Thursday, June 04, 2015

Skype for Business, Lync 2013, Skype Directory and TCP/4443

Wanted to clear up a little confusion on this.   Thanks to other bloggers for posting the how-to on configuring the Skype Directory and of course the TechNet article on deployment.

After seeing several posts regarding additional port requirements, I decided to investigate further.  There are TWO port requirements for this functionality.  (there is not a "Consolidated Edge Port Summary for S4B Server yet, but here is the Lync 2013 article)

  1. TCP/4443 from the FE pools to the Edges.  This should already be open in your environment for the failback A/V path and replication of CMS.
  2. TCP/443 from the Access Edge service to the Internet.  Now, in most environments, TCP/443 outbound for HTTPS is not blocked for things like Windows Updates and Web browsing, but if you did have an environment that was extremely locked down, this would be a new port requirement.
 Now, during MS Ignite in early May, there were some postings and discussion about TCP/4443 from Edge to the Internet was required.  I have found that this is NOT true.  The S4B Server Protocol Poster confirms this.

This shows the only additional port requirements externally are TCP/443 from the Access Edge.  On the internal side, the TCP/4443 from FE to Edge is represented, but was already there in Lync 2013.

Now, looking at an actual S4B Edge server and running a  netstat -ano I can see that it is indeed listening on both the internal and external NICs on TCP/4443.  A telnet test and test-netconnection confirm that there is indeed a listener on both inside and outside interfaces.

So there is a slight discrepancy here that the port is listening, but is not documented as needed in S4B Server.  I also checked against a recently patched Lync 2013 Edge server - and the same configuration of listening on TCP/4443 is in place there as well.

No comments: