External Client Connectivity Problem RRS feed

  • Question

  • Hello Forum,
    We have some issues about external client services.

    Briefly our topology consists Frontend server, Edge server, Archiving server and ARR for reverse proxy. All servers uses public IP. All DNS requirements are satisfied as in technet documents. Internal all the services works fine. Also instant messaging works fine for external clients but external clients cannot start audio&video call. In client logs we see that clients tries to connect directly with their private IP (eg.IP behind modem)

    Also in Lync Connectivity Analyzer, Access Location shows : internal while we try to connect from outside of our organization. We guess the problem is that our Skype Server treats external clients as internal.

    Any sugesstion/solution about that case? How can Skype server decides client location? 




    Friday, June 17, 2016 7:20 AM

All replies

  • Hi 

    For External Clients to do A/V calls Edge should authenticate them and provide them with an MRAS URL ( You can check this on the client -System Tray -SFB icon-Right Click-Configuration) , If you are missing this then  Edge has communication issues with FE or with the External ports

    Check ifyou can telnet to the internal interface of Edge from FE  on Port 5062. 

    Check for Get-CsManagementStore replication , make sure Edge is also upto date. Apply the latest CU.

    Make sure the external firewalls allow port 5061 and 443 inbound and outbound to your access edge service on each edge server. Make sure port 443 is allowed inbound to your webcon service on the edge server and make sure ports 443, 50,000-59,999 TCP and 3478, 50,000-59,999 UDP are allowed both ways to your edge AV service 



    • Proposed as answer by Eason Huang Monday, June 20, 2016 7:29 AM
    Friday, June 17, 2016 8:12 AM
  • You should also check your Edge Network Configuration.

    Dns should point to the external dns Server. Default Gateway should point to the External router.

    All internal subnet should be configured through persisten routes.

    All internal Lync server should be added to the host file.

    Please check also, taht you don't have tls Errors on the eventlog for all Lync Server.

    regards Holger Technical Specialist UC

    • Proposed as answer by Eason Huang Monday, June 20, 2016 7:29 AM
    Sunday, June 19, 2016 6:39 PM
  • Hi,

    To avoid the DNS issue, you can login SFB client manually (only enter the external address).

    As all internal Server user the public IP, if the external users could access the internal DNS Server, then try to remove the DNS A record lyncdiscoverinternal in the internal DNS Server or block the internal DNS Server access from Internet.

    Best Regards

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Monday, June 20, 2016 7:34 AM
  • Thanks for the replies, 

    We had removed lyncdiscoverinternal record, still no luck. Maybe we should consider to disable external access to our internal DNS, but I think again the autodiscover service still tells that the client is internal. How this service determines location? 
    MRAS URL is provided, there is no communication problem and the related firewall rules are done. 

    I cannot try the Holger Bunkradt's solution, because we don't have an external router or DNS server. Could you be more specific?

    To remind, we have all servers using Public IP, external and internal client's gets the same results on DNS queries. 

    any additional methods for solution? Is there any trick that SFB servers treat all clients as external? 

    regards, okan.


    Friday, June 24, 2016 8:36 AM