1. What if I am getting ‘Disconnect’, ‘Connection Timed Out’
or ‘Connection Refused’ error?
2. What if I am behind a Firewall?
3. What If I am behind a ISA server?
4. Not Able to Connect?
5. What if I am using a Proxy Server?
6. ActiveX client will not install for local accounts?
7. IE’s ActiveX setting is disabled?
1. What if I am getting ‘Disconnect’, ‘Connection Timed Out’
or ‘Connection Refused’ error?
Problem
-----------------------------------------------------------
When a Host attempts to connect to a conference,
the ActiveX client downloads but cannot connect to the conference in question. The
ActiveX client may generate one of the following error messages at the time when
it attempts to connect the conference.
1. Cannot assign requested address.
2. Connection Refused.
3. Connection timed out.
This condition occurs when a Firewall or Proxy interferes with the connection between
the ActiveX client and conferencing server. In most cases, the network administrator
set a policy on the firewall or proxy to only allow HTTP traffic to leave the network.
Although the conferencing software uses HTTP, the communication method it uses does
not conform to security policy implemented in many higher end firewalls/proxy. These
devices scan HTTP traffic and require the HTTP traffic to follow the request / response
model. Any traffic that does not follow this communication model is blocked.
Solution
-----------------------------------------------------------
By default the MyMeetingCentral web conferencing server listens on TCP Port 22,
23, 80, 443, 1270 & 37000. By creating a policy on the firewall to allow traffic
to leave the network on either 22, 23, 1270 or 37000, conference hosts will enjoy
a true real-time conference session. Many network administrators, however, will
cringe when asked to open ports on their firewall. The main reason for this is,
in the last few years they have all experienced and heard of increase security risk
to a network when ports are open.
The administrators managing the firewall must understand their network is more at
risk when they allow unauthorized traffic to enter their network. As for traffic
leaving the network, as longs as the traffic is directed to an approved IP address,
the traffic is considered safe. In the case MyMeetingCentral Web Conferencing, we
highly recommend allowing traffic to leave the network on only TCP Port 37000. The
traffic can be directed to a specify IP address that the conferencing server is
using or to any IP address because that port is typically not used by any application.
Also, the MyMeetingCentral Web Conferencing client & server is designed to be
very secure and will not experience a buffer overrun which is the main technique
malicious code uses to break into applications.
If there are any questions or concerns with the information in this technote, please
contract MyMeetingCentral directly.
-----------------------------------------------------------
Additional information
-----------------------------------------------------------
Although HTTP uses port 80, creating an outbound policy to use the predefined HTTP
policy available in a firewall is not the same as allowing traffic on a manually
define policy which allows traffic to leave the network on the same port, TCP Port
80. The predefined HTTP policy in most higher end firewalls & proxies actually
scans the traffic to ensure it uses the request / response communication technique.
If any applications communicate outbound over TCP Port 80 but does not use the request
/ response technique, the firewall will block the communication thus terminating
the connection.
Again, the HTTP request / response communication technique is not ideal nor was
it designed for real-time communication. It is simply to slow and inefficient for
real-time communications.
Back to Top
2. What if I am behind a firewall?
We use port 80 for your connection, so if you can access the internet you can use
our service.
Back to Top
3. What if I am behind an ISA server?
With the default install of an ISA server you will have no gateway address defined
in your Windows TCP/IP settings. To see this simply run IPCONFIG and you will notice
that there is only an IP address and subnet mask defined, but no gateway is defined.
Without a gateway defined, you will get "no route to host" because Windows cannot
route TCP/IP outside of the current subnet without a default gateway.
This is how the ISA server operates because it redirects all traffic from the user's
PC directly to the ISA server. Without the supporting winsock client install for
ISA server on the PC the only thing that will work is Internet Explorer traffic
over Port 8080 when Internet Explorer is configured to operate with a proxy over
Port 8080.
If you install the ISA client on the workstation it will operate normally because
the ISA client redirects all winsock traffic from the PC to the proxy server (not
just Port 8080 web traffic).
Then you simply need to make sure that the ISA server is not being told to block
communications.
Back to Top
4. Not able to Connect?
If unable to connect, and you selected Yes to install the Internet Explorer ActiveX
conferencing components, the following material may be helpful. First, make sure
your web browser is Internet Explorer version 5.0 or later. In addition, check that
Internet Explorer allows Active X. To check if Active X downloads are allowed
follow the steps below:
1. Open Internet Explorer and Click on the Tools Menu found in the main menu
bar
2. Select Internet Options
3. Select the Security Tab
4. Select the internet zone (the globe) and click the Custom Level button.
5. Verify that the following settings are set correctly
-Download signed ActiveX controls = Prompt or Enable
-Run ActiveX controls and plug-ins = Prompt or Enable
6. Try the System Check again at
http://208.49.241.193/?join=systemcheck
If you are still unable to connect to the conference room, the most likely cause
is your firewall settings. Please provide your IT Manager/ System Administrator
with the following information.
Meeting Central, like many web conferencing and real-time applications requires
port 80 and 443 to be open. Please verify port 80 (web) and 443 (SSL) are
open for in-bound and out-bound traffic, and that the port settings allow ActiveX.
If desired, you can enter these settings and restrict their use to URLs/web sites
with whom you often join web conferencing sessions (i.e., you can restrict traffic
using these settings to specific URLs/IP addresses). If you employ proxies on port
80, please verify that your proxy is reasonable up to date, and that it properly
checks and honors TTL (time to live) values. If the latter proxy handling
is not possible in your environment, ensure that port 443 is open with no proxy/caching,
and the same port settings as above. Once your firewall and proxy (if any)
settings are made per this description, you should be able to join the web conferencing
sessions.
Back to Top
5. What if I am using a Proxy Server?
Problem
This condition occurs when a computer is configured to connect to the Internet through
a Proxy server but the Proxy client is not install or active on the workstation.
In this scenario IE is configured to use the Proxy Server settings (i.e. Port 8080)
under IE’s Internet Options menu.
Solution
To use Meeting Central Web Conferencing in an environment where a Proxy server is
active, workstations must run the Proxy client that is supplied by the Proxy server.
Note: The proxy client is available after the Proxy server is installed.
Back to Top
6. ActiveX client will not install for local accounts?
Problem
When a user logs on to Windows 2000 or XP computer using a local account that is
set to restricted user rights only, the ActiveX client will not install.
Solution
Insure the logged on user has sufficient rights to the install the Meeting Central
Web Conferencing ActiveX client. The rights to the user account are set using the
local workstation’s User account tool in the Windows Control Panel.
Back to Top
7. IE’s ActiveX setting is disabled?
Problem
When a user attempts to connect to an active conference, IE stops and displays ‘Connecting
to conference … Please wait while we determine if you need any updated components
…’. This behavior indicates the Firewall is restricting ActiveX from entering the
network or the security option in IE is set to high which prevent the ActiveX client
from being downloaded.
Solutions
a) Configure the Firewall to allow ActiveX do be downloaded or install the Meeting
Central Web Conferencing client manually by running the client setup file.
http://208.49.241.194/setup.exe
b) Set IE’s Internet Options > Security option to ‘Default’. This setting must
be set for either the Internet or Local Intranet option.
Back to Top