To set up your network for Lync Online:
- Add Lync CNAME (alias) and SRV (service) settings to your Domain Name System (DNS) server.
- If you have an external firewall or proxy server, configure it to allow Lync traffic.
- Test your DNS and firewall settings.
Step One: Add DNS settings
If you’re using your own domain name, add these entries your external DNS server:
| Type |
Host name |
Destination |
TTL |
| CNAME |
sip.yourDomainName.com |
sipdir.online.lync.com |
1 hour |
| CNAME |
lyncdiscover.yourDomainName.com |
webdir.online.lync.com |
1 hour |
| Type |
Service |
Protocol |
Port |
Weight |
Priority |
TTL |
Name |
Target |
| SRV |
_sip |
_tls |
443 |
1 |
100 |
1 hour |
yourDomainName.com |
sipdir.online.lync.com |
| SRV |
_sipfederationtls |
_tcp |
5061 |
1 |
100 |
1 hour |
yourDomainName.com |
sipfed.online.lync.com |
See DNS setting details for the features affected by each record.
If you have a firewall that blocks external SRV queries, add these entries to your internal DNS server as well:
| Type |
Host name |
Destination |
TTL |
| CNAME |
sip.yourDomainName.com |
sipdir.online.lync.com |
1 hour |
| CNAME |
lyncdiscoverinternal.yourDomainName.com |
webdir.online.lync.com |
1 hour |
| Type |
Service |
Protocol |
Port |
Weight |
Priority |
TTL |
Name |
Target |
| SRV |
_sip |
_tls |
443 |
1 |
100 |
1 hour |
yourDomainName.com |
sipdir.online.lync.com |
Step Two: Configure your firewall or proxy server
If you have an external firewall or proxy server, define rules for Lync ports, outgoing connections, and IP address ranges.
Ports
Open the following ports in your organization’s external firewall:
| Port |
Protocol |
Direction |
Usage |
| 443 |
STUN/TCP |
Outbound |
Audio, video, and application sharing sessions |
| 443 |
PSOM/TLS |
Outbound |
Data sharing sessions |
| 3478 |
STUN/UDP |
Outbound |
Audio and video sessions |
| 5223 |
TCP |
Outbound |
Lync mobile push notifications |
| 50000-59999 |
RTP/UDP |
Outbound |
Audio and video sessions |
Outgoing connections
Create a rule that allows outgoing connections (TLS and HTTPS) for all users to these locations:
- *.microsoftonline.com
- *.microsoftonline-p.com
- *.onmicrosoft.com
- *.sharepoint.com
- *.outlook.com
- *.lync.com
- EV-Secure.verisign.com (microsoftonline.com Certificate Revocation Library)
Set the HTTP/SSL time-out value to eight hours.
IP address ranges
See Lync Online URLs and IP Address Ranges.
Step Three: Test your settings
Test your DNS settings:
- Go to the Microsoft Remote Connectivity Analyzer.
- On the Office 365 tab, choose Office 365 Lync Domain Name Server (DNS) Connectivity Test, and then click Next.
- Enter the sign-in address that you use when you sign in to Lync Online (for example, bob@contoso.com), and then start the test.
If you have an external firewall or proxy server, test your network settings:
DNS setting details
This table shows the Lync features affected by each DNS setting.
| Type |
Host name or service |
Features affected |
| CNAME |
sip.yourDomainName.com |
Lync desktop client autodiscover and sign-in |
| CNAME |
lyncdiscover.yourDomainName.com
lyncdiscoverinternal.yourDomainName.com
|
Lync mobile client autodiscover and sign-in |
| SRV |
_sip |
Lync IM and presence integration with Outlook Web App
Authenticated user sign-in with Lync Web App
|
| SRV |
_sipfederationtls |
Supports adding external users to the Lync Contacts list:
- Lync users in other organizations
- Skype users signed in with a Microsoft account
|
See also
Troubleshooting Lync Online DNS configuration issues in Office 365
Troubleshoot Lync Online issues after you add your custom domain in Office 365
