locked
S4B - CsConferencingPolicy cant use EnableP2PFileTransferOutsideInternal after January 2019 update RRS feed

  • Question

  • Hi,

    last week i updated my Skype for Business Standard Server to the January 2019 Update (v. 6.0.9319.537).

    After this update i want to set the value "EnableP2PFileTransferOutsideIntranet" within the CsConferencingPolicy. If i use the command "New-CsConferencingPolicy -Identity "BlockExternal" -EnableP2PFileTransferOutsideIntranet $false" i get the automatic completion for the value "EnableP2PFileTransferOutsideIntranet", but i dont see this Value if i use Get-CsConferencingPolicy. I can filter with "Get-CsConferencingPolicy -Identity BlockExternal | select EnableP2PFileTransferOutsideInternal" but there is no value like True or False set. If i assign the policy to a user there is no impact, the user can send and receive files from outside.

    During the Update of UCWA i get this error message:

    "An unhandled Microsoft .NET Framework exception occurred in w3wp.exe [106068]. Just-In-Time debugging this exception failes with the following error: No installed debugger has Just-In-Time debugging enabled. In Visual Studio, Just-In-time debugging can be enabled from Tools/Options/Debugging/Just-In-Time."

    Im not sure about the .Net Framework Version under Programs and Features i only got entries about .NET Frameowrk 4.5.2 and 4.5.1, these versions are needed for the update. But i the registry i got the version 4.6.2 (394802). After this error i dont get any other error during the skype update and the SkypeServerUpdateInstaller write down "Success" for all patches. The event viewer logged only the same error message and no other error message following about this after a restart of the server and services. 

    Could the error message impact the problem with the External File Transfer value?

    Is advisable if i uninstall all .Net Framework Version and install only 4.6.2?

     

    Best regards,

    Markus




    • Edited by Mr.M4rkus Tuesday, February 5, 2019 7:29 AM
    Tuesday, February 5, 2019 7:26 AM

All replies

  • I have also tested this new feature (blocker) and it seems also NOT to work for me :-(
    Tuesday, February 5, 2019 8:57 AM
  • Hi Mr.M4rkus,

    There’s no attribute of EnableP2PFileTransferOutsideInternal in the * -CsConferencingPolicy command, you could refer to the official document: Set-CsConferencingPolicy

    Based on my research and experience, you could only block/enable file transfer function for all conference, however, you can’t only block file transfer function for external users in on-premise environment. In addition, if you want to block external file transfer function for all scenarios( such as IM, Meeting), you could run the following command, details about this you could refer to the following blog: Disabling Edge Server File Transfers in Lync, it is similar as SFB Server 2015.
    new-csfiletransferfilterconfiguration -identity edgeserver:edge server FQDN -action blockall -enabled $true

    About the .NET Frameowrk, Skype for Business Server works with the following Microsoft .NET Framework versions: 
    • .NET 3.5 
    • .NET 4.5 
    • .NET 4.6.x 
    • .NET 4.7.1 and higher (for Skype for Business Server CU 5 or later releases) 
    • .NET 4.7.2 and higher (for Skype for Business Server CU 6 or later releases)
    You could refer to the official document to find the details: Server requirements for Skype for Business Server 2015

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, February 6, 2019 1:20 AM
  • Hi,

    here is the article about the "EnableP2PFileTransferOutsideInternal" value. 

    https://support.microsoft.com/en-us/help/4458688/prevent-external-file-transfer-for-skype-for-business-mac-users

    I already use the csfiletransferfilter to block files from the edgeserver. But with this rule only file transfers in the normal chat are disabled. In a Skype-Meeting external Users can upload and download files.

    I hoped to stop this with the new value "EnableP2PFileTransferOutsideInternal", but now i cant test it.

    Best regards,

    Markus


    • Edited by Mr.M4rkus Wednesday, February 6, 2019 7:33 AM
    Wednesday, February 6, 2019 7:28 AM
  • I have tested:
    new-csfiletransferfilterconfiguration -identity edgeserver:<edgepoolfqdn> -action blockall -enabled $true

    That works, but users see "Transfer Failed". That isn't as nice as I would prefer, but at least we can block federated users from sending to internal. The problem is that it also prevents External users to transfer files and not only federated users. But it is better than blocking all or nothing.

    Regards

    Kent

    Thursday, February 7, 2019 11:05 AM
  • Yes, it blocks file transfers in the normal chat. But within a skype conference external users still may download or upload files inside of this confernece. This is the main problem. Currently i set the MaxContentStorageMb in CsConferencingConfiguration to 0, so nobody can upload files in a skype conference, even users in the company network. But that is not a solution in my opinion. 

    With skype conference i mean a scheduled skype conference/meeting or a confence about the "meet now" button on the skype client.

    Best regards,

    Markus

    Thursday, February 7, 2019 12:56 PM
  • Correct!

    You can still join conferences not hosted in your organization with that MaxContentStorageMb setting set. So it is really more annoying than really a solution.

    I would tend to, that when you are in conferences, you likely can hear if the other end is what you expect or not. When you then download a file from the conference, you will still hit the client scanning engine. But there is a possible DLP for sure.

    Thursday, February 7, 2019 1:34 PM
  • Hi Mr.M4rkus,

    There’s no perfect way to block file transfer between internal and external in the on-premise environment, the EnableP2PFileTransferOutsideIntranet attribute only works for the client that's enabled by Microsoft Unified Communications Web API (UCWA), it is not worked for the SFB client in PCs.

    If you need to realize this function, you could follow the way as Kent and I provided. 

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by woshixiaobai Tuesday, February 12, 2019 6:15 AM
    Monday, February 11, 2019 6:35 AM
  • Hi Mr.M4rkus,

    Is there any update for this issue? If the reply is helpful to you, please try to mark it as an answer, it will help others who have the similar issue.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, February 13, 2019 7:06 AM
  • Hello,

    thanks for your help, but the only way to completely block the file transfer with external users is to disable the complet file transfer (internal and external). This is the only "solution" for me.

    Best regards,

    Markus

    Thursday, February 21, 2019 12:51 PM
  • Hi Mr.M4rkus,

    Thanks for your sharing. If you find the reply is helpful to you, please try to mark it as an answer.


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, February 26, 2019 9:13 AM
  • Hi,

    I have the CU8 installed in our Environment and tested file transfer P2P and in Skype meeting, not able to send or receive files anyways. File transfer blocking is overridden by other policy CsImFilterConfiguration -BlockFileExtension against all Edge Pools. 

    Regards,

    Baaskar R

    Monday, March 18, 2019 12:15 PM
  • Hi Basskar,

    This would not apply to meetings, as it does not run through edge servers in the first place.

    I guess your tests also confirm this, or you have multiple Blocks.

    Regards

    Kent

    Monday, March 18, 2019 1:06 PM