Lync clients av troubelshoting - internal and external connection RRS feed

  • Question

  • Hi together,

    we have a Lync Infrastructure installed (Lync 2013 Standard FE Server and Lync 2010 edge actually).

    externally connected users are able to have av sessions with other externally connected users.

    Also internal to internal is working fine.

    But: We have users connected through VPN site2site tunnels to the Lync network. We configured the Clients to use the "external way" to the lync Server (not through the VPN tunnel) because their DNS is pointing to the external lync Server IPs.

    So IM from these users is doing well but when they try to establish lync AV sessions to other users (connected NOT through the tunnel) we determine that they try to use the tunnel for AV communication.

    At least my question:

    Where/how do I define that a Client is "internal" or "external" for the Lync Server environment. When he connects to the Lync Edge Server (or even not). VPN Site2Site Clients seem as a Grey Zone for me...

    Greetings/Grüße Gernot

    Friday, May 30, 2014 8:12 AM


All replies

  • It sounds like you may have missed something when setting up your bypass. If you try and ping your Lync & Lync Edge DNS names when connected to VPN do they all resolve to external addresses?

    Have you had a look at this article? http://blogs.technet.com/b/nexthop/archive/2011/11/15/enabling-lync-media-to-bypass-a-vpn-tunnel.aspx

    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | Lync MVP
    Blog www.lynced.com.au | Twitter @georgathomas
    Lync Edge Port Check (Beta)

    This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Proposed as answer by Eason Huang Wednesday, June 4, 2014 9:27 AM
    • Marked as answer by Eason Huang Monday, June 9, 2014 2:53 AM
    Friday, May 30, 2014 12:57 PM
  • Hi,

    Couple of points to add here ;

    What is the IP range of VPN users ? I assume , it should be internal IP subnet. If so , there are chances of spoofing rejection on edge server external interface.

    Can you confirm the routing path ; Is it VPN internal IP (client1) >Internet (Possible NAT via VPN router) > Edge external interface > U Turn > Internet user (remote). This is not recommended approach for internal user.

    Can you confirm ?



    If answer is helpful, please hit the green arrow on the left, or mark as answer. Blog : http://blogs.technet.com/b/saleesh_nv/

    Friday, May 30, 2014 1:14 PM