Applies ToSkype for Business Online

PROBLEM

You experience one or more of the following symptoms in Skype for Business Online (formerly Lync Online):

  • You can't connect to Skype for Business Online.

  • The following features don't work in Skype for Business Online:

    • Presence updates, and this includes contact pictures

    • Outlook integration

    • File transfers

    • Audio and video

SOLUTION

To resolve this issue, configure an exception for Office 365 URLs and applications from the proxy or firewall. To resolve this issue for Internet Security and Acceleration (ISA) Server 2006, create an allow rule. The allow rule should meet the following criteria. These criteria are highly recommended:

  • Allow outgoing connections to the following destination: *.microsoftonline.com

  • Allow outgoing connections to the following destination: *.microsoftonline-p.com

  • Allow outgoing connections to the following destination: *.onmicrosoft.com

  • Allow outgoing connections to the following destination: *.sharepoint.com

  • Allow outgoing connections to the following destination: *.outlook.com

  • Allow outgoing connections to the following destination: *.lync.com

  • Allow outgoing connections to the following destination: *.verisign.com

  • Allow outgoing connections to the following destination: *.verisign.net

  • Allow outgoing connections to the following destination: *.public-trust.com

  • Allow outgoing connections to the following destination: sa.symcb.com Note This is the certification revocation library for microsoftonline.com.

  • Protocols TCP and HTTPS

  • Rule must apply to all users

  • HTTPS/SSL time-out set to 8 hours

Take the following actions:

  • Review the following Office 365 website: 

    Set up Skype for Business Online

  • Exclude the IP address ranges used by Skype for Business Online and other Office 365 services, especially the IP ranges for Office 365 portal and identity. If you're using Exchange Online, make sure that you exclude outgoing IP addresses for Exchange Online.

    Office 365 URLs and IP address ranges

  • Use the Office 365 Custom Domain Name Settings Test for Skype for Business Online:

    Lync Remote Connectivity Analyzer

  • See the following article in the Microsoft Knowledge Base to create an exception in your firewall for the Microsoft Azure AD authentication system:

  • 2769142 Lync 2013 or Lync 2010 can't connect to the Skype for Business Online service because a proxy is blocking connections from MSOIDSVC.exe

  • See the "HTTP Proxies" topic in section 4.2.1.1.6 of the Network Planning, Monitoring, and Troubleshooting with Lync Server white paper. It speaks to problems with proxy servers performing deep-packet-inspection. Also review the following Microsoft Knowledge Base article:

    2690045 Using WAN Optimization Controller or Traffic/Inspection devices with Office 365

Additionally, the following ports must be open in the external firewall.

Purpose

Source IP

Destination IP

Source Port

Destination Port

Session Initiation Protocol (SIP) Signaling

Client

Office 365

Ephemeral ports TCP

443 TCP

Persistent Shared Object Model (PSOM) Web Conferencing

Client

Office 365

Ephemeral ports TCP

443 TCP

HTTPS downloads

Client

Office 365

Ephemeral ports TCP

443 TCP

Audio

Client

Office 365

50000 - 50019 UDP and TCP

443 TCP, 3478 & 3479 UDP,50000 - 59999 UDP and TCP (optional)

Video

Client

Office 365

50020 - 50039 UDP and TCP

443 TCP, 3478 & 3480 UDP, 50000 - 59999 UDP and TCP (optional)

Desktop Sharing

Client

Office 365

50040 - 50059 UDP and TCP

443 TCP, ​​​​​ 3478 & 3481 UDP,50000 - 59999 UDP and TCP (optional)

Lync Mobile push notifications for Lync Mobile 2010 on iOS and Windows Phone 7.5 devices

Client

Office 365

Ephemeral ports TCP

5223 TCP

Note Office 365 Skype for Business Online Edge Servers listen on the whole range of TCP and UDP ports 50000 - 59999 for Lync client audio, video, and Desktop Sharing sessions. Network traces will show client source ports in the 50000 - 50059 range connecting to destination ports on the Skype for Business Online Edge Servers in the 50000 - 59999 range. For more information about how to configure ISA 2006 firewall rules, go to the following Microsoft TechNet website:

Configuring ISA Server 2006 Firewall Rules

MORE INFORMATION

This issue occurs if an on-premises firewall blocks the communication flow.

Still need help? Go to Microsoft Community.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.