Microsoft vient de publier des informations concernant la liste des ports utilisés par l’environnement Lync. Les tableaux suivants couvrent l’ensemble des rôles, y compris l’aspect client. Des documents de références sans doute.
Bonne journée
Laurent Teruin
Component (server role or client) |
Service name |
Port |
Protocol |
Does this port need to be open on the load balancer? |
Notes |
Front End Servers |
Lync Server Front-End service |
5060 |
TCP |
Yes |
Used by Standard Edition servers and Front End pools for listening to client connections from Microsoft Lync 2010 (TCP). |
Front End Servers |
Lync Server Front-End service |
5061 |
TCP (TLS) |
Yes |
Used by Standard Edition servers and Front End pools for all internal SIP communications between servers (MTLS), for SIP communications between Server and Client (TLS) and for SIP communications between Front End Servers and Mediation Servers (MTLS). |
Front End Servers |
Lync Server Front-End service |
444 |
HTTPS |
Yes |
Used for communication between the Focus (the Lync Server component that manages conference state) and the individual servers. |
Front End Servers |
Lync Server Front-End service |
135 |
DCOM and remote procedure call (RPC) |
Yes (must be open on the hardware load balancer even if you are using DNS load balancing) |
Used for DCOM based operations such as Moving Users, User Replicator Synchronization, and Address Book Synchronization. |
Front End Servers |
Lync Server IM Conferencing service |
5062 |
TCP |
No |
Used for incoming SIP requests for instant messaging (IM) conferencing. |
Front End Servers |
Lync Server Web Conferencing service |
8057 |
TCP (TLS) |
No |
Used to listen for Persistent Shared Object Model (PSOM) connections from client. |
Front End Servers |
Lync Server Audio/Video Conferencing service |
5063 |
TCP |
No |
Used for incoming SIP requests for audio/video (A/V) conferencing. |
Front End Servers |
Lync Server Audio/Video Conferencing service |
57501-65335 |
TCP/UDP |
No |
Media port range used for video conferencing. |
Front End Servers |
Web Compatibility service |
80 |
HTTP |
Yes (must be open on the hardware load balancer even if you are using DNS load balancing) |
Used for communication from Front End Servers to the Web farm FQDNs (the URLs used by IIS Web components) when HTTPS is not used. |
Front End Servers |
Lync Server Web Compatibility service |
443 |
HTTPS |
Yes (must be open on the hardware load balancer even if you are using DNS load balancing) |
Used for communication from Front End Servers to the Web farm FQDNs (the URLs used by IIS Web components). |
Front End Servers |
Lync Server Web Compatibility service |
8080 |
TCP |
Yes (must be open on the hardware load balancer even if you are using DNS load balancing) |
Used for IIS Web components for external access. |
Front End Servers |
Lync Server Conferencing Attendant service (dial-in conferencing) |
5064 |
TCP |
No |
Used for incoming SIP requests for dial-in conferencing. |
Front End Servers |
Lync Server Conferencing Attendant service (dial-in conferencing) |
5072 |
TCP |
Yes |
Used for incoming SIP requests for Microsoft Lync 2010 Attendant (dial in conferencing). |
Front End Servers that also run a Collocated Mediation Server |
Lync Server Mediation service |
5070 |
TCP |
Yes |
Used by the Mediation Server for incoming requests from the Front End Server to the Mediation Server. |
Front End Servers that also run a Collocated Mediation Server |
Lync Server Mediation service |
5067 |
TCP (TLS) |
Yes |
Used for incoming SIP requests from the PSTN gateway to the Mediation Server. |
Front End Servers that also run a Collocated Mediation Server |
Lync Server Mediation service |
5068 |
TCP |
Yes |
Used for incoming SIP requests from the PSTN gateway to the Mediation Server. |
Front End Servers |
Lync Server Application Sharing service |
5065 |
TCP |
No |
Used for incoming SIP listening requests for application sharing. |
Front End Servers |
Lync Server Application Sharing service |
49152-65335 |
TCP |
No |
Media port range used for application sharing. |
Front End Servers |
Lync Server Conferencing Announcement service |
5073 |
TCP |
Yes |
Used for incoming SIP requests for the Lync Server Conferencing Announcement service (that is, for dial-in conferencing). |
Front End Servers |
Lync Server Call Park service |
5075 |
TCP |
Yes |
Used for incoming SIP requests for the Call Park application. |
Front End Servers |
Audio Test service |
5076 |
TCP |
Yes |
Used for incoming SIP requests for the Audio Test service. |
Front End Servers |
5066 |
TCP |
No |
Used for outbound Enhanced 9-1-1 (E9-1-1) gateway. |
|
Front End Servers |
Lync Server QoE Monitoring Service |
5069 |
TCP |
Yes |
Used by Quality of Experience (QoE) agent on the Front End Server. |
Front End Servers |
Lync Server Response Group service |
5071 |
TCP |
Yes |
Used for incoming SIP requests for the Response Group application. |
Front End Servers |
Lync Server Response Group service |
8404 |
TCP (MTLS) |
No |
Used for incoming SIP requests for the Response Group application. |
Front End Servers |
Lync Server Bandwidth Policy Service |
5080 |
TCP |
Yes |
Used for call admission control by the Bandwidth Policy service for A/V Edge TURN traffic. |
Front End Servers |
Lync Server Bandwidth Policy Service |
448 |
TCP |
Yes |
Used for call admission control by the Lync Server Bandwidth Policy Service. |
Front End Servers where the Central Management store resides |
CMS Replication service |
445 |
TCP |
No |
Used to push configuration data from the Central Management store to servers running Lync Server. |
All internal servers |
Various |
49152-57500 |
TCP/UDP |
N/A |
Media port range used for audio conferencing on all internal servers. Used by all servers that terminate audio: Front End Servers (for Lync Server Conferencing Attendant service, Lync Server Conferencing Announcement service, and Lync Server Audio/Video Conferencing service), and Mediation Server. |
Directors |
Lync Server Front-End service |
5060 |
TCP |
Yes |
Used by Standard Edition servers and Front End pools for listening to client connections from Lync 2010(TCP). |
Directors |
Lync Server Front-End service |
5061 |
TCP |
Yes |
Used for internal communications between servers and for client connections. |
Mediation Servers |
Lync Server Mediation service |
5070 |
TCP |
Yes |
Used by the Mediation Server for incoming requests from the Front End Server. |
Mediation Servers |
Lync Server Mediation service |
5067 |
TCP (TLS) |
Yes |
Used for incoming SIP requests from the PSTN gateway. |
Mediation Servers |
Lync Server Mediation service |
5068 |
TCP |
Yes |
Used for incoming SIP requests from the PSTN gateway. |
Mediation Servers |
Lync Server Mediation service |
5070 |
TCP (MTLS) |
Yes |
Used for SIP requests from the Front End Servers. |
Monitoring Servers |
Lync Server Monitoring service |
135 |
Message Queuing and remote procedure call (RPC) |
N/A |
Used for message queuing and RPC operations. |
Archiving Servers |
Lync Server Archiving service |
135 |
Message Queuing and RPC |
N/A |
Used for message queuing and RPC operations. |
Reverse proxy servers |
80 |
TCP |
N/A |
Used by the reverse proxy to listen on the external interface for incoming requests from external users. |
|
Reverse proxy servers |
443 |
TCP |
N/A |
Used by the reverse proxy to listen on the external interface for incoming requests from external users for Web components information and file downloads, distribution group expansion as well as Address Book information. |
|
Reverse proxy servers |
8080 |
TCP |
N/A |
Used for SIP/TLS communication with the internal network to the Web services cluster. Traffic from port 80 on the external interface is redirected to this port. |
|
Reverse proxy servers |
4443 |
TCP |
N/A |
Used by the reverse proxy to listen on the internal interface. Traffic from port 443 on the external interface is redirected to this port. |
|
Edge Servers |
All edge services (external interface) |
443 |
TCP |
Yes |
Used for SIP/TLS communication for external users accessing internal Web conferences, and STUN/TCP inbound and outbound media communications for accessing internal media and A/V sessions. |
Edge Servers |
Lync Server Access Edge service (internal and external interface) |
5061 |
TCP |
Yes |
Used for SIP/MTLS communication for remote user access or federation and public Internet connectivity. |
Edge Servers |
Lync Server Web Conferencing Edge service (internal interface) |
8057 |
TCP |
No |
Used to listen for PSOM/MTLS communications from the Web Conferencing Server on the internal interface of the Web Conferencing Edge Server. |
Edge Servers |
Lync Server Audio/Video Edge Authentication service (internal interface) |
5062 |
TCP |
Yes |
Used for SIP/MTLS authentication of A/V users. Communications flow outbound through the internal firewall. |
Edge Servers |
Lync Server Audio/Video Edge service (internal and external interfaces) |
3478 |
UDP |
Yes |
Used for STUN/UDP inbound and outbound media exchange. |
Edge Servers |
Lync Server Audio/Video Edge service port range |
50,000-59,999 |
RTP/TCP, RTP/UDP |
No |
Used for inbound and outbound media transfer through the external firewall. This port range always needs to be opened outbound for TCP. If you federate with an organization running Microsoft Office Communications Server 2007 R2 or Microsoft Office Communications Server 2007, you must open this range both outbound and inbound, and for both TCP and UDP. |
Edge Servers |
All Edge services (internal interface) |
4443 |
TCP |
No |
Used to push configuration data from the Central Management store to the Edge Server. This port must be opened on every individual Edge Server, not on the load balancer. |
Clients |
67/68 |
DHCP |
N/A |
Used by Lync 2010 to find the Registrar FQDN (if DNS SRV fails and manual settings are not configured). |
|
Clients |
6891-6901 |
TCP |
N/A |
Used for file transfer between Lync 2010 clients and previous clients (clients of Office Communicator 2007 R2, Office Communications Server 2007, and Live Communications Server 2005). |
|
Clients |
1024-65535 |
TCP/UDP |
N/A |
Used by clients for audio port range (minimum of 20 ports required). |
|
Clients |
1024-65535 |
TCP/UDP |
N/A |
Used by clients for video port range (minimum of 20 ports required). |
|
Clients |
1024-65535 |
TCP |
N/A |
Used by clients for peer-to-peer file transfer (for conferencing file transfer, clients use PSOM). |
|
Clients |
1024-65535 |
TCP |
N/A |
Used by clients for application sharing. |
|
Microsoft Lync 2010 Phone Edition for Aastra 6721ip common area phone Microsoft Lync 2010 Phone Edition for Aastra 6725ip desk phone Microsoft Lync 2010 Phone Edition for Polycom CX500 common area phone Microsoft Lync 2010 Phone Edition for Polycom CX600 desk phone |
67/68 |
DHCP |
N/A |
Used by the devices listed to find the Lync Server 2010 certificate, provisioning FQDN, and Registrar FQDN. |
IPsec Exceptions
For enterprise networks where Internet Protocol security (IPsec) (see IETF RFC 4301-4309) has been deployed, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panorama video. The recommendation is motivated by the need to avoid any delay in the allocation of media ports due to IPsec negotiation.
The following table explains the recommended IPsec exception settings.
Recommended IPsec Exceptions
Rule name |
Source IP |
Destination IP |
Protocol |
Source port |
Destination port |
Filter action |
A/V Edge Server Internal Inbound |
Any |
A/V Edge Server Internal |
UDP and TCP |
Any |
Any |
Permit |
A/V Edge Server External Inbound |
Any |
A/V Edge Server External |
UDP and TCP |
Any |
Any |
Permit |
A/V Edge Server Internal Outbound |
A/V Edge Server Internal |
Any |
UDP & TCP |
Any |
Any |
Permit |
A/V Edge Server External Outbound |
A/V Edge Server External |
Any |
UDP and TCP |
Any |
Any |
Permit |
Mediation Server Inbound |
Any |
Mediation Server(s) |
UDP and TCP |
Any |
Any |
Permit |
Mediation Server Outbound |
Mediation Server(s) |
Any |
UDP and TCP |
Any |
Any |
Permit |
Conferencing Attendant Inbound |
Any |
Any |
UDP and TCP |
Any |
Any |
Permit |
Conferencing Attendant Outbound |
Any |
Any |
UDP and TCP |
Any |
Any |
Permit |
A/V Conferencing Inbound |
Any |
A/V Conferencing Servers |
UDP and TCP |
Any |
Any |
Permit |
A/V Conferencing Server Outbound |
A/V Conferencing Servers |
Any |
UDP and TCP |
Any |
Any |
Permit |
Exchange Inbound |
Any |
Exchange Unified Messaging |
UDP and TCP |
Any |
Any |
Permit |
Application Sharing Servers Inbound |
Any |
Application Sharing Servers |
TCP |
Any |
Any |
Permit |
Application Sharing Server Outbound |
Application Sharing Servers |
Any |
TCP |
Any |
Any |
Permit |
Exchange Outbound |
Exchange Unified Messaging |
Any |
UDP and TCP |
Any |
Any |
Permit |
Clients |
Any |
Any |
UDP |
Specified media port range |
Any |
Permit |