PROBLEM
You experience one or more of the following symptoms in Skype for Business Online (formerly Lync Online):
-
You can't connect to Skype for Business Online.
-
The following features don't work in Skype for Business Online:
-
Presence updates, and this includes contact pictures
-
Outlook integration
-
File transfers
-
Audio and video
-
SOLUTION
To resolve this issue, configure an exception for Office 365 URLs and applications from the proxy or firewall.
To resolve this issue for Internet Security and Acceleration (ISA) Server 2006, create an allow rule. The allow rule should meet the following criteria. These criteria are highly recommended:-
Allow outgoing connections to the following destination: *.microsoftonline.com
-
Allow outgoing connections to the following destination: *.microsoftonline-p.com
-
Allow outgoing connections to the following destination: *.onmicrosoft.com
-
Allow outgoing connections to the following destination: *.sharepoint.com
-
Allow outgoing connections to the following destination: *.outlook.com
-
Allow outgoing connections to the following destination: *.lync.com
-
Allow outgoing connections to the following destination: *.verisign.com
-
Allow outgoing connections to the following destination: *.verisign.net
-
Allow outgoing connections to the following destination: *.public-trust.com
-
Allow outgoing connections to the following destination: sa.symcb.com
Note This is the certification revocation library for microsoftonline.com. -
Protocols TCP and HTTPS
-
Rule must apply to all users
-
HTTPS/SSL time-out set to 8 hours
Take the following actions:
-
Review the following Office 365 website:
-
Exclude the IP address ranges used by Skype for Business Online and other Office 365 services, especially the IP ranges for Office 365 portal and identity. If you're using Exchange Online, make sure that you exclude outgoing IP addresses for Exchange Online.
-
Use the Office 365 Custom Domain Name Settings Test for Skype for Business Online:
-
See the following article in the Microsoft Knowledge Base to create an exception in your firewall for the Microsoft Azure AD authentication system:
-
2769142 Lync 2013 or Lync 2010 can't connect to the Skype for Business Online service because a proxy is blocking connections from MSOIDSVC.exe
-
See the "HTTP Proxies" topic in section 4.2.1.1.6 of the Network Planning, Monitoring, and Troubleshooting with Lync Server white paper. It speaks to problems with proxy servers performing deep-packet-inspection. Also review the following Microsoft Knowledge Base article:
2690045 Using WAN Optimization Controller or Traffic/Inspection devices with Office 365
Additionally, the following ports must be open in the external firewall.
Purpose |
Source IP |
Destination IP |
Source Port |
Destination Port |
---|---|---|---|---|
Session Initiation Protocol (SIP) Signaling |
Client |
Office 365 |
Ephemeral ports TCP |
443 TCP |
Persistent Shared Object Model (PSOM) Web Conferencing |
Client |
Office 365 |
Ephemeral ports TCP |
443 TCP |
HTTPS downloads |
Client |
Office 365 |
Ephemeral ports TCP |
443 TCP |
Audio |
Client |
Office 365 |
50000 - 50019 UDP and TCP |
443 TCP,50000 - 59999 UDP and TCP (optional) 3478 & 3479 UDP, |
Video |
Client |
Office 365 |
50020 - 50039 UDP and TCP |
443 TCP,50000 - 59999 UDP and TCP (optional) 3478 & 3480 UDP, |
Desktop Sharing |
Client |
Office 365 |
50040 - 50059 UDP and TCP |
443 TCP, 50000 - 59999 UDP and TCP (optional) 3478 & 3481 UDP, |
Lync Mobile push notifications for Lync Mobile 2010 on iOS and Windows Phone 7.5 devices |
Client |
Office 365 |
Ephemeral ports TCP |
5223 TCP |
Note Office 365 Skype for Business Online Edge Servers listen on the whole range of TCP and UDP ports 50000 - 59999 for Lync client audio, video, and Desktop Sharing sessions. Network traces will show client source ports in the 50000 - 50059 range connecting to destination ports on the Skype for Business Online Edge Servers in the 50000 - 59999 range. For more information about how to configure ISA 2006 firewall rules, go to the following Microsoft TechNet website:
MORE INFORMATION
This issue occurs if an on-premises firewall blocks the communication flow.
Still need help? Go to