locked
Skype for Business 2015 screen share does not connect after firewall migration RRS feed

  • Question

  • Hello,

    We run skype for business 2015 with a single front end server, gateway server and officeweb apps server.  After a firewall migration the screen sharing function no longer works with a machine that is outside of our network.  Internally all the sharing works and it works externally if the remote machine is on our vpn.  The remote client will connect if the machine is not on vpn, and they can IM but screen share does not work.  The screen sharing worked correctly with the old firewall in place.

    I've went back and double checked all my firewall access rules are the same and the nat rules were also migrated over exactly.  It seems to me like a protocol needs opened just because the clients connect fine but just can't screen share.  I was hoping to get some help being pointed in the right direction because i'm not sure where to start troubleshooting with our firewall vendor.  It appears to be just screen sharing that is not working which I believe is connecting to avedge.

    Thanks

    Monday, October 15, 2018 7:08 PM

All replies

  • Hi,

    Does the firewall have the same internal & external IPs as the old firewall?

    Monday, October 15, 2018 8:44 PM
  • Hi Ben,

    Do you enable the Video based Screen Sharing for Skype for Business Server in your organization? If so, please refer to this link to check the port if you have opened.

    You could check the ports and protocol like the following screenshot.

    SFB client need the following port:

    1024-65535  TCP/UDP   Application sharing.


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, October 16, 2018 6:26 AM
  • Yes the internal and external IP's are the same.
    Tuesday, October 16, 2018 11:04 AM
  • I do have this update installed in our version but I don't see those ports needing to be open based on the diagram above to external clients.  Just as a test I opened all tcp/udp traffic to the edge server and the front end server from outside -> inside zone, but I still got the same result as before, we couldn't connect to the presentation because of network issues.  This does work on our VPN and internally.

    Tuesday, October 16, 2018 11:45 AM
  • When checking your firewall logs, are you seeing any denies when performing a desktop share?

    This issue is almost certainly down to incorrect natting or firewall rules so I would double-check that.

    Different firewalls also behave differently e.g. Palo Alto's can require app ID's to be setup so it might be an idea to check with your firewall vendor after looking to see if anything is being blocked.

    Tuesday, October 16, 2018 1:05 PM
  • Hi,

     

    Are there any updates for this issue, if the reply is helpful, please try to mark it as an answer,  it will help others who have similar issue.


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, October 19, 2018 8:52 AM
  • This is fixed, I was able to get a TAC engineer to help with the config of the FTD.  The TCP ports 50000-59999 needed to be open on the AVedge ip of the gateway server.  Once I opened those all of the screen sharing worked.  It's weird this wasn't needed on the ASA and I verified in my config that it had not been open prior.
    Friday, November 9, 2018 6:12 PM