windows Vista Ultimate SP1

     

    Cheers,

     

    Joe

     

    Monday, February 25, 2008 4:03 PM
  • Just wanted to add one more thing - I only have links working for internal clients with this configuration.  Any external clients, or even internal clients using the Edge server to log in, cannot send properly formated URLs.  Those clients add an underscore to the front of each URL sent and received.  I'm going to look into this later today if I get time.

     

     

    Monday, February 25, 2008 4:22 PM
  • Josef, did you do the same for the IM filter on the Edge? I'm guessing you left it at the defaults which would strip those links. Either way, it's a workaround and creates a security hole by allowing any kind of URL prefix to come through. I'd also assume that it would work without enabling that registry entry seeing as that only affects the link sender.
    Monday, February 25, 2008 5:01 PM
  • Tom,

     

    I've left the Edge server settings at default, so that would explain why it is stripping it out.  I have a small enviornment of only technical people running here so I'm not concerned with any of them clicking a bad link, but I certainly agree that this is a  security problem using this work around.  I should be able to enable the filter and allow links that meet the criteria, but at least in my testing that does not even allow IM traffic to flow. (I need to do some debug logging on that to see what kind of data i can get)

     

    As far as the registry hack, the last time I had this working I had done the same thing I did today but links would not work until I had applied the client side registry hack.  If i get some spare cycles today I'll remove the registry entries and test that as well.

     

     

     

    Monday, February 25, 2008 5:27 PM
  • I got mine to work. I was missing the client side registry key (HKLM\Software\Policies\Microsoft\Communicator, DWORD Value EnableURL=1). Then I also had to configure it on the Edge Server - the Edge server was still set to block everything. Restarted the client PCs and restarted the OCS services on the Edge server and I had clickable hyperlinks.

     

    Tuesday, February 26, 2008 12:45 AM
  •  

    Ok.

     

    THought i would add my two cents in .....its April! and i had to do this Reg hack to get Im Filtgering to work, and file transfers.

     

    Thanks for the help everyone!

    Here it the command line to add the key.

     

    C:\>reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Communicator /v EnableURL /t REG_DWORD /d 1

    Thursday, April 3, 2008 8:48 PM
  •  

    I was able to get this working by disabling IM filtering on OCS server, and applying the required registery chage by group policy. 

    I have been trying to allow active hyperlinks in CWA. Do you know if this is possible? CWA still converts hyperlinks to plain text.

     

    Thanks.

    Monday, April 7, 2008 8:19 PM