Set up your network for Lync Online

To set up your network for Lync Online:

  1. Add Lync CNAME (alias) and SRV (service) settings to your Domain Name System (DNS) server.
  2. If you have an external firewall or proxy server, configure it to allow Lync traffic.
  3. Test your DNS and firewall settings.

Step One: Add DNS settings

If you’re using your own domain name, add these entries your external DNS server:

Type Host name Destination TTL
CNAME sip.yourDomainName.com sipdir.online.lync.com 1 hour
CNAME lyncdiscover.yourDomainName.com webdir.online.lync.com 1 hour
Type Service Protocol Port Weight Priority TTL Name Target
SRV _sip _tls 443 1 100 1 hour yourDomainName.com sipdir.online.lync.com
SRV _sipfederationtls _tcp 5061 1 100 1 hour yourDomainName.com sipfed.online.lync.com

See DNS setting details for the features affected by each record.

If you have a firewall that blocks external SRV queries, add these entries to your internal DNS server as well:

Type Host name Destination TTL
CNAME sip.yourDomainName.com sipdir.online.lync.com 1 hour
CNAME lyncdiscoverinternal.yourDomainName.com webdir.online.lync.com 1 hour
Type Service Protocol Port Weight Priority TTL Name Target
SRV _sip _tls 443 1 100 1 hour yourDomainName.com sipdir.online.lync.com

Step Two: Configure your firewall or proxy server

If you have an external firewall or proxy server, define rules for Lync ports, outgoing connections, and IP address ranges.

Ports

Open the following ports in your organization’s external firewall:

 Port Protocol Direction Usage
443 STUN/TCP Outbound Audio, video, and application sharing sessions
443 PSOM/TLS Outbound Data sharing sessions
3478 STUN/UDP Outbound Audio and video sessions
5223 TCP Outbound Lync mobile push notifications
50000-50019 RTP/UDP Outbound Audio sessions
50020-50039 RTP/UDP Outbound Video sessions
50040-50059 TCP Outbound Application sharing and file transfer

Outgoing connections

Create a rule that allows outgoing connections (TLS and HTTPS) for all users to these locations:

  • *.microsoftonline.com
  • *.microsoftonline-p.com
  • *.onmicrosoft.com
  • *officecdn.microsoft.com
  • *.sharepoint.com
  • *.outlook.com
  • *.lync.com
  • evsecure-ocsp.verisign.com
  • evsecure-aia.verisign.com
  • evsecure-crl.verisign.com
  • sa.symcb.com

Set the HTTP/SSL time-out value to eight hours.

IP address ranges

See Lync Online URLs and IP Address Ranges.

Step Three: Test your settings

Test your DNS settings:

  1. Go to the Microsoft Remote Connectivity Analyzer.
  2. On the Office 365 tab, choose Office 365 Lync Domain Name Server (DNS) Connectivity Test, and then click Next.
  3. Enter the sign-in address that you use when you sign in to Lync Online (for example, bob@contoso.com), and then start the test.

If you have an external firewall or proxy server, test your network settings:

DNS setting details

This table shows the Lync features affected by each DNS setting.

Type Host name or service Features affected
CNAME sip.yourDomainName.com

Lync desktop client autodiscover and sign-in

Anonymous and Guest access to Lync meetings and audio conferences

CNAME

lyncdiscover.yourDomainName.com

lyncdiscoverinternal.yourDomainName.com

Lync mobile client autodiscover and sign-in

Schedule online meetings from Outlook Web App

SRV _sip

Lync desktop client autodiscover and sign-in

Authenticated user sign-in with Lync Web App

SRV _sipfederationtls

Lync IM and presence integration with Outlook Web App

Supports adding external users to the Lync Contacts list:

  • Lync users in other organizations
  • Skype users signed in with a Microsoft account

See also

Troubleshooting Lync Online DNS configuration issues in Office 365

Troubleshoot Lync Online issues after you add your custom domain in Office 365

 
 
Applies to:
Lync admin center, Office 365 Enterprise admin, Office 365 Midsize Business admin, Office 365 Small Business admin