Collaborate without boundaries
Table of Contents
Options
Page Details
  • First published by
  • When: 2011-Apr-08 12:57 PM
  • Last revision by
  • When: 2012-Feb-03 7:13 PM
  • Revisions: 32
  • Comments: 6
Connect with us
Office 365   Wikis   IM & Online Meetings with Lync Online   Ensuring Your Network Works With Lync Online

Ensuring Your Network Works With Lync Online

  • Advanced

Ensuring Your Network Works With Lync Online

Rate this

To set up your network for Lync Online, follow these steps:

  1. Purchase Office 365 and enable licenses for your users. 
  2. Make sure everyone in your organization has installed the most current desktop version of Lync. For details, see Update Resource Center for Lync.
  3. Open ports and add rules and exceptions on your organization's external firewall. For details, see the following sections of this topic.
  4. Depending on your internet proxy or firewall configuration, you may also need to add DNS entries to your internal DNS server. For details, see “Setting Up DNS Records For Your Domain Name,” later in this topic.

 Open Ports in Your External Firewall and On Your Reverse Proxy

To set up your organization’s network for Lync Oline, open the following ports on your external firewall:

Port

Protocol

Direction

Usage

443

STUN/TCP

Outbound

Audio, video, and application sharing sessions

443

PSOM/TLS

Outbound

Data sharing sessions

3478

STUN/UDP

Outbound

Audio and video sessions

5223

TCP       

Ourbound

Lync mobile push notifications

50000-59999

RTP/UDP

Outbound

Audio and video sessions

 

Configure Rules and Exceptions

Next, define the following firewall rules for all users on your network:

  • Enable outgoing connections to *.microsoftonline.com

  • Enable outgoing connections to *.outlook.com

  • Enable outgoing connections to *.lync.com

  • The HTTP/SSL time out should be set to eight hours.

Additionally, you should make sure the firewall allows Microsoft Online Services Sign-In Assistant traffic. To do this, take the following steps if you are using Microsoft Forefront Threat Manager Gateway. Similar steps can be taken for other gateways.

  1.  In Forefront Threat Manager Gateway, in the left pane, click Networking.
  2. Click the Network tab. Under the Tasks tab in the right pane, click Configure Forefront TMG Client Settings.
  3. In the Forefront TMG Client Settings dialog box, click New.
  4. In the Application Entry Setting dialog box, configure the following rules:

Application

Key

Value

msoidsvc

Disable

0

msoidsvc

DisableEx

0

 

Setting Up DNS Records For Your Domain Name

If you are using your own domain name with Office 365, contact your domain name registrar for details about how to make the following changes to your DNS records.

 

  • Add the following CNAME and SRV entries to your DNS server:

Type

Host name

Destination

TTL

CNAME

sip.yourDomainName.com

sipdir.online.lync.com

1 hour

CNAME

lyncdiscover.yourDomainName.com

webdir.online.lync.com

1 hour

 

Type

Service

Protocol

Port

Weight

Priority

TTL

Name

Target

SRV

_sip

_tls

443

1

100

1 hour

yourDomainName.com

sipdir.online.lync.com

 

If your organization supports external communication (that is, connections with other organizations that have external communication enabled), add the following DNS Service (SRV) record as well:

 

Type

Service

Protocol

Port

Weight

Priority

TTL

Name

Target

SRV

_sipfederationtls

_tcp

5061

1

100

1 hour

yourDomainName.com

sipfed.online.lync.com

If your organization’s Internet proxies or firewalls are configured to block external SRV queries, add the following CNAME and and SRV entries to your internal DNS server:

 

Type

Host name

Destination

TTL

CNAME

sip.yourDomainName.com

sipdir.online.lync.com

1 hour

CNAME

lyncdiscoverinternal.yourDomainName.com

webdir.online.lync.com

1 hour

 

Type

Service

Protocol

Port

Weight

Priority

TTL

Name

Target

SRV

_sip

_tls

443

1

100

1 hour

yourDomainName.com

sipdir.online.lync.com
Sort by: Published Date | Most Recent | Most Useful
Comments

  • Microsoft Lync 2010 is not automatically added as a program to be allowed by the Windows Firewall. Add Microsoft Lync 2010 to the list of programs allowed to pass through the firewall manually to make it work.

  • I would add to the list that check that you have the latest version of Lync.

  • This is looking good, thanks Patrick! :-)

  • @heikki.tauriainen, thanks for the suggestion, several others have mentioned that as well. See step 2 at the beginning of the article. Cheers!

  • What about this SRV Record for internal SIP traffic\communications?  

    Service: _sip

    Protocol: TLS

    Priority: 100

    Weight: 1

    Port: 443

    Target: sipdir.online.lync.com

    This record is referenced in both kb 2566790 (support.microsoft.com/default.aspx) as well as the Microsoft Office 365 for Enterprises Deployment Guide (community.office365.com/.../default.aspx) Section 3.6.2 External DNS Records.

  • @Bill H: Hi Bill, the very last table in this topic lists the SRV record for internal DNS servers. Is that what you were looking for?

Page 1 of 1 (6 items)