TopBanner

How to Verify Lync Edge Server Ports Are Open


Okay, so the firewall guys said they opened your essential Microsoft Lync Edge ports, but did they? We’'ll go over the steps to test if the TCP ports are properly opened using the free TCP Test Tool 3.0 from Simple Com Tools. In our test we will not just check if the TCP ports are opened, but also that our Edge Server receives and can send data with no errors.

We can start by downloading the TCP Test Tool 3.0. You can download the free tool here.  Install the TCP Test Tool 3.0 on the Edge Server and some PC (can be any PC, doesn’t need to be a server) outside your network. We won’t run the tool just yet.

Next thing we will need to do is stop the Lync Edge Windows Services, so we can bind the ports to our test tool instead of Lync. We can stop the Lync Edge services in one of 3 ways: by individually stopping them from the Services MMC, from the Lync Server Control Panel or using the Powershell command Stop-CsWindowsService. Below we can see the services are stopped.

powershell-stop-services

Now that the Lync Edge ports are not being used by the Lync Edge services, we can run the TCP Test Tool 3.0 and bind the port we want to test to it. We do this by running the TCP Test Tool, then on the “Server” (right side) side of the TCP Test Tool program, select the correct IP interface, (the interface that is facing the web) and type in the port you want to test and click “Bind” (the first port we’ll test for our example is 5061 as shown below.)

setup server

NOTE: If there are any “Current connections” before you connect using the TCP Test Tool from a client PC, this means something is trying to contact your Lync Edge, very likely some Lync client if this is a live server. You may very well get the “Callback Error!” show below for every incoming connection that is not your TCP Test Tool client. A little annoying, I know, but just click OK to get rid of the message(s).

error on incoming traffic

Next we can go to a PC outside your network and test if the port is open. Run TCP Test Tool and on the “Client” side (left side) of the TCP Test Tool fill in the IP or Domain (using the domain tests DNS as well) of your Edge Server, Port and click Connect.

setup-client

Now you should see “Connected” on the Client side (PC outside your network) and a Connection entry on the Server side. (Note the connection on the server side as you will need to select this connection when sending a response back to the client.) Now you successfully established a TCP connection from a PC outside your network, through your firewall to the Edge Server. Good start!

Now in the “Edit/Send Data” type some text you want to send to your Server/Edge and click “Send”. Hey, our port is working fine!

from client to server

Now if we want to make sure traffic can go from the Server/Edge to the client we move to the server Server/Edge, select the TCP connection coming from our PC outside the network (that we are keeping in our head from when we started this session, remember?) type some text in the “Edit/Send Data” on the Server side, click “Send” and see if our ports are working bi-directionally.

If this test passes you can be quite confident that your Edge traffic is indeed passing through the firewall (and the firewall guys did their duty!)

Now you can repeat the steps to test all the other TCP ports. Below are the common TCP ports an Edge Server uses:

Single IP Edge Configuration TCP Ports UDP Ports
Access/Web/ IP 80, 443, 5061, 444, 50000-59999 3478, 50000-59999
     
3 IP Edge Configuration    
Access Edge IP 443, 5061  
WebConf Edge IP 443  
A/V Edge IP 443, 50000-59999 3478, 50000-59999

NOTE: If you want to test the UDP ports as well, there is a UDP Test Tool too, get it here: Click Here.

When you are done testing you can Click Disconnect on the Client side.

You will want to fire up your Edge Services by using Start-CsWindowsService and verify by glancing at the Services MMC

edge services mmc

When you are all done, make sure you close the TCP Test Tool on both the server and the client as they can be bound to ports and make production environment fail.

Download TCP Test Tool Here:
http://www.simplecomtools.com/Sierra

More TCP Test Tools and Links:
http://www.hw-group.com/products/hercules/index_en.html

tells who is using what ports:
netstat -a -n -b

Edge Ports:
http://technet.microsoft.com/en-us/library/gg425891.aspx

10 comments:

  1. Hi Matt, thanks again..

    Can you send the tool to robson.mcts@gmail.com the site not reply with link for download.

    Thanks advance

    ReplyDelete
    Replies
    1. I sent a message to their support email and was given: http://www.simplecomtools.com/Sierra

      Delete
    2. Thanks for that link! I will edit the article.

      Delete
    3. @Rebson, see the URL to directly download the tool.

      Delete
  2. sir i have deployed lync edge server everything is working fine internally even i buyed the external certificate frm godaddy and deployed and assigned it even services are started but when i try to login remotely my ync client is giving me error message server is temparerly out of service i nedd u r assistant plz help me with this.

    ReplyDelete
  3. I would assume this is valid for both 2010 and 2013 Edge Servers? Also does the tool work on Server 2012?

    ReplyDelete
  4. Thank you for your post, It has helped me a lot with my LYNC deployment.

    ReplyDelete
  5. IT Staff outsourcing services First of all, it is a risk of information leak. Each company which performs outsourcing IT services guarantees confidentiality, thus this risk is minimal but still it happens to be. Another unpleasant probable situation is a bankruptcy of the chosen company which provides you with software outsourcing services, thus you will have to look for another one and to start all over again.

    ReplyDelete