{
	"id": "e0a3992a-3a73-4dc1-a13b-1451f805c652",
	"created_at": "2026-04-06T01:32:35.833329Z",
	"updated_at": "2026-04-10T13:13:02.133799Z",
	"deleted_at": null,
	"sha1_hash": "41e459edeb43e8dc8b83f78ca664a389bf56ed96",
	"title": "How Connection Manager Works: Connection Manager",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 160048,
	"plain_text": "How Connection Manager Works: Connection Manager\r\nBy Archiveddocs\r\nArchived: 2026-04-06 01:08:30 UTC\r\nApplies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server\r\n2003 with SP2\r\nIn this section\r\nConnection Manager Terminology\r\nConnection Manager Architecture\r\nConnection Manager Protocols\r\nConnection Manager Interfaces\r\nConnection Manager Physical Structure\r\nConnection Manager Processes and Interactions\r\nNetwork Ports Used by Connection Manager\r\nRelated Information\r\nConnection Manager is a suite of components that provides administrators with the ability to create and distribute\r\ncustomized remote access connections and to create, distribute, and automatically update customized phone\r\nbooks. Connection Manager service profiles appear as network connections on client computers, and profiles can\r\nbe used to connect to remote networks through servers running Routing and Remote Access, Internet\r\nAuthentication Service (IAS), or remote access and virtual private networking technologies from companies other\r\nthan Microsoft.\r\nThis section provides an in-depth view of how Connection Manager works in an optimal environment. Connection\r\nManager can perform well in many environments; it is designed to be customized for individual network needs.\r\nHowever, for the purpose of this section, an optimal environment is defined as follows:\r\nTelephone and network infrastructure is in place, address space has been leased, domain names have been\r\nregistered, and an Internet presence has been established.\r\nThe Active Directory directory service and Group Policy are configured correctly on the network, and\r\nappropriate Group Policy settings and permissions are applied.\r\nDomain Name System (DNS) servers are configured correctly on the network.\r\nDynamic Host Configuration Protocol (DHCP) servers are configured correctly on the network.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 1 of 19\n\nRemote access servers are configured correctly and deployed properly on the network.\r\nRouters are configured correctly on the network.\r\nRemote Authentication Dial-in User Service (RADIUS) authentication is being used, and it is configured\r\ncorrectly on the network.\r\nFirewalls and filters are configured correctly on all parts of the network, including between the intranet, the\r\nperimeter network, and the Internet.\r\nInternet Information Services (IIS) is configured correctly.\r\nA local account (not a domain account) with minimal permissions has been created for posting phone\r\nbooks. This account is disabled except when phone books are being posted.\r\nFile Transfer Protocol (FTP) anonymous access is disabled. FTP is disabled for all accounts except the one\r\nthat is used to post phone books.\r\nThe FTP service is started immediately before a phone book is posted, and the service is stopped\r\nimmediately after the phone book has been posted.\r\nPermissions for the Phone Book Service (PBS) folder and for the PBSData folder in the FTP virtual root\r\nhave been set appropriately.\r\nAll remote access computers are running the Microsoft Windows XP Professional operating system.\r\nThe Internet service providers (ISPs) with which the organization has contracted service provide phone\r\nbooks or point of presence (POP) data in a database form that administrators can easily import into phone\r\nbooks.\r\nBefore you review Connection Manager components and processes, it is helpful to understand the terminology.\r\nThe following subsections provide a brief introduction and illustration of the Connection Manager suite and a\r\nglossary of terms.\r\nConnection Manager refers to both a component and a suite of components. The Connection Manager component\r\nis customizable remote access connection software. The Connection Manager suite supports the creation,\r\ndistribution, and maintenance of customized remote access connections and phone books. The Connection\r\nManager suite consists of the Connection Manager component, the Connection Manager Administration Kit\r\ncomponent, and Connection Point Services. Connection Point Services itself consists of Phone Book\r\nAdministrator and Phone Book Service. Unlike Connection Manager, there is no program named Connection\r\nPoint Services.\r\nConnection Manager is client connection software that administrators can customize and distribute to users.\r\nAdministrators can customize many aspects of a Connection Manager service profile, including interface\r\nelements, authentication protocols, and programs that run at specific points during the connection. A Connection\r\nManager service profile is compressed into a self-installing, self-extracting executable that can be easily\r\ndistributed. Most Connection Manager service profiles fit on 3.5-inch disks.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 2 of 19\n\nConnection Manager 1.3 is the most recent version; older versions do not have all of the functionality discussed in\r\nthe Windows Server 2003 Technical Reference. Connection Manager 1.3 is included with the Microsoft Windows\r\nServer 2003 and Windows XP operating systems. Service profiles that are created for these operating systems do\r\nnot need to include Connection Manager 1.3. Service profiles that are created for the Microsoft Windows 2000,\r\nWindows Millennium Edition, and Windows 98 operating systems should include Connection Manager 1.3 with\r\nthe service profile.\r\nTo create a Connection Manager service profile, administrators need the Connection Manager Administration Kit\r\n(CMAK), which includes:\r\na wizard for creating and customizing a Connection Manager service profile and building the service\r\nprofile as a compressed, self-installing executable\r\ncustomizable templates for online Help\r\ndefault graphics\r\npre-configured custom actions\r\ncustomizable templates for service-profile files\r\nAdministrators can perform additional customization using a plain-text editor (such as Notepad) to edit service-profile files and then using the CMAK wizard to re-build the service profile. Although using the CMAK wizard is\r\nsimple, creating a service profile that exactly meets the needs of a particular network or business environment\r\nrequires careful planning and development.\r\nCMAK 1.3 is the most recent version, and it is included with Windows Server 2003. Earlier versions of CMAK do\r\nnot have all of the functionality discussed in the Windows Server 2003 Technical Reference.\r\nPhone Book Service (PBS) is an Internet Information Services (IIS) extension. For service profiles that are\r\nconfigured to use and check for updated phone books, Connection Manager queries the PBS server after it\r\nconnects to the Internet. PBS compares the phone book version reported by Connection Manager with the most\r\nrecent version file. When appropriate, it passes the appropriate update file to the Connection Manager service\r\nprofile. Administrators who do not intend to include phone books in their service profiles do not need to install\r\nPBS.\r\nThe most recent version of PBS is included with Windows Server 2003. Earlier versions of PBS do not have all of\r\nthe functionality discussed in the Windows Server 2003 Technical Reference.\r\nPhone Book Administrator (PBA) is a tool to create, maintain, and post phone book files for use with Connection\r\nManager service profiles. Each phone book is a collection of POPs. Each POP provides a local access number and\r\nconnection settings for a specific region within a country or dependency. PBA compresses phone books into .cab\r\nfiles, which administrators can post to the PBS server using FTP.\r\nThe most recent version of PBA is included with Windows Server 2003 and Windows XP Professional. Earlier\r\nversions of PBA do not have all of the functionality discussed in the Windows Server 2003 Technical Reference.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 3 of 19\n\nAlthough administrators can use the Windows Server 2003 version of PBS with earlier versions of PBA, the\r\nWindows Server 2003 version of PBA is not compatible with earlier versions of PBS.\r\nThe following terms describe the components and elements of Connection Manager:\r\nThe file name extension for a cabinet file. A cabinet file is a compressed data file that contains phone book\r\ninformation or installation information for Connection Manager. Phone books have two types of .cab files,\r\nFull.cab and Delta.cab. Full.cab files contain full phone books. Delta.cab files contain only changes to the phone\r\nbook. PBA creates a Delta.cab file the first five times that an administrator changes information in a phone book.\r\nIf the administrator makes a sixth set of changes, PBA creates a Full.cab file.\r\nThe file name extension for a connection profile file. Every service profile has at least one .cmp file, named\r\nServiceProfileName.cmp. The .cmp files contain user-related information. By editing this file, administrators can\r\nprovide a first-time-only population of user information. Because users can overwrite this information, any\r\nsettings that administrators specify are available the first time the service profile is used.\r\nThe file name extension for a service provider file. Every service profile has at least one .cms file, named\r\nServiceProfileName.cms. The service provider file specifies the configuration of the phone book and most of the\r\nother functions of a service profile. Most advanced customization for a service profile is done by editing the .cms\r\nfile for a particular service profile, by using either the Advanced Customization page of the CMAK wizard or a\r\nplain-text editor.\r\nThe file name extension for an information file. Every service profile has one .inf file. The .inf file specifies\r\ninstallation information for service profiles. Administrators can configure some setup and uninstallation\r\ninformation in an .inf file, but they should thoroughly test the installation after making any changes. Information\r\nfiles cannot be edited from the Advanced Customization page of the CMAK wizard; they must be edited with a\r\nplain-text editor.\r\nThe file name extension for a phone book file. A phone book file is a text file that contains lists of POP\r\ninformation. Phone book files are compressed before they are transferred to the server.\r\nThe file name extension for a region file. A region file is a text file that helps categorize POPs. A POP can\r\nreference one of many geographical regions listed in the region file.\r\nThe file name extension for a connection extraction file. Every service profile has one .sed file. The .sed file\r\ncontains the instructions for building a self-extracting executable (.exe) file for service profiles. Administrators\r\nshould never edit any .sed file.\r\nThe file name extension for a version file. Every time that a phone book is updated, the version file is\r\nincremented.\r\nThe process of manually editing service-profile files to achieve specific results. Administrators can use the CMAK\r\nwizard to customize most features of Connection Manager service profiles. However, some features require\r\nadministrators to edit the service profile files, changing how Connection Manager handles certain functions.\r\nAdministrators can edit these files either by using the Advanced Customization page of the CMAK wizard or by\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 4 of 19\n\nbuilding the service profile, editing the service-profile files using a plain-text editor, and then rebuilding the\r\nservice profile. This process is called advanced customization.\r\nA service profile that is merged into another service profile. Administrators can merge much of the information in\r\nexisting service profiles into a new service profile by using the CMAK wizard.\r\nAn additional program that starts seamlessly at a specified point during the remote access connection. A custom\r\naction can be a dynamic-link library (DLL) file; an executable file such as a .bat, .exe, or .cmd file; or a shell-executable file, such as a .txt or .doc file. Custom actions can run at any of nine points during the connection.\r\nA remote access connection that uses a modem to connect to a network.\r\nA remote access connection that uses a technology such as a digital subscriber line (DSL) or a cable modem to\r\nconnect to a network.\r\nA custom action that runs immediately before the connection ends. Disconnect actions run even if Connection\r\nManager did not initialize the disconnection. For example, if a disruption in telephone service terminates a\r\nconnection, Connection Manager will attempt to run the disconnect actions specified in the service profile after\r\nthe unexpected termination.\r\nA remote access connection that first uses a modem to connect to an ISP and then makes a VPN connection to a\r\nspecific network.\r\nThe generic term for an entry in a Connection Manager service-profile file. All valid entries in service-profile files\r\nhave key names. Each key must have an appropriate value to be valid.\r\nA custom action that runs after a connection is established and, for a VPN connection, after the tunnel is\r\nestablished. Each monitored action runs every time the user connects to the service, whether through a dial-up\r\nconnection, a direct connection, or a double-dial connection. All monitored actions must be .exe files because\r\nmonitored actions run asynchronously. Connection Manager monitors the status of all monitored actions and starts\r\nthe disconnect sequence when the last monitored action closes.\r\nA custom action that runs as soon as users click Cancel during a connection attempt. On-cancel actions do not run\r\nwhen users click the Cancel button to close Connection Manager.\r\nA custom action that runs whenever an error occurs during a connection.\r\nA collection of one or more POP entries, with each POP supplying a telephone number that provides dial-up\r\naccess to an intranet or an ISP. Phone books give users complete POP information, so when they travel they can\r\nconnect to different Internet access points rather than being restricted to a single POP.\r\nA custom action that runs after a connection is established and, for a VPN connection, after the tunnel is\r\nestablished. Each post-connect action runs every time the user connects, whether through a dial-up connection or a\r\ndirect connection.\r\nA custom action that runs as soon as users click Connect. These actions run before Connection Manager\r\nestablishes a connection to the service.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 5 of 19\n\nA custom action that runs after users click Connect but before the computer starts to dial the connection to the\r\nservice. Pre-connect actions run before pre-dial actions.\r\nA custom action that runs as soon as users start Connection Manager. These actions run before the Connection\r\nManager logon screen appears.\r\nA custom action that runs after a connection with the ISP is established but before a tunnel to the VPN server is\r\nestablished. This type of action is available only if the service profile is configured for VPN connections, and it\r\nwill run only when users are using the VPN connection option.\r\nA header within service-profile files. Section names are always contained within brackets. Some section names are\r\npreset; others can be added by administrators.\r\nA customized Connection Manager remote access connection used to connect to an ISP, a corporate network, or\r\nother network. Service profiles are occasionally referred to as Connection Manager profiles.\r\nThe collective term for all files needed to build a Connection Manager profile, including but not limited to the .inf,\r\n.sed, .cms, and .cmp files.\r\nA profile that contains information from other service profiles. Administrators can merge much of the information\r\nin existing service profiles into a new service profile by using the CMAK wizard.\r\nThe data required to configure a key in service-profile files.\r\nThe following figure illustrates how the components of the Connection Manager suite work together. This figure\r\nillustrates a Connection Manager service profile that is configured to use phone books. VPN-only service profiles,\r\nwhich do not use phone books, require neither PBA nor PBS.\r\nOverall Architecture for Connection Manager\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 6 of 19\n\nThe following table describes the components of the Connection Manager architecture.\r\nConnection Manager Architecture Components\r\nComponent Description\r\nPhone Book\r\nAdministrator (PBA)\r\nUsed to create and maintain phone books that Connection Manager uses.\r\nConnection Manager\r\nAdministration Kit\r\n(CMAK)\r\nUsed to create Connection Manager service profiles.\r\nPhone Book Service\r\n(PBS)\r\nUsed to distribute phone books to Connection Manager.\r\nConnection Manager\r\nUsed to connect to a remote network. In the architecture in the previous figure,\r\nthe service profile first connects to an ISP using a POP from its phone book.\r\nThen the service profile makes a VPN connection to the remote network.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 7 of 19\n\nComponent Description\r\nRemote access server\r\nUsed to provide remote access. For example, a remote access server might be a\r\ncomputer that is running Windows Server 2003 and Routing and Remote\r\nAccess.\r\nAdministrators can customize Connection Manager service profiles to use specific protocols. For example,\r\nadministrators can specify the use of data-link protocols such as Point-to-Point Tunneling Protocol (PPTP) and\r\ntransport protocols such as NetBEUI. Additionally, programs that administrators include for custom actions could\r\nuse a variety of protocols. The following table shows the protocols that the Connection Manager suite uses by\r\ndefault.\r\nConnection Manager Protocols\r\nComponent Description\r\nPoint-to-Point\r\nProtocol (PPP)\r\nA data-link layer protocol for transmitting data across point-to-point links. PPP\r\nallows remote access technologies (including Connection Manager) and devices to\r\ninteroperate.\r\nTCP/IP\r\nA protocol suite that provides communication across interconnected networks such\r\nas the Internet.\r\nHypertext Transfer\r\nProtocol (HTTP)\r\nAn application-layer protocol that specifies the client/server interaction between\r\nWeb browsers and Web servers. Connection Manager service profiles use HTTP to\r\ncommunicate with PBS servers.\r\nFile Transfer\r\nProtocol (FTP)\r\nAn application-layer protocol that is used to transfer files between hosts on a TCP/IP\r\nnetwork. FTP is used to post phone books to PBS servers.\r\nBy default, Connection Manager service profiles use some remote access application programming interfaces\r\n(APIs) and Telephony Application Programming Interface (TAPI). Administrators can customize service profiles\r\nto use any of the remote access APIs documented on Microsoft Developer Network (MSDN). In addition to using\r\nremote access APIs, Connection Manager has its own set of macros, DLL parameters, and registry key values for\r\nuse with custom actions.\r\nAdministrators can use some command-line macros in custom actions to pass arguments. When these macros are\r\nused, Connection Manager replaces them with the actual run-time information for the parameter. The following\r\ntable describes the command-line macros that custom actions support.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 8 of 19\n\nConnection Manager command-line macros\r\nMacro Description\r\n%ServiceName% The service name of the profile.\r\n%UserPrefix% The user-name prefix used for this connection.\r\n%UserSuffix% The user-name suffix used for this connection.\r\n%UserName% The user name without any realm user-name prefix or suffix.\r\n%Profile% The location and file name of the active connection profile (.cmp) file.\r\n%ServiceDir% The path to the profile directory.\r\n%Domain% The Active Directory domain for the connection.\r\n%InetUserName% The user name for the Internet connection.\r\n%ConnectionType%\r\nA value that identifies the connection type: 0, 1, or 2.\r\n0 = dial-up\r\n1 = direct\r\n2 = double-dial\r\n%DialRasPhoneBook% The full path to the phone book file.\r\n%TunnelRasPhoneBook% The full path to the phone book file used for the VPN portion of this connection.\r\n%DialRasEntry% The service name or remote access entry name for the dial-up connection.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 9 of 19\n\nMacro Description\r\n%TunnelRasEntry% The service name or remote access entry name for the tunnel connection.\r\n%AutoRedial%\r\nA Boolean value that is 1 if this dial attempt is an automatic redial or 0 if not an\r\nautomatic redial.\r\n%PopName% The description for the phone number in the phone book.\r\n%ErrorCode% The Win32 error code.\r\n%LastErrorSource% The origin of the last error.\r\n%CurrentFavorite% The connection settings that the user saved in the Settings Saved As box.\r\n%TunnelServerAddress% The IP or DNS address of the VPN server, if any.\r\n%ClientIPAddress%\r\nThe IP address of the computer on which the Connection Manager profile is\r\ninstalled.\r\n%ServerIPAddress% The IP address of the remote access server, if any.\r\n%Interactive% A Boolean value that is used in a custom action to determine whether to display\r\na user interface. Administrators can incorporate this macro in a custom action to\r\ndisplay an interactive user interface (such as an error message). Administrators\r\nshould use this macro only with programs that can either complete (if\r\nConnection Manager is running in an interactive state) or that are able to take\r\nother action, such as failing gracefully without an error message (if Connection\r\nManager is running in a non-interactive state). This macro was designed to be\r\nused in conjunction with the Program interacts with the user check box. For\r\nexample, if the Program interacts with the user check box is cleared, the\r\n%interactive% macro should be added to the custom action parameters so that\r\nthe custom action can behave according to the state in which Connection\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 10 of 19\n\nMacro Description\r\nManager is running. Using this macro might require modification to the custom\r\naction itself.\r\nWhen parameters are specified, Connection Manager reads the parameter string and passes it to the\r\npszCommandLine parameter of the DLL or sends the string as part of the command line to an executable\r\n(available through the Windows API GetCommandLine).\r\nIf the custom action is a DLL, the first token of the parameter string is the function entry point to call. This token\r\nis removed from the parameters before the string is passed to the DLL (so the pszCommandLine string does not\r\nstart with the DLL entry point name as the first parameter). When creating the DLL, administrators must ensure\r\nthat the exported name of the DLL matches the name specified as the first parameter, because name decoration\r\ncan result in different names. (For example, in C++, name decoration can cause the exported name to be different\r\nfrom the actual function name.)\r\nConnection Manager cannot denote a null pointer in a string, so it passes the string NULL (which it passes for all\r\nundefined parameters). Use quotes only when a parameter contains spaces. When using an executable other than a\r\nDLL, the function name is not required.\r\nThe following table describes the DLL parameters that Connection Manager supports. DLLs only run\r\nsynchronously; Connection Manager starts the action and then waits for the function to return before continuing.\r\nThe first argument is the function name within the DLL to call. Administrators specify the argument in the\r\nParameters box in the Add/Edit Custom Actions page of the CMAK wizard.\r\nConnection Manager DLL Parameters\r\nParameter Description\r\nhWndParent\r\nHandle to the Connection Manager logon dialog box or NULL; used as the parent\r\nwindow for any user interface that the custom action displays.\r\nhinstDll Handle to the instance of this DLL.\r\npszCommandLine String pointer to the command-line arguments.\r\ndwReserved Reserved for future use.\r\nThe syntax for each of these custom actions is:\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 11 of 19\n\nHRESULT WINAPI function\r\n [IN] HWND hWndParent\r\n [IN] HINSTANCE hinstDll\r\n [IN] LPCSTR pszCommandLine\r\n [IN] DWORD dwReserved\r\nCustom action DLLs often have a comment that appears while they run. These comments have the form Running\r\nCustom Action Description, and they are specified in the Description box on the Add/EditCustom Actions page\r\nof the CMAK wizard. The Connection Manager interface is frozen and does not accept input while this type of\r\naction runs.\r\nCustom action DLLs require a return value. If the return value is less than 0, the DLL call fails. (SUCCEEDED\r\nmacro returns False.) In this case, an error message (including the return value) appears in the form “Custom\r\nAction Description failed ReturnValue.” If a pre-init, pre-dial, pre-connect, pre-tunnel, or post-connect DLL\r\naction fails, the connection attempt is ended.\r\nThe DLL is unloaded after the function call. For DLLs that require extended times for the program to run,\r\nadministrators should implement WM_PAINT messages in the DLL to ensure that user actions do not disrupt\r\ngraphics.\r\nAdministrators should provide the exact name of exported functions when they build custom action DLLs. When\r\nusing a language that changes the exported name (such as C++), administrators should use a .def file to preserve\r\nthe exported function names.\r\nFor the most part, administrators do not need to set registry keys for use with Connection Manager. The exception\r\nis if the administrator wants custom actions to run on user computers before users have logged on. For security\r\nreasons, custom actions are disabled by default during logon; they will not run if users select the Log on using\r\ndial-up networking check box at the logon screen. For a custom action to run during the logon process, values\r\nmust be specified for the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Connection\r\nManager\\ProfileName\\WinLogon Actions registry key. The following table describes the fields for the registry\r\nkey.\r\nLogon Registry Key Fields\r\nField Description\r\nName The name of the executable file that will run.\r\nType REG_DWORD\r\nData A value indicating the location of the executable. Supported values for the Data field are:\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 12 of 19\n\nField Description\r\nValue: 0x00000000(0)\r\nLocation of executable: %windir%\\system32\r\nValue: 0x00000001(1)\r\nLocation of executable: Profile directory\r\nThe information here is provided as a reference for use in troubleshooting or verifying that the required settings\r\nare applied. It is recommended that you do not directly edit the registry unless there is no other alternative.\r\nModifications to the registry are not validated by the registry editor or by Windows before they are applied, and as\r\na result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use\r\nGroup Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather\r\nthan editing the registry directly. If you must edit the registry, use extreme caution.\r\nFor more information about remote access APIs, see the Microsoft Platform SDK on MSDN.\r\nEach component of the Connection Manager suite requires physical structures to be stored on the computer on\r\nwhich the component is installed. The following figure illustrates components in the Connection Manager suite\r\nand where they exist in relation to each other.\r\nPhysical Placement of Connection Manager Suite Components in a Network Architecture\r\nAt a minimum, Connection Manager requires at least 2 MB to install. The amount of disk space actually required\r\nto install a service profile varies depending on how the service profile has been configured. Depending on the\r\nservice-profile configuration, Connection Manager has the following requirements:\r\nOne of the following operating systems:\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 13 of 19\n\nMicrosoft Windows 98\r\nMicrosoft Windows 2000\r\nMicrosoft Windows Millennium Edition\r\nMicrosoft Windows XP\r\nMicrosoft Windows Server 2003\r\nA supported version of Internet Explorer. Supported versions of Internet Explorer include Internet Explorer\r\n4.01, Internet Explorer 5, Internet Explorer 5.5, or Internet Explorer 6. Users do not have to set Internet\r\nExplorer as their default browser or use the software.\r\nFor dial-up connections, a 28.8 Kbps modem or faster connection. Connection Manager can automatically\r\nconfigure the modem.\r\nAfter installation, Connection Manager creates directories on the system drive and stores information needed to\r\nconnect in these directories as follows:\r\n\\Documents and Settings\\User\\Application Data\\Microsoft\\Network\\Connections\\Cm This directory\r\ncontains the .cmp file for each service profile. Connection Manager also creates a subdirectory for each\r\nservice profile, using the eight-character name for the service profile. This subdirectory contains the rest of\r\nthe service-profile files, including the .cms file, the .pbk file, all custom icons and graphics, and any\r\ncustom action files.\r\n\\Documents and Settings\\User\\Local Settings\\Temp This directory is the default location for the\r\nConnection Manager log files. Administrators can specify where the log files are stored through advanced\r\ncustomization.\r\n\\Software\\Microsoft\\Connection Manager Depending on the service profile and how it is installed,\r\nConnection Manager creates the necessary registry keys for the service profile in\r\nHKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, or both.\r\nCMAK requires Windows Server 2003 and 5 MB of free space in order to be installed. After installation, CMAK\r\ncreates directories on the system drive and stores information needed to create and build service profiles as\r\nfollows:\r\n\\Program Files\\CMAK\\Profiles\\Support This directory contains all the template service-profile files,\r\nDLL files for pre-configured custom actions such as automatic proxy configuration, DLL files for\r\ninstallation on specific Windows operating systems, and information files. It also contains a subdirectory,\r\n\\CMHelp, which contains the template Help files for administrators to customize.\r\n\\Program Files\\CMAK\\Profiles\\ServiceProfileNameWhen a service profile is created, CMAK creates a\r\nsubdirectory in the Profiles directory using the eight-character service profile name and stores the service-profile files in that subdirectory.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 14 of 19\n\nPBA requires Windows Server 2003 or Windows XP Professional and 1 MB of free space in order to be installed.\r\nAfter installation, PBA creates directories on the system drive and stores information needed to create and post\r\nphone books as follows:\r\n\\Program Files\\PBA This directory contains the program file, as well as the template database files, the\r\ncountry.txt file, and the context-sensitive Help file for PBA.\r\n\\Program Files\\PBA\\PhoneBookNameWhen a phone book is created, PBA creates a subdirectory in its\r\nprogram directory using the eight-character phone book name and stores all the phone book files in that\r\nsubdirectory.\r\n\\Program Files\\PBA\\PhoneBookName\\PostNumberWhen a phone book is posted, PBA creates an\r\nenumerated folder in the phone book subdirectory and stores the cabinet file and the phone book database\r\nfile in it.\r\nPBS requires Windows Server 2003 and less than 1 MB to install. However, it also requires IIS to run, so the total\r\ninstallation requires at least 11 MB. After installation, PBS creates directories on the system drive and stores\r\ninformation needed to distribute phone book updates as follows:\r\n\\Program Files\\Phone Book Service\\Bin This directory contains the DLL files for PBS. A virtual\r\ndirectory, named PBServer, for the \\Bin directory is created in IIS under the default Web site.\r\n\\Program Files\\Phone Book Service\\Data The Data directory contains subdirectories for each phone\r\nbook published to the PBS server. These subdirectories contain the cabinet files and a database\r\nsubdirectory. The Data directory and its subdirectories have virtual directories created for them in IIS. The\r\nvirtual directory for the Data directory is called PBSData.\r\nPhone Book Administrator and Phone Book Server have some performance limitations and requirements.\r\nA phone book name must contain no more than eight characters, cannot consist of all digits, and must not\r\ncontain a space or any symbols. Symbols include but are not limited to: ! , ; * = / \\ : ? \u003c \u003e | . \u0026 % { } [ ] @\r\n( ) ` ~\r\nPhone books can be updated no more than 32,676 times.\r\nPhone books can contain no more than 65,000 POPs.\r\nWhen administrators import POPs to a phone book that has not yet been posted, the import file must\r\ncontain no more than 32,000 POPs.\r\nWhen administrators import POPs to a phone book that has already been posted, the import file must\r\ncontain no more than 6,000 POPs (combined adds, edits, and deletes) for each subsequent post.\r\nPhone Book Administrator is available only in English, French, German, Japanese, and Spanish.\r\nAdministrators can create phone books in another language by running PBA on an operating system that\r\nhas been optimized for that language.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 15 of 19\n\nThe same phone book cannot be published to more than one phone book server. Publishing the same phone\r\nbook to more than one phone book server causes version conflicts that will prevent users from obtaining\r\nthe most recent version of the phone book. However, administrators can use the Distributed File System\r\n(DFS) console to automate replication of phone books to multiple servers from the server to which the\r\nphone book was published. Administrators can also replicate phone books manually by copying the folder\r\nto the other servers.\r\nDeleting a phone book removes the indexed references. However, released .cab files remain in the file\r\nsystem of the computer on which PBA is running. To remove the .cab files, administrators must manually\r\ndelete the phone book directory and all of its contents.\r\nWhen a user logs on using a service profile that automatically requests phone book updates, the Phone Book\r\nService (PBS) server receives an HTTP query, initiating the phone-book update process. The maximum number of\r\nhits per second depends on the size of the update (.cab) file. Larger update files can slow performance by as much\r\nas 25 percent.\r\nThe following table details how many hits the listed processors are capable of handling on a dedicated server with\r\n128 megabytes (MB) of RAM. These estimates are based on small update files of about 5 kilobytes (KB).\r\nPerformance Estimates for PBS Servers\r\nProcessor   Hits/sec   Hits/hour   Hits/day  \r\nIntel Pentium III 600 MHz 275 990,000 23,760,000\r\nIntel Pentium III 500 MHz (dual processors) 250 900,000 21,600,000\r\nIntel Celeron 400 MHz 125 450,000 10,800,000\r\nIntel Pentium II 300 MHz 125 450,000 10,800,000\r\nDeleting a phone book removes the indexed references. However, released .cab files remain on the file system of\r\nthe PBS server. To remove the .cab files, administrators must manually delete the phone book directory and all of\r\nits contents.\r\nConnection Manager service profiles are customizable, so the exact processes and interactions between a\r\nConnection Manager service profile and other components vary. The following is a brief description of what\r\nhappens during the creation, distribution, and usage of a double-dial Connection Manager service profile that\r\nincludes a phone book and automatically checks for phone book updates as its first post-connect custom action.\r\n1. An administrator creates a phone book using PBA.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 16 of 19\n\n1. PBA creates a subdirectory for the phone book files.\r\n2. PBA creates the version file, the phone book files, and the cabinet files in the phone book\r\nsubdirectory.\r\n2. The administrator posts the phone book to the PBS server.\r\n1. PBA creates a post subdirectory in the phone book file subdirectory.\r\n2. PBA creates a database file in the post subdirectory and copies the cabinet files from the phone\r\nbook file directory into that subdirectory.\r\n3. An FTP control session is opened between the computer on which PBA is running and the PBS\r\nserver on TCP port 21. PBA sends the user name and password of the posting account to the PBS\r\nserver. The PBS server authenticates the account credentials and sends a response. PBA opens an\r\nFTP data session on TCP port 20 and uploads the contents of the post subdirectory.\r\n4. PBS creates a subdirectory for the phone book under its Data subdirectory. The cabinet file is copied\r\ninto this subdirectory, and the phone book database is copied into the Database directory.\r\n5. Both FTP sessions are closed.\r\n3. The administrator creates a service profile using CMAK.\r\n1. CMAK creates a subdirectory for the service profile.\r\n2. CMAK creates the service-profile files and copies all custom files (including but not limited to\r\ngraphics, online Help files, and programs for custom actions) and additional files into the service\r\nprofile subdirectory.\r\n3. CMAK creates the self-installing executable and saves it to the service profile subdirectory.\r\n4. The administrator distributes the Connection Manager service profile by copying the service profile onto\r\nfloppy disks and distributing the disks to users.\r\n5. The user installs the service profile on a home computer that is running Windows XP.\r\n1. Connection Manager creates a subdirectory for the service-profile files in the appropriate user\r\ncontext and unpacks the service-profile files.\r\n2. Connection Manager creates registry keys in the appropriate user context as the service profile\r\nconfiguration requires (for example, for custom actions).\r\n3. An icon for the service profile is created in the Network Connections folder.\r\n6. The user opens the Network Connections folder and opens the Connection Manager service profile.\r\n1. Any pre-init custom actions are run.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 17 of 19\n\n2. The Connection Manager logon screen appears.\r\n7. The user provides the information that this connection requires, as the administrator determined when\r\ncreating the service profile, and clicks Connect.\r\n1. Any pre-connect custom actions are run.\r\n2. Any pre-dial custom actions are run.\r\n3. Connection Manager dials the connection.\r\n— The ISP answers the call and negotiates a connection speed.\r\n— The ISP authenticates the user name and password and establishes the connection to the Internet.\r\n4. Any pre-tunnel custom actions are run.\r\n5. Connection Manager makes the VPN connection to the corporate network.\r\n— The remote access server on the corporate network answers the connection request.\r\n— The user name and password are authenticated, and any Group Policy settings are applied.\r\n— The connection to the corporate intranet is authorized.\r\n6. The Automatically download phone-book updates post-connect action is run.\r\n— Connection Manager sends an HTTP GET request on port 80 to the PBS server using the\r\nfollowing format: https://PhoneBookServerName/pbserver/pbserver.dll?\r\nosarch=0\u0026ostype=0\u0026osver=1\u0026cmver=1\u0026lcid=1033\u0026pbver=Version\u0026pb=PhoneBookName\r\n— PBS checks the version number of the phone book that is enumerated in pbver= against the\r\nversion number of the phone book that PBS has. If the version number in the request is the same or\r\nhigher than the version that PBS has, PBS provides no phone book update. If the number is lower\r\nbut less than five versions lower, PBS sends a delta phone book. If the number is more than five\r\nversions lower, PBS sends a full phone book. For example, assume that the version number of the\r\nphone book that PBS has is 10. If the version number in the request is also 10, PBS does nothing. If\r\nthe version number in the request is 7, PBS sends a delta phone book. If the version number in the\r\nrequest is 3, PBS sends a full phone book.\r\n— If PBS has sent a phone book update, Connection Manager installs the phone book.\r\n7. Any other post-connect custom actions are run.\r\n8. Any monitored action custom actions are run.\r\n8. The user disconnects from the corporate network.\r\n1. Before the connection is closed, any disconnect custom actions are run.\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 18 of 19\n\n2. Connection Manager closes the connection.\r\nThe following table describes the network ports that Connection Manager service profiles commonly use.\r\nConnection Manager service profiles can include custom actions that run scripts or tools that might use additional\r\nprotocols, so the exact network ports that service profiles use will vary.\r\nPort Assignments for Connection Manager\r\nService Name UDP TCP\r\nHTTP 80\r\nFTP 20/21\r\nThe following resources contain additional information that is relevant to this section.\r\nVPN Technical Reference\r\nMicrosoft Platform SDK on MSDN\r\nResource Kit Tools in Tools and Settings Collection\r\nConnection Manager Administration Kit\r\nRouting and Remote Access\r\nMicrosoft Systems Architecture\r\nNetwork Access Quarantine Control in Windows Server 2003\r\nSource: https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nhttps://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)\r\nPage 19 of 19",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)"
	],
	"report_names": [
		"cc786431(v=ws.10)"
	],
	"threat_actors": [],
	"ts_created_at": 1775439155,
	"ts_updated_at": 1775826782,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/41e459edeb43e8dc8b83f78ca664a389bf56ed96.pdf",
		"text": "https://archive.orkl.eu/41e459edeb43e8dc8b83f78ca664a389bf56ed96.txt",
		"img": "https://archive.orkl.eu/41e459edeb43e8dc8b83f78ca664a389bf56ed96.jpg"
	}
}