Migrating Clients Outside the Firewall

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

If your organization has Communicator Phone Edition devices that were released with the previous version of Office Communications Server 2007, and you want to use Office Communications Server 2007 R2 to update them externally, from outside the firewall, you must take additional security configuration steps.

First, you must temporarily enable anonymous access for the DeviceUpdateFiles_ext and RequestHandlerExt virtual directories in Internet Information Services (IIS). Doing this enables the devices to obtain an interim firmware build that is included with Office Communications Server 2007 R2. Once the devices have obtained and installed this build, they will then be able to obtain and install the release version of the firmware. For security reasons, once the devices are updated with the release version of the firmware, you should then disable anonymous access on the two virtual directories.

Enabling anonymous access is necessary because the previous version of Communicator Phone Edition required anonymous access to obtain device updates from outside the firewall. Unlike the previous version, however, Office Communications Server 2007 R2 versions of Communicator Phone Edition are able to pass credentials and be authenticated before being updated. Because anonymous access is not required to update external devices in this version, it is not enabled by default.

When you enable anonymous access, Communicator Phone Edition devices with a firmware version of 1.0.522.98 or earlier are automatically updated by Device Update Service to version 1.0.522.103 during their normal update cycle, according to their update configuration settings. Once they have been updated with version 1.0.522.103, the devices are updated to the Office Communications Server 2007 R2 release version during the next regular update cycle. You do not need to take any steps to enable this update beyond enabling anonymous access on the DeviceUpdateFiles_ext and RequestHandlerExt virtual directories. Device Update Service performs the updates automatically and transparently.

You can check the log files to verify all devices have been updated to the release build, as described in Auditing Update Requests in the Administering Office Communications Server 2007 R2 documentation. Release build numbering begins with a 2, rather than a 1 for the previous version, for example 2.0.555.00. For security reasons, once all previously deployed devices have been updated to the release version, we strongly recommend that you disable anonymous access for the DeviceUpdateFiles_ext and RequestHandlerExt virtual directories.