Saturday, February 19, 2011

Microsoft Lync Server and Client 2010 Ports and Protocol Requirements

I'm always being asked by my clients and different people when I do Proof of Concept what are the port that they should be opening up on their firewall in their network infrastructure. I will do also a follow up post about the Min and Max MediaPort that you can open. For Office Communication Server 2007 R2 is almost the same port requirement.

Required Server Ports

Server role

Service name

Port

Protocol

Notes

Front End Servers

Lync Server Front-End service

5060

TCP

Optionally used by Standard Edition servers and Front End Servers for static routes to trusted services, such as remote call control servers.

Front End Servers

Front-End service

5061

TCP(TLS)

Used by Standard Edition servers and Front End pools for all internal SIP communications between servers (MTLS), for SIP communications between Server and Client (TLS) and for SIP communications between Front End Servers and Mediation Servers (MTLS). Also used for communications with Monitoring Server.

Front End Servers

Front-End service

444

HTTPS

Used for communication between the Focus (the Lync Server component that manages conference state) and the individual servers.

Front End Servers

Lync Server Front-End service

135

DCOM and remote procedure call (RPC)

Used for DCOM based operations such as Moving Users, User Replicator Synchronization, and Address Book Synchronization.

Front End Servers

Lync Server IM Conferencing service

5062

TCP

Used for incoming SIP requests for instant messaging (IM) conferencing.

Front End Servers

Lync Server Web Conferencing service

8057

TCP (TLS)

Used to listen for Persistent Shared Object Model (PSOM) connections from client.

Front End Servers

Web Conferencing Compatibility Service

8058

TCP (TLS)

Used to listen for Persistent Shared Object Model (PSOM) connections from the Live Meeting client and previous versions of Communicator.

Front End Servers

Lync Server Audio/Video Conferencing service

5063

TCP

Used for incoming SIP requests for audio/video (A/V) conferencing.

Front End Servers

Lync Server Audio/Video Conferencing service

57501-65335

TCP/UDP

Media port range used for video conferencing.

Front End Servers

Web Compatibility service

80

HTTP

Used for communication from Front End Servers to the web farm FQDNs (the URLs used by IIS web components) when HTTPS is not used.

Front End Servers

Lync Server Web Compatibility service

443

HTTPS

Used for communication from Front End Servers to the web farm FQDNs (the URLs used by IIS web components).

Front End Servers

Lync Server Conferencing Attendant service (dial-in conferencing)

5064

TCP

Used for incoming SIP requests for dial-in conferencing.

Front End Servers

Lync Server Conferencing Attendant service (dial-in conferencing)

5072

TCP

Used for incoming SIP requests for Microsoft Lync 2010 Attendant (dial in conferencing).

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5070

TCP

Used by the Mediation Server for incoming requests from the Front End Server to the Mediation Server.

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5067

TCP (TLS)

Used for incoming SIP requests from the PSTN gateway to the Mediation Server.

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5068

TCP

Used for incoming SIP requests from the PSTN gateway to the Mediation Server.

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5081

TCP

Used for outgoing SIP requests from the Mediation Server to the PSTN gateway.

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5082

TCP (TLS)

Used for outgoing SIP requests from the Mediation Server to the PSTN gateway.

Front End Servers

Lync Server Application Sharing service

5065

TCP

Used for incoming SIP listening requests for application sharing.

Front End Servers

Lync Server Application Sharing service

49152-65335

TCP

Media port range used for application sharing.

Front End Servers

Lync Server Conferencing Announcement service

5073

TCP

Used for incoming SIP requests for the Lync Server Conferencing Announcement service (that is, for dial-in conferencing).

Front End Servers

Lync Server Call Park service

5075

TCP

Used for incoming SIP requests for the Call Park application.

Front End Servers

Audio Test service

5076

TCP

Used for incoming SIP requests for the Audio Test service.

Front End Servers

Not applicable

5066

TCP

Used for outbound Enhanced 9-1-1 (E9-1-1) gateway.

Front End Servers

Lync Server Response Group service

5071

TCP

Used for incoming SIP requests for the Response Group application.

Front End Servers

Lync Server Response Group service

8404

TCP (MTLS)

Used for incoming SIP requests for the Response Group application.

Front End Servers

Lync Server Bandwidth Policy Service

5080

TCP

Used for call admission control by the Bandwidth Policy service for A/V Edge TURN traffic.

Front End Servers

Lync Server Bandwidth Policy Service

448

TCP

Used for call admission control by the Lync Server Bandwidth Policy Service.

Front End Servers where the Central Management store resides

CMS Replication service

445

TCP

Used to push configuration data from the Central Management store to servers running Lync Server.

All internal servers

Various

49152-57500

TCP/UDP

Media port range used for audio conferencing on all internal servers. Used by all servers that terminate audio: Front End Servers (for Lync Server Conferencing Attendant service, Lync Server Conferencing Announcement service, and Lync Server Audio/Video Conferencing service), and Mediation Server.

Directors

Lync Server Front-End service

5060

TCP

Optionally used for static routes to trusted services, such as remote call control servers.

Directors

Lync Server Front-End service

5061

TCP

Used for internal communications between servers and for client connections.

Mediation Servers

Lync Server Mediation service

5070

TCP

Used by the Mediation Server for incoming requests from the Front End Server.

Mediation Servers

Lync Server Mediation service

5067

TCP (TLS)

Used for incoming SIP requests from the PSTN gateway.

Mediation Servers

Lync Server Mediation service

5068

TCP

Used for incoming SIP requests from the PSTN gateway.

Mediation Servers

Lync Server Mediation service

5070

TCP (MTLS)

Used for SIP requests from the Front End Servers.

Required Client Ports

Component

Port

Protocol

Notes

Clients

67/68

DHCP

Used by Lync Server 2010 to find the Registrar FQDN (that is, if DNS SRV fails and manual settings are not configured).

Clients

443

TCP (TLS)

Used for client-to-server SIP traffic for external user access.

Clients

443

TCP (PSOM/TLS)

Used for external user access to web conferencing sessions.

Clients

443

TCP (STUN/MSTURN)

Used for external user access to A/V sessions and media (TCP)

Clients

3478

UDP (STUN/MSTURN)

Used for external user access to A/V sessions and media (TCP)

Clients

5061

TCP (MTLS)

Used for client-to-server SIP traffic for external user access.

Clients

6891-6901

TCP

Used for file transfer between Lync 2010 clients and previous clients (clients of Microsoft Office Communications Server 2007 R2, Microsoft Office Communications Server 2007, and Live Communications Server 2005).

Clients

1024-65535

TCP/UDP

Audio port range (minimum of 20 ports required)

Clients

1024-65535

TCP/UDP

Video port range (minimum of 20 ports required).

Clients

1024-65535

TCP

Peer-to-peer file transfer (for conferencing file transfer, clients use PSOM).

Clients

1024-65535

TCP

Application sharing.

Microsoft Lync 2010 Phone Edition for Aastra 6721ip common area phone Microsoft Lync 2010 Phone Edition for Aastra 6725ip desk phone

Microsoft Lync 2010 Phone Edition for Polycom CX500 common area phone

Microsoft Lync 2010 Phone Edition for Polycom CX600 desk phone

67/68

DHCP

Used by the listed devices to find the Lync Server 2010 certificate, provisioning FQDN, and Registrar FQDN.

Note:
Windows Firewall must be running before you start the Lync Server 2010 services on a server, because that is when Lync Server opens the required ports in the firewall.

Note: Some remote call control scenarios require a TCP connection between the Front End Server or Director and the PBX. Although Lync Server 2010 no longer uses TCP port 5060, during remote call control deployment you create a trusted server configuration, which associates the RCC Line Server FQDN with the TCP port that the Front End Server or Director will use to connect to the PBX system. For details, see the CsTrustedApplicationComputer cmdlet in the Lync Server Management Shell documentation.

Source: TechNet

Friday, February 11, 2011

Microsoft Lync Server 2010 Protocol Workloads Poster

This poster shows each workload in Lync Server 2010, describing relationships, dependencies, the servers that initiate connections, and certificate requirements. Relationships between Microsoft Lync 2010 communications software, Microsoft Lync 2010 Phone Edition, Microsoft Office Live Meeting 2007, Microsoft Lync Web App, and other communications software are also described. SIP and XMPP connection patterns are shown for Yahoo!, MSN, AOL, Gmail, and Jabber.

Download the poster: here


Source:DrRez Blog and Microsoft Download Center

Thursday, February 10, 2011

Microsoft Lync Documents from Microsoft Download Center

Microsoft Lync Documents now available for download. Version Jan2011

  • Microsoft Lync Server 2010 Documentation Help File: link
  • Microsoft Lync Server 2010 Active Directory Guide: link
  • Microsoft Lync Server 2010 Enterprise Edition Deployment Guide: link
  • Microsoft Lync Server 2010 Standard Edition Deployment Guide: link
  • Microsoft Lync Server 2010 Enterprise Voice Deployment Guide: link
  • Microsoft Lync Server 2010 Response Group Deployment Guide: link
  • Microsoft Lync Server 2010 Client and Device Deployment Guide: link
  • Microsoft Lync Server 2010 Edge Server Deployment Guide: link
  • Microsoft Lync Server 2010 Archiving Deployment Guide: link
  • Microsoft Lync Server 2010 Monitoring Deployment Guide: link
  • Microsoft Lync Server 2010 Supportability Guide: link
  • Microsoft Lync Server 2010 Device Management and Troubleshooting Guide: link
  • Microsoft Lync Server 2010 Call Data Recording and Quality of Experience Database Schema: link
  • Enabling Quality of Service with Microsoft Lync Server 2010: link
  • Migrating from OCS2007 R2 to Lync Server 2010: link

For more info and other related documents visit TechNet.

Source: Microsoft Download Center

Enabling User to Appear Offline on Microsoft Lync 2010

This blog post is just a follow up/update from Enabling User to Appear Offline on Office Communicator 2007 R2. Almost same post but this one is for Microsoft Lync 2010.

By default, Microsoft Lync 2010 enable users to set their presence to one of the following five states:

But Administrators can provide users with another option for setting their presence: Appear Offline. When a user selects this option, he or she appears to be offline. In fact, all of the user's contacts see a presence icon indicating the user is offline. For the users to have the option of "Appear Offline" you must create a new registry key and registry value on the computer running Microsoft Lync 2010. For this option that I'm showing is per user or machine setting only, not a Global Setting. Caution: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. Enable User to Appear Offline:

  1. Log on to a computer that is running Office Communicator.
  2. Click Start, and then click Run.
  3. In the Run dialog box, type regedit, and then press ENTER.
  4. In Registry Editor, expand HKEY_LOCAL_MACHINE, expand Software, expand Policies, expand Microsoft, click Communicator.
  5. Right-click the Communicator registry key, point to New, and then click DWORD (32-bit) Value.
  6. After the new value is created, type EnableAppearOffline to rename the value.
  7. Double-click the new EnableAppearOffline registry value.
  8. In the Edit DWORD (32-bit) Value dialog box, type 1 in the Value data box, and then click OK.

    Registry Setting Sample

  9. After making above change, exit from Lync 2010 (from system tray) and relaunch it.
  10. After signing back to Lync 2010 you should able to see "Appear Offline" on the option of the Microsoft Lync 2010.

You know have the "Appear Offline" option on Lync 2010.

For question you can email: mikhail@mimanu.com

Configuring Custom Presence States in Microsoft Lync 2010

It's been a while since I post on my blog. I will be posting "Configuring Custom Presence States in Microsoft Lync 2010". Its almost the same process/steps just a bit change on the file location of the application to update from my previous post "Configuring Custom Presence States in Communicator 2007 R2".

Again by default, Microsoft Lync 2010 enable users to set their presence state to one of the following five states and added Appear Offline:To define custom presence states in Microsoft Lync 2010, you will create an XML custom presence configuration file, and then specify its location with the CustomStateURL registry key.
Caution:Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

Configuration files have the following properties:
  • Custom states can be configured with Available, Busy, and Do Not Disturb.
  • The availability attribute determines which Presence button is associated with the status text of the custom state. In the example below, the status text, Working from Home, is displayed to the right of the Presence button.
  • The maximum length of the status text is 64 characters.
  • A maximum of four custom presence states can be added.
  • Valid address types for the CustomStateURL registry key are FILE:, HTTP:, and HTTPS:
Note:If you implemented a custom presence state URL in previous versions of Communicator by using the CustomStateURL group policy, you might have to modify the URL or change the EnableSIPHighSecurityMode security level so that the custom presence state URL will work in Lync 2010. If the custom state presence URL no longer works, do one of the following:
  • Reformat the custom presence state URL to an encrypted http (https) URL.
  • Set EnableSIPHighSecurityMode group policy to 0.
Configuring Custom Presence States:

  1. Close the Lync and then Create an XML configuration file, by downloading the sample on my Skydrive
  2. Save it to the Lync 2010 Folder. Common Lync 2010 directory is "C:\Program Files\Microsoft Lync". For 64-bit: "C:\Program Files (x86)\Microsoft Lync".
  3. After saving, Launch REGEDIT and look for this directory: HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\COMMUNICATOR
  4. Create a STRING called CustomStateURL and set the following value: C:\Program Files (x86)\Microsoft Lync\Presence.xml
  5. Exit regedit and Relaunch Lync 2010.