You can't connect to Lync Online, or certain features don't work, because an on-premises firewall blocks the connection

Article ID: 2409256 - View products that this article applies to.

Not sure what release of Office 365 you're using? Go to the following Microsoft website:
Am I using Office 365 after the service upgrade?
(http://office.microsoft.com/redir/HA103982331.aspx)
Expand all | Collapse all

PROBLEM

You experience one or more of the following symptoms in Microsoft Lync Online: 
  • You can't connect to Lync Online.
  • The following features don't work in Lync Online:
    • Presence updates, and this includes contact pictures
    • Microsoft Outlook integration
    • File transfers
    • Audio and video
Back to the top | Give Feedback

SOLUTION

To resolve this issue, configure an exception for Microsoft Office 365 URLs and applications from the proxy or firewall. 

To resolve this issue for Microsoft Internet Security and Acceleration (ISA) Server 2006, create an allow rule. The allow rule should meet the following criteria. These criteria are highly recommended:
  • Allow outgoing connections to the following destination: *.microsoftonline.com
  • Allow outgoing connections to the following destination: *.microsoftonline-p.com
  • Allow outgoing connections to the following destination: *.sharepoint.com
  • Allow outgoing connections to the following destination: *.outlook.com
  • Allow outgoing connections to the following destination: *.lync.com
  • Allow outgoing connections to the following destination: osub.microsoft.com
  • Protocols TCP and HTTPS
  • Rule must apply to all users
  • HTTPS/SSL time-out set to 8 hours
Take the following actions:
  • Exclude the IP address ranges that are used by Lync Online. To view these IP address ranges, go to the following Microsoft TechNet website:
    Lync Online IP Ranges and URLs
    (http://technet.microsoft.com/en-us/library/hh372948.aspx)
  • Exclude the IP address ranges used by other Office 365 services, especially the IP ranges for Microsoft Online Services Sign In. If you're using Exchange Online, make sure that you exclude outgoing IP addresses for Exchange Online.
    IP Addresses and URLs used by Office 365
    (http://onlinehelp.microsoft.com/Office365-enterprises/hh373144.aspx)
  • Use the Office 365 Custom Domain Name Settings Test for Lync Online:
    Lync Remote Connectivity Analyzer
    (https://www.testocsconnectivity.com/)
  • Review the following Office 365 blog post:
    Ensuring your network works with Lync Online
    (http://community.office365.com/en-us/w/lync/ensuring-your-network-works-with-lync-online.aspx)
  • See the following article in the Microsoft Knowledge Base to create an exception in your firewall for the Windows Azure AD authentication system:
    2618060
    (http://support.microsoft.com/kb/2618060/ )
     Lync 2010 can't connect to the Lync Online service because a proxy is blocking connections from MSOIDSVC.exe 
Additionally, the following ports must be open in the external firewall.
Collapse this tableExpand this table
PortProtocolDirectionUsage
443STUN/TCPOutgoing Audio, video, application sharing sessions
443PSOM/TLSOutgoing Data sharing sessions
3478STUN/UDPOutgoing Audio, video sessions
5223TCPOutgoingLync Mobile push notifications
50000 – 59999RTP/UDPOutgoing Audio, video sessions

Note The same rule concepts can be applied to other firewalls. Additionally, your firewall server may require a firewall client to be installed on the end-user's computer.

For more information about how to configure ISA 2006 firewall rules, go to the following Microsoft TechNet website: 

Configuring ISA Server 2006 Firewall Rules
(http://technet.microsoft.com/en-us/library/cc539142.aspx)
Back to the top | Give Feedback

MORE INFORMATION

This issue occurs if an on-premises firewall blocks the communication flow.


How to verify that all network requirements for Lync Online are met

In a web browser, browse to one of the following Lync Online Transport Reliability IP Probe (TRIPP) tool URLs. (Browse to the URL that's closest to the user's physical location.)Then, click Start Test.

If any of the tests that are performed by the TRIPP tool fail, take the necessary actions to resolve the failure, and then rerun the TRIPP tool to verify that the connectivity issue is resolved. Use the references earlier in this article for information about ports, IP ranges, and URLs that should be allowed through an on-premises firewall or proxy.

The Client Access and Media Access tests
Two of the more important tests to consider are the Client Access test and the Media Access test. If these tests fail, Lync Online connectivity will be unable to log on to or to connect to media or collaboration sessions.
Collapse this imageExpand this image

The Route test
The Route test performs diagnostics on a packet's journey from the client computer to the Lync Online servers and displays information and statistics about each hop in the transmission. If a single point on the chart displays decreased functionality, it means that the device at that location could be causing the connectivity issue. If the device is in the on-premises environment, verify that it's operating correctly and that all software is up to date. If the device is outside the network and is owned by upstream providers, you may have to contact your Internet service provider (ISP) to resolve the conflict.

Collapse this imageExpand this image
To view more information and statistics about an endpoint, pause on a point in the graph on the Performance Graph page of the Route tab:

Collapse this imageExpand this image
route point statistics

The Connection Summary page of the Summary tab gives you a quick view of the tests that failed and of the tests that succeeded.

Collapse this imageExpand this image
Back to the top | Give Feedback

Still need help? Go to the Office 365 Community
(http://community.office365.com/)
website.
Back to the top | Give Feedback

Properties

Article ID: 2409256 - Last Review: May 15, 2013 - Revision: 44.0
Applies to
  • Microsoft Office 365 for enterprises (pre-upgrade)
  • Microsoft Office 365 for small businesses  (pre-upgrade)
  • Microsoft Office 365 for education  (pre-upgrade)
  • Microsoft Lync Online
Keywords: 
o365 o365a o365e kbgraphxlink o365062011 pre-upgrade o365022013 after upgrade o365m o365p KB2409256
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top