Network ports hardening between lync clients in different pool

Similar Messages

• Calls not ending on the Lync Client

  When Making a call through the Lync Client , you can talk as normal on the desk phone but when hanging up the lync client still shows the call window and after a short pause it says <person you tried to call> did not answer (an option
  to retry appears).
  We are using Lync Server with a Mitel based phone system. When hanging up on Lync the call hangs up on the Mitel phone.
  Please let me know if you need any more information.
  Thanks

  Hi,
  Did the issue also happen between two Lync desktop clients or just happen between one Lync desktop client and one Mitel phone?
  If the issue just happen between Lync client and Mitel phones, it may be an inbound route issue.
  Please also try to update to the latest version for Lync Server and then test again.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Network ports between Lync front end pools

  Dear All,
  One of my client have two lync front end pools, at present all the ports are opened between these two pools, now we want to restrict the network ports between the pool servers.
  please help me to, which are the ports need to open between different lync front end pools.

  There's a bunch of them, take a look at the resources below:
  Ports and protocols for internal servers in Lync Server 2013 https://technet.microsoft.com/en-us/library/gg398833(v=ocs.15).aspx
  Lync Firewall Rules Viewer http://blogs.technet.com/b/nexthop/archive/2012/07/03/lync-firewall-rules-viewer.aspx
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
  Georg Thomas | MVP (Skype for Business)
  Blog skype4bexpert.com | Twitter
  @georgathomas
  Lync/Skype for Business Edge Port Check (Beta)
  This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Lync Client uses wrong RTP Ports for calls from/to RGS with Agent Anonymity

  We have QoS implemented and client ports for audio, video und application defined by Set-CsConferencingConfiguration. We also use firewalls in our LAN between the different VLANs for Clients, Servers and Gateways/SBC. Only RTP from the client with the defined
  ports are allowed by the firewall. Media ByPass is enabled.
  In all normal cases, the right ports will be used and marked by GPO with the right DSCP value. But if an agent get a call from a RGS which has agent anonymity enabled, the client uses a port in the range 1024-65535 for audio. Also if you make a call on behalf
  of the RGS, the client use a random port between 1024-65535. As soon, as the source of the call is in another VLAN (e.g. a call from PSTN which comes in over a SBC in e separate VLAN), the firewall between the two VLANs block the RTP traffic.
  We see the deny on the firewall log and in the SBC log we see, the reinvite for the media by pass with the IP of the agent and a not valid port. We also see, that no RTP from the client/agent will arrive the SBC and no RTP from the SBC will arrive the client/agent.
  So the call will be disconnected, as soon as an agent wants accept the call.
  Is there an additional setting to make sure, the Lync client always use the valid RTP port range?
  This behavior exist in Lync 2010 and Lync 2013 clients.

  Hi Holger,
  Thanks for reply!
  Sure! I set all AudioPorts on all Services, but the problem are not the ports used by the server, the problem are the ports used by the client. We set the client ports to 49152 with a count of 40. The client (2013 and also 2010) use these ports correctly in all
  cases exept for call from/on behalf of an RGS with Agent Anonymity.
  If we disable the RGS agent anonymity, restart the client of the agent, then the client uses also the correct source ports for RTP.
  I've checked this behaviour now on 3 customer installations, our own productive installation and in our lab.
  Because until now only one of our customers have firewalls between the internal VLANs, only this single customer have the issues...
  Regards,
  Stephan

• Design - Lync client internal network subnets supports NAT?

  Hi everybody, this is my question.
  In my organization we Need to migrate Clients to lync 2013, but there are some internal Networks subnets where Clients relies that have their Network ip adrress NATed. Is it possible to use lync Clients in a NAT Network? Will it have some issues?
  Thanks

  Hi,
  Base on my knowledge, for Lync Server side, it is not supported. For Lync client side, you need to make sure all needed client ports open.
  Please refer “Required Client Ports” part in the link below:
  http://technet.microsoft.com/en-us/library/gg398833.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Client copy between clients having different OS(Linux and Windows)

  Dear All,
  I would like to do client copy between a client in development system having Linux OS and a client in sandbox system
  having Window OS.
  Is it possible?
  Regards,
  Vinod

  You can get more info at ::*
  http://help.sap.com/saphelp_erp60_sp/helpdata/EN/69/c24c0f4ba111d189750000e8322d00/frameset.htm*
  & also check note 552711 which clearly say at point no 5 .*
  5. Can I create client copies in a heterogeneous system landscape?*
                Remote copies or client transports can also be carried out between different database and operating systems.*
  Please close thread if you feel your question has been answered.*
  Thanks..
  Mohit
  Do NOT post in bold.... 2nd warning.
  Read the "Rules of Engagement"
  Edited by: Juan Reyes on Aug 27, 2009 12:07 PM

• Can lync client use internet proxy settings to proxy edge servers, if direct access is not reachable?

  Hi everybody I am trying to Login with my lync Client out of my organization. So I am using lync as a remote user. I am in another organization, and I am using their coporate lan wired and wireless, but I cannot Login to lync in my organization.
  I see that I cannot Access my edge Server on port 443 to authenticate directly, I know that Client in this organization use Internet Proxy to browse the Internet. they have a .pac in their ie Settings.
  my question is; can lync Client use Internet Proxy Settings to reach the Destination? I mean the Access edge on port 443?
  or it can use only Client direct Access to reach the edge Servers?
  I Think that the answer is that I use tcp protocol and not http, and maybe that is the reason why I cannot use the Internet Explorer Proxy Settings to reach the Access edge Servers, different maybe is the case I Need to reach the reverse Proxy for live Meetings.
  Hope my question is clear.
  Thanks

  Proxy settings are used to tell Internet Explorer the network address of an intermediary server (known as a proxy server) that is used between the browser and the Internet on some networks.
  Lync client doesn’t use Internet Proxy Setting. You need to access the Edge service directly.
  Lisa Zheng
  TechNet Community Support

• Direct connection between 2 clients without any configuration!

  I wan to make a system act like hamachi or logmein (websever & clients).
  I have a webserver on the internet and two client from different networks connected to this webserver, now i want to make directly connection between these clients without any configuration on router. I think it is possible because all infomation about clients network could be got from http request which they send to server. But i don't know what exact fields in the header of http request that i need and how to set them to create connection between clients. I need some ideas about this issue.
  Edited by: tulous on Nov 20, 2008 7:40 PM
  Edited by: tulous on Nov 20, 2008 7:41 PM

  tulous wrote:
  I know, so if you want to use a remote control tool such as: VNC, remote desktop you must config on router or server. But even if you had a proxy(permit port 80) when you type www.sun.com you will get data from it, this data was sent from Sun to your proxy and in some way the data was return to your browser. So i think if we have enough information(it come from the webserver) we could init a connection between 2 client. An example of this is Hamachi.
  At first 2 hamachi clients connect to a server of hamachi, when they have their id, a tunnel between 2 clients was established without any configuration on proxy(certainly that server did not deny port of hamachi). From now 2 clients can exchange data not through the server. The same in logmein, you can remote desktop any where with zero configuration, but the speed is guarantee because they contact to server for query information, but the data was transmited directly. Sorry if i make mistake.It doesn't work the way you think.
  There is a proxy or you have to have one side listening with a ServerSocket and have ports opened as needed. You can't create a Socket connection on server A between clients B and C and then pass it off to clients B and C and magically they just talk to each other.
  It does not work that way. It is impossible to do it that way.

• Lync Client Behind A Proxy

  Can anyone confirm if the Lync client can be configured to route traffic via a proxy, or to use the proxy settings defined in IE?
  I have the following scenario...
  The environment is heavily locked down, and PC's only have access to the Internet via a defined IE proxy.  Internal IM, presence and communication all work fine.  We have configured federation with some remote organizations.  IM and presence
  works fine to these orgs, but when any A/V or application sharing is attempted, the media fails.  I can see from traces this is when the client tries (and fails) to access the A/V edge of the remote federated parties edge server.
  I've looked at the Lync settings, reg settings, group policy ADM and documentation, and cant find anything to a) confirm if this behavior is correct or b) any way to work around it.
  There must be other Lync implementations in hardened environments like this.  Opening up outbound ports is out of the question, so what other options do i have?
  Dave

  Jay, you missed the key word in my last post "internally".  Functionally, everything about the edge server is working fine.  Clients can login internally and externally.  Media flows from internal to external clients is fine.  All SIP/AV/WEBCON
  DNS entries are fine in public DNS along with supporting SRV records.  These interfaces are Nat'd and the AV address is correctly assigned.
  My problem only occurs when an AV session is attempted with a federated partner...
  When any AV or sharing is attempted, from the internal network, to the federated partner, i can see the Lync client attempting to make connections out to the remote federated partners AV edge (something which it will never be able to do as it's behind a
  proxy with no direct Internet access).  This is what I'm trying to address.
  Should the SIP/AV/WEBCON address exist INTERNALLY
  on the corporate DNS servers for internal clients to resolve?  Is this what i have missed?
  Is there anyway to instruct the Lync client to route traffic bound for the Internet via a proxy?
  Surely there must be someone else with this scenario in a locked down environment?

• Multiple network ports.... options?

  Our Xserve has 4 ethernet ports, but our switch doesn't support the right kind of link aggregation to make use of a fat trunked 4Gb connection to our network.
  Is there any way I can I make use of these multiple ports to enhance or optimise network traffic to our server, and if so, how?
  I guess I could activate and connect all 4 ports to our 2x 24 port switches, but each connection would need a different IP address – presumably that would affect DNS and accessing services on the server?
  Advice appreciated!!

  Really. At least, that was the case last December when we moved premises, bought the Xserve and a couple of these switches..... I think it's to do with that 'manual' bit in the Netgear specs – I have a feeling a little more intelligence on the part of the switch is required.
  I had read the specs and assumed it would work. Frustratingly, I tried everything (last year), and no good. I'm not at work just now, so I can't log in to the control panel, but from memory, all you can do is specify groups of ports to 'trunk' together – it works fine between the two switches (I've set up a two-port trunk between the switches), just not Xserve to Switch A (or B!).
  I really wanted this to work, as it would have balanced our network load to the server nicely, so if anyone thinks I've missed something........?

• Lync client won't connect to a conference via dial-in number hosted on deterrent pool than conference.

  I have been
  troubleshooting a very strange issue with Lync clients being unable to connect
  to a conference via dial-in number when the conference is hosted on a different
  pool. This happens internally and there is no media gateway or SIP trunk
  involved.<o:p></o:p>
  Users are
  unable to join a conference from Polycom CX phones and Lync 2013/2010 software clients
  by dialling conference Dial-in number which is located on a different pool than
  actual conference. Users are prompted to input their conference ID, however,
  they are never connected to the conference (10 min silence followed by error
  announcement). <o:p></o:p>
  This only
  happens if the dial-in number is homed on a different pool than conference.
  Both pools are Lync 2013 Standard Edition running on Windows Server 2012.
  Servers and clients are patched with the latest CU.<o:p></o:p>
  I noticed that
  when you call dial-in number’s SIP address, user will get transferred to a
  conference (works ok). When you dial just a number users is never transferred
  and RT Audio traffic still goes directly to a server which is hosting dial-in
  number.<o:p></o:p>
  After
  checking Lync traces it looks like Lync client ignores the REFER message from
  the FE server hosting Dial-in number and it never send an INVITE to the server
  whit active conference.<o:p></o:p>
  The only difference
  between INVITES for working calls and calls that failed to connect to the
  conference is the presence of the user=phone in TO header:<o:p></o:p>
  Working
  invite:<o:p></o:p>
  TO:
  <sip:[email protected]><o:p></o:p>
  Failed invite:

  Please try to disable refer support for all pools.
  The problem seems occur when Attendant transfer the call to another pool.
  Please provide more trace file information.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Unable to log onto any Lync Client: The server is temporarily unavailable

  Lync Server 2013 Standard --> Internal Only Installation 
  --> First time testing a Lync Client after Install

  Summary of the Problem:
  Lync Client Error: The server is temporarily unavailable
  Lync Enviroment: Single server, the Internal AD domain is a different name then the SIP domain
  Testing the Issue:
  Manually configure a client using 'SipPoolName:5061'
  NSLookup --> set type=srv --> _sipinternaltls._tcp.MyInternalDomain.Local
  NSLookup LyncServerFQDN.MyInternalDomain.Local
  Telnet LyncServerFQDN.MyInternalDomain.Local 5061  (On a Client)
  NetStat –an = 5061 (On Lync Server)
  Resolution:
  Create a new DNS Zone for SipDomain.com
  Create a DNS A record "sip.SipDomain.com" which resolves to the Lync server IP address
  Create a SRV record in the new zone with the following:
  Service = _sipinternaltls
  Protocol = _tcp
  Port Number = 5061
  Host offering this service = sip.SipDomain.com
  Note: You may require to add A Records to the new zone if the SIP domain is also the external domain name (Examples: OWA, WWW,)
  DNS Internal Requirements: http://technet.microsoft.com/en-us/library/gg398758.aspx

• IMac Killing network port

  This involves a iMac G3 500 mhz, running 10.3.9.
  First I have to say I am know next to nothing about networking, I'll try to explain what is going on and am looking for whatever info any one can offer me as to why this problem may be happening.
  Problem: Every morning the iMac when started up cannot find the network in our office. The port is completely dead, under system prefs, under network status it is completely blank not even a red circle saying built in ethernet is there but no connection.
  I think it's the line (we recently moved to a new office) and someone else thinks it's the mac killing the port. When I connect another machine (also iMac) onto that port it also can't find the port and does the same thing. I've been told that's because the first mac has already killed the port and hooking anything else up will not work either.
  I moved the problem machine to a different network port this a.m. and it works. The someone else is freaked out that tomorrow when the mac starts up that it will now kill this port too. He says it's already killed 9 ports on the switch/hub (correct term?) and he can't get them back active.
  In our old office this never was a problem. I've been told that's because the old switch/hub was a non secure switch so it let the mac do whatever it wanted and that it gave itself a static ip address. Now we have a secure switch and it's not letting the mac do what it wants and is not regonizing this ip address. I've also been told that the machine probably has adware/spyware and that is why it's killing the network port it's connected to.
  I guess I'm wondering - is it possible for a mac to kill a network port? Is it possible that adware/spyware is making the mac kill the port? If it is killing ports then why didn't it when it was moved to the new port this a.m.?
  We have 8 mac in the office and none of them have this same problem. I can't imagine that out of 9 macs only 1 would have adware/spyware.
  Thanks for any help

  So before, you were using a hub with no routing capabilities, and "port-killer" was getting a self-assigned "169.x.x.x" IP address? Is this how the other Macs were doing it?
  How is your System Preferences Networking stuff configured? DHCP? Or static with defined network mask and DNS servers? Built-in Ethernet, right? Is this the same as all the other Macs on your network?
  It could be a hardware problem with either the Mac or the new router or its cabling. Here is how I would proceed to troubleshoot:
  The first thing I'd do is reboot your router with a known good Mac plugged in to the dead port, and "port-killer" plugged into a known good port then boot up both Macs and see how they behave. If "port-killer" is truly living up to his legacy, you guys need to get a new router anyways, so what's another dead port?
  If you now have two apparently dead ports then replace "port-killer" with a third known good computer. If both ports on the router are still dead now, then "port killer" is living up to his name and both it and the router need to be fixed. By the way, I would also do cold-boots with computers and router every time I made a configuration change in this procedure.
  If "port-killer" is the only dead computer on the network and the other one works in the previously suspect port, then the router is okay and only "port-killer" needs to be fixed.
  If "port killer" is working okay on his new jack, and the original "problem child" port on the router is still dead, it could be the router or it could be the cabling between router and computer. To determine which, unplug the cables on the "dead" port and a known good port at the router. Cross them and plug them back in. The good line now goes to the (previously) dead jack at the "bad" computer location and the (possibly) bad line goes to the previously good computer location.
  Who's broke now? Same computer? Then it's in the cabling. Different computer? That router port is flakey.
  The fact that you have already connected another Mac onto the "problem child" line and it's DOA, and that "port-killer" works okay plugged in elsewhere tells me that it's a router port or cable issue. Most likely the stupid cable is not plugged in at the router at all, and/or is mislabeled and running off to a different unused jack in your new office location.

• Difference between lync mobility using 3g/4g and wifi

  Dear all,
  any one can clarify ,is there any difference on communication from lync client to server between 3g/4g and wifi.
  because we are able to make call using wifi in mobile but using 3g/4g video/audio call not working on lync 2013

  There shouldn't be much difference as long as the Lync client is able to reach the Av edge server 
  Run audio video test for Lync using https://testconnectivity.microsoft.com from the external or if possible from you 3g/4g network 
  Let ensure we have the latest Lync client 
  http://blogs.office.com/2013/10/10/updated-lync-mobile-for-windows-phone-and-ios/
  Sharing and video call invitations fail on some mobile 4G networks
  On some mobile 4G networks, you may not be able to send or receive video in meetings and video calls or to see shared content in meetings. When you’re in a call or meeting, a notification will be displayed that video or sharing is available, but clicking Accept will
  result in a failure because the mobile network connection is temporarily lost.
  Workaround    No workaround is available at this time.
  http://office.microsoft.com/en-in/lync-help/lync-2013-known-issues-HA102919641.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph

• Connection between SDM client and server is broken

  Dear All,
  First of all this is what I have
  -NW04 SPS 17
  -NWDS Version: 7.0.09 Build id: 200608262203
  -using VPN connection
  -telnet on port 57018 is succesfull
  I can login to SDM server (from NWDS and from SDM GUI) I can see the state of SDM(green light), restart it, can navigate through tabs in GUI, but every time I am trying to deploy an ear i have this error:
  Deployment exception : Filetransfer failed: Error received from server: Connection between SDM client and server is broken
  Inner exception was :
  Filetransfer failed: Error received from server: Connection between SDM client and server is broken
  I have already read a lot of topics,blogs,notes but didn't find the solution.
  Can anybody help me?
  Best Regards

  Having same issue. Nothing helped so far... Using NWDS 7.0 SP18.
  I have turned SDM tracing on and this is what I see on client side after sending first data package:
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0280/17 Client: finished sending string part"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0280/0 Client: receive String part from Server"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl.receiveFromServer(NetComm ..): Entering method
  com.sap.bc.cts.tp.net.NetComm.receive(): Entering method
  com.sap.bc.cts.tp.net.NetComm: debug "Method "receive(char[])" could not read all requested bytes. There are still 12 bytes to read"
  com.sap.bc.cts.tp.net.NetComm: debug "Caught IOException during read of header bytes (-1,          43):Connection reset"
  com.sap.bc.cts.tp.net.NetComm: debug "  throwing IOException(net.id_000001)"
  com.sap.bc.cts.tp.net.NetComm.receive(): Exiting method
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: Exiting method
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0281/1 Client: connection was broken"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: Exiting method
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0281/0 Client: finshed sendAndReceive"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: Exiting method
  My connection on server is still active so I have to restart SDM server to reset and try it again.
  Anyone have idea whats happening?
  Edited by: skyrma on Feb 24, 2012 2:46 PM
  Edited by: skyrma on Feb 24, 2012 2:47 PM
  Edited by: skyrma on Feb 24, 2012 2:47 PM