Note: This article applies only to Office 365 operated by 21Vianet in China. All other customers should see Set up Skype for Business Online .
To set up your network for Skype for Business Online:
-
Add CNAME (alias) and SRV (service) settings to your Domain Name System (DNS) server.
-
If you have an external firewall or proxy server, configure it to allow Skype for Business traffic.
-
Test your DNS and firewall settings.
Step One: Add DNS settings
If you’re using your own domain name, add these entries to your external DNS server:
|
Type |
Host name |
Destination |
TTL |
|
CNAME |
sip |
sipdir.online.partner.lync.cn |
1 hour |
|
CNAME |
lyncdiscover |
webdir.online.partner.lync.cn |
1 hour |
|
Type |
Service |
Protocol |
Port |
Weight |
Priority |
TTL |
Name |
Target |
|
SRV |
_sip |
_tls |
443 |
1 |
100 |
1 hour |
yourDomainName |
sipdir.online.partner.lync.cn |
|
SRV |
_sipfederationtls |
_tcp |
5061 |
1 |
100 |
1 hour |
yourDomainName |
sipfed.online.partner.lync.cn |
See DNS setting details for the features affected by each record.
If you have a firewall that blocks external SRV queries, add these entries to your internal DNS server as well:
|
Type |
Host name |
Destination |
TTL |
|
CNAME |
sip |
sipdir.online.partner.lync.cn |
1 hour |
|
CNAME |
lyncdiscoverinternal |
webdir.online.partner.lync.cn |
1 hour |
|
Type |
Service |
Protocol |
Port |
Weight |
Priority |
TTL |
Name |
Target |
|
SRV |
_sip |
_tls |
443 |
1 |
100 |
1 hour |
yourDomainName |
sipdir.online.partner.lync.cn |
Step Two: Configure your firewall or proxy server
If you have an external firewall or proxy server, define rules for Skype for Businessports, outgoing connections, and IP address ranges.
Ports
Open the following ports in your organization’s external firewall:
|
Port |
Protocol |
Direction |
Usage |
|
443 |
STUN/TCP |
Outbound |
Audio, video, and application sharing sessions |
|
443 |
PSOM/TLS |
Outbound |
Data sharing sessions |
|
3478 |
STUN/UDP |
Outbound |
Audio and video sessions |
|
5223 |
TCP |
Outbound |
Skype for Business mobile push notifications |
|
50000-59999 |
RTP/UDP |
Outbound |
Audio and video sessions |
Outgoing connections
Create a rule that allows outgoing connections (TLS and HTTPS) for all users to these locations:
-
pipe.skype.com
-
skypemaprdsitus.trafficmanager.net
-
*.partner.microsoftonline.cn
-
*.partner.microsoftonline-p.cn
-
*.onmschina.cn
-
*.sharepoint.cn
-
*partner.outlook.cn
-
*partner.lync.cn
Set the HTTP/SSL time-out value to eight hours.
IP address ranges
See URLs and IP address ranges for Office 365 operated by 21Vianet.
Step Three: Test your settings
Test your DNS settings:
-
Go to the Microsoft Remote Connectivity Analyzer.
-
On the Office 365 tab, choose Office 365 Skype for Business Domain Name Server (DNS) Connectivity Test, and then click Next.
-
Enter the sign-in address that you use when you sign in to Skype for Business Online (for example, bob@contoso.com), and then start the test.
DNS setting details
This table shows the Skype for Business features affected by each DNS setting.
|
Type |
Host name or service |
Features affected |
|
CNAME |
sip |
Skype for Business desktop client autodiscover and sign-in |
|
CNAME |
lyncdiscover lyncdiscoverinternal |
Skype for Business mobile client autodiscover and sign-in |
|
SRV |
_sip |
Skype for Business IM and presence integration with Outlook Web App Authenticated user sign-in with Lync Web App |
|
SRV |
_sipfederationtls |
Supports adding Skype for Business users in other organizations to the Skype for Business Contacts list. |
