locked
Skype for Business Client - connection logic of the client RRS feed

  • Question

  • Hello everyone,

    Hope you guys are doing just  great.

    I hope you can help me with the following inquiry.

    We have an on-premise Skype for Business deployment with 3 Front Ends and one Edge Pool.

    Most of our users already use the Skype for Business client but some of them still have the Lync 2010 client (will upgrade in the near future though).

    The problem we currently have is related to External Access and VPN connection.

    1. If any user connects as External Access (directly via Internet) everything is working fine.

    2. If any user connects via VPN from his home office for example, again everything is working fine.

    Here comes the problem:

    However we have the following situation where we encountered one issue: we have some users that are working from home. When they start their laptops, since the laptop is connected by default to the users Internet connection, the Lync/SfB client will start and sign in automatically over the Internet. At this point, a few minutes later while the Lync/SfB client is still signed in, the user decides to connect to internal network via VPN client. He starts the VPN client and connects successfully to VPN, while the Lync/SfB client was signed in during the VPN connection process. Now the VPN connection is established, but the Lync/SfB Client remains signed in all the time and does not perform a disconnect and reconnect at all.

    This behavior of the Lync/SfB client for this particular case leads to the following issue: the users which connect this way, cannot use any presentation features (powerpoint, whiteboard etc.). The error message comes up that the presentation features cannot be used due to network difficulties. In the client (Lync 2010) log file, for a PowerPoint presentation attempt I was able to see that the client tries to contact the Reverse Proxy to download the file, but since it tries to contact the external address while connected via VPN (so internal network) it fails to download the file, hence the presentation is not working. A/V and Conferencing (without presenting features) on the other hand work just fine.

    I know that this issue can be solved by enabling the Lync/SfB client to bypass the VPN tunnel and connect externallyl all the time through the Edge servers, but this is against our policy as we want the client to send all traffic through VPN.

    The question I have is the following: is there a way to force the SfB/Lync client in this specific scenario to perform a disconnect and reconnect? If the SfB/Lync client would disconnect, when the VPN client is connected, and reconnect a few moments later, it would register as an internal client and everything would work. Unfortunately in our case, the SfB/Lync client stay connected all the time and ends up in this mixed state where A/V is fine and Presenting feature is broken.

    I am also aware that this is the logic behind the SfB/Lync client in terms of connection establishment: first it tries to resolve the internal address and if this is not possible, it goes and tries to resolve the external address and connects via Edge (when the user starts the laptop, which is connected to Internet access). Then the Lync/SfB client will keep this connection open until it will somehow break (which in our case does not happen) and only if it breaks, it will try again to register.

    Any idea how to overcome this limitation and force the Lync/SfB Client, once VPN is connected, to perform a new register will be highly appreciated.

    Thank you,

    Ovidiu

    Monday, July 11, 2016 12:43 PM

Answers

  • Hello,

    Here is a good article for this : https://blogs.technet.microsoft.com/nexthop/2011/11/14/enabling-lync-media-to-bypass-a-vpn-tunnel/

    Tuesday, July 12, 2016 6:03 AM
  • Another one for your referent.

    http://www.stevenjordan.net/2014/08/configure-lync-clients-on-split-tunnel.html

    This is configured in VPN profile.

    Tuesday, July 12, 2016 1:13 PM

All replies

  • Is VPN connection split or full tunneling ?
    Monday, July 11, 2016 12:47 PM
  • sorry, forgot to mention: when the user initiates a VPN client connection, it builds up a split tunnel connection.

    Monday, July 11, 2016 1:00 PM
  • so, I think you should configure full tunneling if you want Lync/SfB client connection/disconnection linked to VPN connection/disconnection.
    Monday, July 11, 2016 1:48 PM
  • right and thanks for the input, this was our first thought as well.

    but then I remembered: wasn't the Microsoft recommendation to use split tunnel VPN? In the case with split tunnel, the way I see it is that it can only work if the media bypass for VPN is configured. Else the client will have the capability to resolve internally and externally as well, landing it into a mixed state (which is the cause of our problems).

    Isn't there any other way from client perspective? Or maybe any other idea?

    Monday, July 11, 2016 3:17 PM
  • Hello,

    Here is a good article for this : https://blogs.technet.microsoft.com/nexthop/2011/11/14/enabling-lync-media-to-bypass-a-vpn-tunnel/

    Tuesday, July 12, 2016 6:03 AM
  • Another one for your referent.

    http://www.stevenjordan.net/2014/08/configure-lync-clients-on-split-tunnel.html

    This is configured in VPN profile.

    Tuesday, July 12, 2016 1:13 PM