Compartilhar via


How Connection Manager Works

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

How Connection Manager Works

In this section

  • Connection Manager Terminology

  • Connection Manager Architecture

  • Connection Manager Protocols

  • Connection Manager Interfaces

  • Connection Manager Physical Structure

  • Connection Manager Processes and Interactions

  • Network Ports Used by Connection Manager

  • Related Information

Connection Manager is a suite of components that provides administrators with the ability to create and distribute customized remote access connections and to create, distribute, and automatically update customized phone books. Connection Manager service profiles appear as network connections on client computers, and profiles can be used to connect to remote networks through servers running Routing and Remote Access, Internet Authentication Service (IAS), or remote access and virtual private networking technologies from companies other than Microsoft.

This section provides an in-depth view of how Connection Manager works in an optimal environment. Connection Manager can perform well in many environments; it is designed to be customized for individual network needs. However, for the purpose of this section, an optimal environment is defined as follows:

  • Telephone and network infrastructure is in place, address space has been leased, domain names have been registered, and an Internet presence has been established.

  • The Active Directory directory service and Group Policy are configured correctly on the network, and appropriate Group Policy settings and permissions are applied.

  • Domain Name System (DNS) servers are configured correctly on the network.

  • Dynamic Host Configuration Protocol (DHCP) servers are configured correctly on the network.

  • Remote access servers are configured correctly and deployed properly on the network.

  • Routers are configured correctly on the network.

  • Remote Authentication Dial-in User Service (RADIUS) authentication is being used, and it is configured correctly on the network.

  • Firewalls and filters are configured correctly on all parts of the network, including between the intranet, the perimeter network, and the Internet.

  • Internet Information Services (IIS) is configured correctly.

  • A local account (not a domain account) with minimal permissions has been created for posting phone books. This account is disabled except when phone books are being posted.

  • File Transfer Protocol (FTP) anonymous access is disabled. FTP is disabled for all accounts except the one that is used to post phone books.

  • The FTP service is started immediately before a phone book is posted, and the service is stopped immediately after the phone book has been posted.

  • Permissions for the Phone Book Service (PBS) folder and for the PBSData folder in the FTP virtual root have been set appropriately.

  • All remote access computers are running the Microsoft Windows XP Professional operating system.

  • The Internet service providers (ISPs) with which the organization has contracted service provide phone books or point of presence (POP) data in a database form that administrators can easily import into phone books.

Connection Manager Terminology

Before you review Connection Manager components and processes, it is helpful to understand the terminology. The following subsections provide a brief introduction and illustration of the Connection Manager suite and a glossary of terms.

Connection Manager Components

Connection Manager refers to both a component and a suite of components. The Connection Manager component is customizable remote access connection software. The Connection Manager suite supports the creation, distribution, and maintenance of customized remote access connections and phone books. The Connection Manager suite consists of the Connection Manager component, the Connection Manager Administration Kit component, and Connection Point Services. Connection Point Services itself consists of Phone Book Administrator and Phone Book Service. Unlike Connection Manager, there is no program named Connection Point Services.

Connection Manager

Connection Manager is client connection software that administrators can customize and distribute to users. Administrators can customize many aspects of a Connection Manager service profile, including interface elements, authentication protocols, and programs that run at specific points during the connection. A Connection Manager service profile is compressed into a self-installing, self-extracting executable that can be easily distributed. Most Connection Manager service profiles fit on 3.5-inch disks.

Connection Manager 1.3 is the most recent version; older versions do not have all of the functionality discussed in the Windows Server 2003 Technical Reference. Connection Manager 1.3 is included with the Microsoft Windows Server 2003 and Windows XP operating systems. Service profiles that are created for these operating systems do not need to include Connection Manager 1.3. Service profiles that are created for the Microsoft Windows 2000, Windows Millennium Edition, and Windows 98 operating systems should include Connection Manager 1.3 with the service profile.

Connection Manager Administration Kit

To create a Connection Manager service profile, administrators need the Connection Manager Administration Kit (CMAK), which includes:

  • a wizard for creating and customizing a Connection Manager service profile and building the service profile as a compressed, self-installing executable

  • customizable templates for online Help

  • default graphics

  • pre-configured custom actions

  • customizable templates for service-profile files

Administrators can perform additional customization using a plain-text editor (such as Notepad) to edit service-profile files and then using the CMAK wizard to re-build the service profile. Although using the CMAK wizard is simple, creating a service profile that exactly meets the needs of a particular network or business environment requires careful planning and development.

CMAK 1.3 is the most recent version, and it is included with Windows Server 2003. Earlier versions of CMAK do not have all of the functionality discussed in the Windows Server 2003 Technical Reference.

Phone Book Service

Phone Book Service (PBS) is an Internet Information Services (IIS) extension. For service profiles that are configured to use and check for updated phone books, Connection Manager queries the PBS server after it connects to the Internet. PBS compares the phone book version reported by Connection Manager with the most recent version file. When appropriate, it passes the appropriate update file to the Connection Manager service profile. Administrators who do not intend to include phone books in their service profiles do not need to install PBS.

The most recent version of PBS is included with Windows Server 2003. Earlier versions of PBS do not have all of the functionality discussed in the Windows Server 2003 Technical Reference.

Phone Book Administrator

Phone Book Administrator (PBA) is a tool to create, maintain, and post phone book files for use with Connection Manager service profiles. Each phone book is a collection of POPs. Each POP provides a local access number and connection settings for a specific region within a country or dependency. PBA compresses phone books into .cab files, which administrators can post to the PBS server using FTP.

The most recent version of PBA is included with Windows Server 2003 and Windows XP Professional. Earlier versions of PBA do not have all of the functionality discussed in the Windows Server 2003 Technical Reference. Although administrators can use the Windows Server 2003 version of PBS with earlier versions of PBA, the Windows Server 2003 version of PBA is not compatible with earlier versions of PBS.

Connection Manager Glossary of Terms

The following terms describe the components and elements of Connection Manager:

.cab file

The file name extension for a cabinet file. A cabinet file is a compressed data file that contains phone book information or installation information for Connection Manager. Phone books have two types of .cab files, Full.cab and Delta.cab. Full.cab files contain full phone books. Delta.cab files contain only changes to the phone book. PBA creates a Delta.cab file the first five times that an administrator changes information in a phone book. If the administrator makes a sixth set of changes, PBA creates a Full.cab file.

.cmp file

The file name extension for a connection profile file. Every service profile has at least one .cmp file, named ServiceProfileName.cmp. The .cmp files contain user-related information. By editing this file, administrators can provide a first-time-only population of user information. Because users can overwrite this information, any settings that administrators specify are available the first time the service profile is used.

.cms file

The file name extension for a service provider file. Every service profile has at least one .cms file, named ServiceProfileName.cms. The service provider file specifies the configuration of the phone book and most of the other functions of a service profile. Most advanced customization for a service profile is done by editing the .cms file for a particular service profile, by using either the Advanced Customization page of the CMAK wizard or a plain-text editor.

.inf file

The file name extension for an information file. Every service profile has one .inf file. The .inf file specifies installation information for service profiles. Administrators can configure some setup and uninstallation information in an .inf file, but they should thoroughly test the installation after making any changes. Information files cannot be edited from the Advanced Customization page of the CMAK wizard; they must be edited with a plain-text editor.

.pbk file

The file name extension for a phone book file. A phone book file is a text file that contains lists of POP information. Phone book files are compressed before they are transferred to the server.

.pbr file

The file name extension for a region file. A region file is a text file that helps categorize POPs. A POP can reference one of many geographical regions listed in the region file.

.sed file

The file name extension for a connection extraction file. Every service profile has one .sed file. The .sed file contains the instructions for building a self-extracting executable (.exe) file for service profiles. Administrators should never edit any .sed file.

.ver file

The file name extension for a version file. Every time that a phone book is updated, the version file is incremented.

advanced customization

The process of manually editing service-profile files to achieve specific results. Administrators can use the CMAK wizard to customize most features of Connection Manager service profiles. However, some features require administrators to edit the service profile files, changing how Connection Manager handles certain functions. Administrators can edit these files either by using the Advanced Customization page of the CMAK wizard or by building the service profile, editing the service-profile files using a plain-text editor, and then rebuilding the service profile. This process is called advanced customization.

component profile

A service profile that is merged into another service profile. Administrators can merge much of the information in existing service profiles into a new service profile by using the CMAK wizard.

custom action

An additional program that starts seamlessly at a specified point during the remote access connection. A custom action can be a dynamic-link library (DLL) file; an executable file such as a .bat, .exe, or .cmd file; or a shell-executable file, such as a .txt or .doc file. Custom actions can run at any of nine points during the connection.

dial-up connection

A remote access connection that uses a modem to connect to a network.

direct connection

A remote access connection that uses a technology such as a digital subscriber line (DSL) or a cable modem to connect to a network.

disconnect action

A custom action that runs immediately before the connection ends. Disconnect actions run even if Connection Manager did not initialize the disconnection. For example, if a disruption in telephone service terminates a connection, Connection Manager will attempt to run the disconnect actions specified in the service profile after the unexpected termination.

double-dial connection

A remote access connection that first uses a modem to connect to an ISP and then makes a VPN connection to a specific network.

key

The generic term for an entry in a Connection Manager service-profile file. All valid entries in service-profile files have key names. Each key must have an appropriate value to be valid.

monitored action

A custom action that runs after a connection is established and, for a VPN connection, after the tunnel is established. Each monitored action runs every time the user connects to the service, whether through a dial-up connection, a direct connection, or a double-dial connection. All monitored actions must be .exe files because monitored actions run asynchronously. Connection Manager monitors the status of all monitored actions and starts the disconnect sequence when the last monitored action closes.

on-cancel action

A custom action that runs as soon as users click Cancel during a connection attempt. On-cancel actions do not run when users click the Cancel button to close Connection Manager.

on-error action

A custom action that runs whenever an error occurs during a connection.

phone book

A collection of one or more POP entries, with each POP supplying a telephone number that provides dial-up access to an intranet or an ISP. Phone books give users complete POP information, so when they travel they can connect to different Internet access points rather than being restricted to a single POP.

post-connect action

A custom action that runs after a connection is established and, for a VPN connection, after the tunnel is established. Each post-connect action runs every time the user connects, whether through a dial-up connection or a direct connection.

pre-connect action

A custom action that runs as soon as users click Connect. These actions run before Connection Manager establishes a connection to the service.

pre-dial action

A custom action that runs after users click Connect but before the computer starts to dial the connection to the service. Pre-connect actions run before pre-dial actions.

pre-init action

A custom action that runs as soon as users start Connection Manager. These actions run before the Connection Manager logon screen appears.

pre-tunnel action

A custom action that runs after a connection with the ISP is established but before a tunnel to the VPN server is established. This type of action is available only if the service profile is configured for VPN connections, and it will run only when users are using the VPN connection option.

section

A header within service-profile files. Section names are always contained within brackets. Some section names are preset; others can be added by administrators.

service profile

A customized Connection Manager remote access connection used to connect to an ISP, a corporate network, or other network. Service profiles are occasionally referred to as Connection Manager profiles.

service-profile files

The collective term for all files needed to build a Connection Manager profile, including but not limited to the .inf, .sed, .cms, and .cmp files.

top-level profile

A profile that contains information from other service profiles. Administrators can merge much of the information in existing service profiles into a new service profile by using the CMAK wizard.

value

The data required to configure a key in service-profile files.

Connection Manager Architecture

The following figure illustrates how the components of the Connection Manager suite work together. This figure illustrates a Connection Manager service profile that is configured to use phone books. VPN-only service profiles, which do not use phone books, require neither PBA nor PBS.

Overall Architecture for Connection Manager

Sample Connection Manager Deployment

The following table describes the components of the Connection Manager architecture.

Connection Manager Architecture Components

Component Description

Phone Book Administrator (PBA)

Used to create and maintain phone books that Connection Manager uses.

Connection Manager Administration Kit (CMAK)

Used to create Connection Manager service profiles.

Phone Book Service (PBS)

Used to distribute phone books to Connection Manager.

Connection Manager

Used to connect to a remote network. In the architecture in the previous figure, the service profile first connects to an ISP using a POP from its phone book. Then the service profile makes a VPN connection to the remote network.

Remote access server

Used to provide remote access. For example, a remote access server might be a computer that is running Windows Server 2003 and Routing and Remote Access.

Connection Manager Protocols

Administrators can customize Connection Manager service profiles to use specific protocols. For example, administrators can specify the use of data-link protocols such as Point-to-Point Tunneling Protocol (PPTP) and transport protocols such as NetBEUI. Additionally, programs that administrators include for custom actions could use a variety of protocols. The following table shows the protocols that the Connection Manager suite uses by default.

Connection Manager Protocols

Component Description

Point-to-Point Protocol (PPP)

A data-link layer protocol for transmitting data across point-to-point links. PPP allows remote access technologies (including Connection Manager) and devices to interoperate.

TCP/IP

A protocol suite that provides communication across interconnected networks such as the Internet.

Hypertext Transfer Protocol (HTTP)

An application-layer protocol that specifies the client/server interaction between Web browsers and Web servers. Connection Manager service profiles use HTTP to communicate with PBS servers.

File Transfer Protocol (FTP)

An application-layer protocol that is used to transfer files between hosts on a TCP/IP network. FTP is used to post phone books to PBS servers.

Connection Manager Interfaces

By default, Connection Manager service profiles use some remote access application programming interfaces (APIs) and Telephony Application Programming Interface (TAPI). Administrators can customize service profiles to use any of the remote access APIs documented on Microsoft Developer Network (MSDN). In addition to using remote access APIs, Connection Manager has its own set of macros, DLL parameters, and registry key values for use with custom actions.

Macros

Administrators can use some command-line macros in custom actions to pass arguments. When these macros are used, Connection Manager replaces them with the actual run-time information for the parameter. The following table describes the command-line macros that custom actions support.

Connection Manager command-line macros

Macro Description

%ServiceName%

The service name of the profile.

%UserPrefix%

The user-name prefix used for this connection.

%UserSuffix%

The user-name suffix used for this connection.

%UserName%

The user name without any realm user-name prefix or suffix.

%Profile%

The location and file name of the active connection profile (.cmp) file.

%ServiceDir%

The path to the profile directory.

%Domain%

The Active Directory domain for the connection.

%InetUserName%

The user name for the Internet connection.

%ConnectionType%

A value that identifies the connection type: 0, 1, or 2.

0 = dial-up

1 = direct

2 = double-dial

%DialRasPhoneBook%

The full path to the phone book file.

%TunnelRasPhoneBook%

The full path to the phone book file used for the VPN portion of this connection.

%DialRasEntry%

The service name or remote access entry name for the dial-up connection.

%TunnelRasEntry%

The service name or remote access entry name for the tunnel connection.

%AutoRedial%

A Boolean value that is 1 if this dial attempt is an automatic redial or 0 if not an automatic redial.

%PopName%

The description for the phone number in the phone book.

%ErrorCode%

The Win32 error code.

%LastErrorSource%

The origin of the last error.

%CurrentFavorite%

The connection settings that the user saved in the Settings Saved As box.

%TunnelServerAddress%

The IP or DNS address of the VPN server, if any.

%ClientIPAddress%

The IP address of the computer on which the Connection Manager profile is installed.

%ServerIPAddress%

The IP address of the remote access server, if any.

%Interactive%

A Boolean value that is used in a custom action to determine whether to display a user interface. Administrators can incorporate this macro in a custom action to display an interactive user interface (such as an error message). Administrators should use this macro only with programs that can either complete (if Connection Manager is running in an interactive state) or that are able to take other action, such as failing gracefully without an error message (if Connection Manager is running in a non-interactive state). This macro was designed to be used in conjunction with the Program interacts with the user check box. For example, if the Program interacts with the user check box is cleared, the %interactive% macro should be added to the custom action parameters so that the custom action can behave according to the state in which Connection Manager is running. Using this macro might require modification to the custom action itself.

When parameters are specified, Connection Manager reads the parameter string and passes it to the pszCommandLine parameter of the DLL or sends the string as part of the command line to an executable (available through the Windows API GetCommandLine).

If the custom action is a DLL, the first token of the parameter string is the function entry point to call. This token is removed from the parameters before the string is passed to the DLL (so the pszCommandLine string does not start with the DLL entry point name as the first parameter). When creating the DLL, administrators must ensure that the exported name of the DLL matches the name specified as the first parameter, because name decoration can result in different names. (For example, in C++, name decoration can cause the exported name to be different from the actual function name.)

Connection Manager cannot denote a null pointer in a string, so it passes the string NULL (which it passes for all undefined parameters). Use quotes only when a parameter contains spaces. When using an executable other than a DLL, the function name is not required.

DLL Parameters

The following table describes the DLL parameters that Connection Manager supports. DLLs only run synchronously; Connection Manager starts the action and then waits for the function to return before continuing. The first argument is the function name within the DLL to call. Administrators specify the argument in the Parameters box in the Add/Edit Custom Actions page of the CMAK wizard.

Connection Manager DLL Parameters

Parameter Description

hWndParent

Handle to the Connection Manager logon dialog box or NULL; used as the parent window for any user interface that the custom action displays.

hinstDll

Handle to the instance of this DLL.

pszCommandLine

String pointer to the command-line arguments.

dwReserved

Reserved for future use.

The syntax for each of these custom actions is:

HRESULT WINAPI function
    [IN] HWND hWndParent
    [IN] HINSTANCE hinstDll
    [IN] LPCSTR pszCommandLine
    [IN] DWORD dwReserved

Custom action DLLs often have a comment that appears while they run. These comments have the form Running Custom Action Description, and they are specified in the Description box on the Add/EditCustom Actions page of the CMAK wizard. The Connection Manager interface is frozen and does not accept input while this type of action runs.

Custom action DLLs require a return value. If the return value is less than 0, the DLL call fails. (SUCCEEDED macro returns False.) In this case, an error message (including the return value) appears in the form “Custom Action Description failed ReturnValue.” If a pre-init, pre-dial, pre-connect, pre-tunnel, or post-connect DLL action fails, the connection attempt is ended.

The DLL is unloaded after the function call. For DLLs that require extended times for the program to run, administrators should implement WM_PAINT messages in the DLL to ensure that user actions do not disrupt graphics.

Administrators should provide the exact name of exported functions when they build custom action DLLs. When using a language that changes the exported name (such as C++), administrators should use a .def file to preserve the exported function names.

Registry key values

For the most part, administrators do not need to set registry keys for use with Connection Manager. The exception is if the administrator wants custom actions to run on user computers before users have logged on. For security reasons, custom actions are disabled by default during logon; they will not run if users select the Log on using dial-up networking check box at the logon screen. For a custom action to run during the logon process, values must be specified for the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Connection Manager\ProfileName\WinLogon Actions registry key. The following table describes the fields for the registry key.

Logon Registry Key Fields

Field Description

Name

The name of the executable file that will run.

Type

REG_DWORD

Data

A value indicating the location of the executable. Supported values for the Data field are:

Value: 0x00000000(0)

Location of executable: %windir%\system32

Value: 0x00000001(1)

Location of executable: Profile directory

The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.

For more information about remote access APIs, see the Microsoft Platform SDK on MSDN.

Connection Manager Physical Structure

Each component of the Connection Manager suite requires physical structures to be stored on the computer on which the component is installed. The following figure illustrates components in the Connection Manager suite and where they exist in relation to each other.

Physical Placement of Connection Manager Suite Components in a Network Architecture

Placement of Connection Manager Suite Components

At a minimum, Connection Manager requires at least 2 MB to install. The amount of disk space actually required to install a service profile varies depending on how the service profile has been configured. Depending on the service-profile configuration, Connection Manager has the following requirements:

  • One of the following operating systems:

    • Microsoft Windows 98

    • Microsoft Windows 2000

    • Microsoft Windows Millennium Edition

    • Microsoft Windows XP

    • Microsoft Windows Server 2003

  • A supported version of Internet Explorer. Supported versions of Internet Explorer include Internet Explorer 4.01, Internet Explorer 5, Internet Explorer 5.5, or Internet Explorer 6. Users do not have to set Internet Explorer as their default browser or use the software.

  • For dial-up connections, a 28.8 Kbps modem or faster connection. Connection Manager can automatically configure the modem.

After installation, Connection Manager creates directories on the system drive and stores information needed to connect in these directories as follows:

  • \Documents and Settings\User\Application Data\Microsoft\Network\Connections\Cm This directory contains the .cmp file for each service profile. Connection Manager also creates a subdirectory for each service profile, using the eight-character name for the service profile. This subdirectory contains the rest of the service-profile files, including the .cms file, the .pbk file, all custom icons and graphics, and any custom action files.

  • \Documents and Settings\User\Local Settings\Temp This directory is the default location for the Connection Manager log files. Administrators can specify where the log files are stored through advanced customization.

  • \Software\Microsoft\Connection Manager Depending on the service profile and how it is installed, Connection Manager creates the necessary registry keys for the service profile in HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, or both.

CMAK requires Windows Server 2003 and 5 MB of free space in order to be installed. After installation, CMAK creates directories on the system drive and stores information needed to create and build service profiles as follows:

  • \Program Files\CMAK\Profiles\Support This directory contains all the template service-profile files, DLL files for pre-configured custom actions such as automatic proxy configuration, DLL files for installation on specific Windows operating systems, and information files. It also contains a subdirectory, \CMHelp, which contains the template Help files for administrators to customize.

  • \Program Files\CMAK\Profiles\ServiceProfileNameWhen a service profile is created, CMAK creates a subdirectory in the Profiles directory using the eight-character service profile name and stores the service-profile files in that subdirectory.

PBA requires Windows Server 2003 or Windows XP Professional and 1 MB of free space in order to be installed. After installation, PBA creates directories on the system drive and stores information needed to create and post phone books as follows:

  • \Program Files\PBA This directory contains the program file, as well as the template database files, the country.txt file, and the context-sensitive Help file for PBA.

  • \Program Files\PBA\PhoneBookNameWhen a phone book is created, PBA creates a subdirectory in its program directory using the eight-character phone book name and stores all the phone book files in that subdirectory.

  • \Program Files\PBA\PhoneBookName\PostNumberWhen a phone book is posted, PBA creates an enumerated folder in the phone book subdirectory and stores the cabinet file and the phone book database file in it.

PBS requires Windows Server 2003 and less than 1 MB to install. However, it also requires IIS to run, so the total installation requires at least 11 MB. After installation, PBS creates directories on the system drive and stores information needed to distribute phone book updates as follows:

  • \Program Files\Phone Book Service\Bin This directory contains the DLL files for PBS. A virtual directory, named PBServer, for the \Bin directory is created in IIS under the default Web site.

  • \Program Files\Phone Book Service\Data The Data directory contains subdirectories for each phone book published to the PBS server. These subdirectories contain the cabinet files and a database subdirectory. The Data directory and its subdirectories have virtual directories created for them in IIS. The virtual directory for the Data directory is called PBSData.

Performance Limitations for Connection Manager

Phone Book Administrator and Phone Book Server have some performance limitations and requirements.

Phone Book Administrator
  • A phone book name must contain no more than eight characters, cannot consist of all digits, and must not contain a space or any symbols. Symbols include but are not limited to: ! , ; * = / \ : ? < > | . & % { } [ ] @ ( ) ` ~

  • Phone books can be updated no more than 32,676 times.

  • Phone books can contain no more than 65,000 POPs.

  • When administrators import POPs to a phone book that has not yet been posted, the import file must contain no more than 32,000 POPs.

  • When administrators import POPs to a phone book that has already been posted, the import file must contain no more than 6,000 POPs (combined adds, edits, and deletes) for each subsequent post.

  • Phone Book Administrator is available only in English, French, German, Japanese, and Spanish. Administrators can create phone books in another language by running PBA on an operating system that has been optimized for that language.

  • The same phone book cannot be published to more than one phone book server. Publishing the same phone book to more than one phone book server causes version conflicts that will prevent users from obtaining the most recent version of the phone book. However, administrators can use the Distributed File System (DFS) console to automate replication of phone books to multiple servers from the server to which the phone book was published. Administrators can also replicate phone books manually by copying the folder to the other servers.

  • Deleting a phone book removes the indexed references. However, released .cab files remain in the file system of the computer on which PBA is running. To remove the .cab files, administrators must manually delete the phone book directory and all of its contents.

Phone Book Servers

When a user logs on using a service profile that automatically requests phone book updates, the Phone Book Service (PBS) server receives an HTTP query, initiating the phone-book update process. The maximum number of hits per second depends on the size of the update (.cab) file. Larger update files can slow performance by as much as 25 percent.

The following table details how many hits the listed processors are capable of handling on a dedicated server with 128 megabytes (MB) of RAM. These estimates are based on small update files of about 5 kilobytes (KB).

Performance Estimates for PBS Servers

Processor   Hits/sec   Hits/hour   Hits/day  

Intel Pentium III 600 MHz

275

990,000

23,760,000

Intel Pentium III 500 MHz (dual processors)

250

900,000

21,600,000

Intel Celeron 400 MHz

125

450,000

10,800,000

Intel Pentium II 300 MHz

125

450,000

10,800,000

Deleting a phone book removes the indexed references. However, released .cab files remain on the file system of the PBS server. To remove the .cab files, administrators must manually delete the phone book directory and all of its contents.

Connection Manager Processes and Interactions

Connection Manager service profiles are customizable, so the exact processes and interactions between a Connection Manager service profile and other components vary. The following is a brief description of what happens during the creation, distribution, and usage of a double-dial Connection Manager service profile that includes a phone book and automatically checks for phone book updates as its first post-connect custom action.

  1. An administrator creates a phone book using PBA.

    1. PBA creates a subdirectory for the phone book files.

    2. PBA creates the version file, the phone book files, and the cabinet files in the phone book subdirectory.

  2. The administrator posts the phone book to the PBS server.

    1. PBA creates a post subdirectory in the phone book file subdirectory.

    2. PBA creates a database file in the post subdirectory and copies the cabinet files from the phone book file directory into that subdirectory.

    3. An FTP control session is opened between the computer on which PBA is running and the PBS server on TCP port 21. PBA sends the user name and password of the posting account to the PBS server. The PBS server authenticates the account credentials and sends a response. PBA opens an FTP data session on TCP port 20 and uploads the contents of the post subdirectory.

    4. PBS creates a subdirectory for the phone book under its Data subdirectory. The cabinet file is copied into this subdirectory, and the phone book database is copied into the Database directory.

    5. Both FTP sessions are closed.

  3. The administrator creates a service profile using CMAK.

    1. CMAK creates a subdirectory for the service profile.

    2. CMAK creates the service-profile files and copies all custom files (including but not limited to graphics, online Help files, and programs for custom actions) and additional files into the service profile subdirectory.

    3. CMAK creates the self-installing executable and saves it to the service profile subdirectory.

  4. The administrator distributes the Connection Manager service profile by copying the service profile onto floppy disks and distributing the disks to users.

  5. The user installs the service profile on a home computer that is running Windows XP.

    1. Connection Manager creates a subdirectory for the service-profile files in the appropriate user context and unpacks the service-profile files.

    2. Connection Manager creates registry keys in the appropriate user context as the service profile configuration requires (for example, for custom actions).

    3. An icon for the service profile is created in the Network Connections folder.

  6. The user opens the Network Connections folder and opens the Connection Manager service profile.

    1. Any pre-init custom actions are run.

    2. The Connection Manager logon screen appears.

  7. The user provides the information that this connection requires, as the administrator determined when creating the service profile, and clicks Connect.

    1. Any pre-connect custom actions are run.

    2. Any pre-dial custom actions are run.

    3. Connection Manager dials the connection.

      — The ISP answers the call and negotiates a connection speed.

      — The ISP authenticates the user name and password and establishes the connection to the Internet.

    4. Any pre-tunnel custom actions are run.

    5. Connection Manager makes the VPN connection to the corporate network.

      — The remote access server on the corporate network answers the connection request.

      — The user name and password are authenticated, and any Group Policy settings are applied.

      — The connection to the corporate intranet is authorized.

    6. The Automatically download phone-book updates post-connect action is run.

      — Connection Manager sends an HTTP GET request on port 80 to the PBS server using the following format: https://PhoneBookServerName/pbserver/pbserver.dll?osarch=0&ostype=0&osver=1&cmver=1&lcid=1033&pbver=Version&pb=PhoneBookName

      — PBS checks the version number of the phone book that is enumerated in pbver= against the version number of the phone book that PBS has. If the version number in the request is the same or higher than the version that PBS has, PBS provides no phone book update. If the number is lower but less than five versions lower, PBS sends a delta phone book. If the number is more than five versions lower, PBS sends a full phone book. For example, assume that the version number of the phone book that PBS has is 10. If the version number in the request is also 10, PBS does nothing. If the version number in the request is 7, PBS sends a delta phone book. If the version number in the request is 3, PBS sends a full phone book.

      — If PBS has sent a phone book update, Connection Manager installs the phone book.

    7. Any other post-connect custom actions are run.

    8. Any monitored action custom actions are run.

  8. The user disconnects from the corporate network.

    1. Before the connection is closed, any disconnect custom actions are run.

    2. Connection Manager closes the connection.

Network Ports Used by Connection Manager

The following table describes the network ports that Connection Manager service profiles commonly use. Connection Manager service profiles can include custom actions that run scripts or tools that might use additional protocols, so the exact network ports that service profiles use will vary.

Port Assignments for Connection Manager

Service Name UDP TCP

HTTP

 

80

FTP

 

20/21

The following resources contain additional information that is relevant to this section.

  • VPN Technical Reference

  • Microsoft Platform SDK on MSDN

  • Resource Kit Tools in Tools and Settings Collection

  • Connection Manager Administration Kit

  • Routing and Remote Access

  • Microsoft Systems Architecture

  • Network Access Quarantine Control in Windows Server 2003