Menu
-->
![Business Business](/uploads/1/2/6/6/126644033/623407720.png)
![2016 2016](/uploads/1/2/6/6/126644033/876031082.webp)
Skype for Business Server requires that specific ports on the external and internal firewalls be open. Additionally, if Internet Protocol security (IPsec) is deployed in your organization, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panorama video.
- Logs available for the Skype for Business desktop client. There are two types of logs available from the desktop client.UccApilog files contain general client usage information.etl files contain media-specific log information; For any bugs related to Audio/Video, please attach both log types if possible.
- Install, sign in, and start using Skype for Business to add contacts, make calls, chat, and hold online meetings. Get started on Windows Get started on Mac. Featured topics. Make and receive calls. Add a contact. Add or update your picture. Change your presence status. Set Audio Device options.
- Download skype for os x 10.7.5 for free. Communication downloads - Skype by Skype Limited and many more programs are available for instant and free download.
- May 10, 2019 Download DirectX End-User Runtime Web Installer Microsoft Skype for Business Basic gives you instant messaging (IM), audio and video calls, online meetings, availability (presence) information, and sharing capabilities all from one, easy-to-use program.
Summary: Prepare your Skype for Business Server 2015 servers with this topic. Hardware, OS, databases, software, all the system requirements and recommendations are here to help ensure a successful install and deployment of your server farm.
If you're looking for environmental requirements, such as Active Directory, DNS or certificates, you can check out the Environmental requirements for Skype for Business Server 2015 doc.
As you might expect, there are some preparations to make before you begin deploying Skype for Business Server 2015. This article will walk you through planning for the following:
Hardware for Skype for Business Server 2015
Now that you have your topology down (and if you don't, you can check out the Topology Basics for Skype for Business Server 2015 topic), it's time to think about servers. Skype for Business Server 2015 servers will require 64-bit hardware. Our recommendations for hardware are below. These aren't requirements, but they reflect the requirements necessary for optimal performance. We have capacity planning documentation that will help you determine if you need more than this, depending on your circumstances.
Recommended hardware for Front End Servers, Back End Servers, Standard Edition servers, and Persistent Chat Servers:
Hardware component | Recommended |
---|---|
CPU | 64-bit dual processor, hex-core, 2.26 gigahertz (GHz) or higher. Intel Itanium processors are not supported for Skype for Business Server 2015 roles. |
Memory | 32 gigabytes (GB). |
Disk | EITHER: • 8 or more 10000 RPM hard disk drives with at least 72 GB free disk space (two of the disks using RAID 1 and 6 using RAID 10). OR • Solid state drives (SSDs) able to provide the same free space and similar performance to 8 10000 RPM mechanical disk drives. |
Network | 1 dual-port network adapter, 1 Gbps or higher (2 network adapters can be used, but they need to be teamed with a single MAC address and a single IP address). Dual or multi-homed configurations are not supported for Front End Servers, Back End Servers, Standard Edition servers, and Persistent Chat Servers. As long as they are not exposed to the operating system and are being used to monitor and manage server hardware, you can have out of band management systems, such as DRAC or ILO. This scenario doesn't constitute a multi-homed server, and it is supported. |
Recommended hardware for Edge Servers, standalone Mediation Servers, Video Interop Servers, and Directors:
Hardware component | Recommended |
---|---|
CPU | 64-bit dual processor, quad-core, 2.26 gigahertz (GHz) or higher. Intel Itanium processors are not supported for Skype for Business Server 2015 roles. |
Memory | 16 gigabytes. |
Disk | EITHER: • 4 or more 10000 RPM hard disk drives with at least 72 GB free disk space (the disks should be in a 2x RAID 1 configuration). OR • Solid state drives (SSDs) able to provide the same free space and similar performance to 4 10000 RPM mechanical disk drives. |
Network | 1 dual-port network adapter, 1 Gbps or higher (2 network adapters can be used, but they need to be teamed with a single MAC address and a single IP address). Dual or multi-homed configurations are not supported for Video Interop Servers and Directors. Edge servers will require two network interfaces that are dual-port network adapters, 1 Gbps or higher (or two paired network adapters, for a total of four, each pair being teamed with a single MAC address and a single IP address, for a total of two pairs). On standalone Mediation Servers the installation of additional network interface cards (NICs) to allow the configuration of a specific PSTN IP address is supported. |
Operating systems for Skype for Business Server 2015
Once you have the hardware in place, you'll need to install operating systems (OS). These are the OS that will allow you to install and successfully use Skype for Business Server 2015.
Windows Server 2019 (You need Skype for Business Cumulative Update 9 or later). | Windows Server 2016 (You need Skype for Business Cumulative Update 5 or later. For more information check KB4015888) |
Windows Server 2012 R2 Datacenter OS with all required updates installed. | Windows Server 2012 R2 Standard OS with all required updates installed. |
Windows Server 2012 Datacenter OS with all required updates installed. | Windows Server 2012 Standard OS with all required updates installed. |
If it's not on this list, it won't work properly, please don't try it for new installations of Skype for Business Server 2015.
Note
In-place upgrade of the OS is not supported with Lync Server 2013. You must deploy a separate pool and migrate users to the new pool with a different OS. All servers in a pool must have the same OS version.
Note
You may have noticed Windows Server 2008 R2 isn't on this list. That's because we recommend Windows Server 2012 R2 for all new servers to be used for SFB. You should only be using Windows Server 2008 R2 when you have existing servers with Lync Server 2013 already installed, and you're intending to do an in-place upgrade of them. Windows Server 2008 R2 reached the end of the mainstream support lifecycle on 1/13/2015 and will reach the end of its support lifecycle on 1/14/2020.
In addition to the latest service pack, you'll want to ensure the following updates are installed where relevant to you:
- For Windows Server 2012, KB article 2858668 should be installed before an upgrade. Get it here.
- If you have Windows Server 2012 R2, please install KB article 2982006 before upgrading. It's found here.
- If you're upgrading on a Windows Server 2008 R2 box (see the Note above), then you'll want to install KB article 2533623 first. It's at this link.
Back end databases that will work with Skype for Business Server 2015
When installing Skype for Business Server 2015 Standard Edition, you'll have SQL Server 2014 Express (64-bit edition) is automatically installed as well.
Skype For Business 2016 Download
Skype for Business Server 2015 Enterprise Edition is a little more complicated, but the supported list is below (everything is 64-bit edition, you'll notice, please don't use 32-bit editions):
Microsoft SQL Server 2019 Enterprise (64-bit edition), and we recommend running with the latest service pack. | Microsoft SQL Server 2017 Enterprise (64-bit edition), and we recommend running with the latest service pack. | Microsoft SQL Server 2016 Enterprise (64-bit edition) with Service Pack 1 or later, and you must run with Skype for Business Cumulative Update 7 or later (download Skype for Business Cumulative Update). | Microsoft SQL Server 2014 Enterprise (64-bit edition), and you must run with Cumulative Update 6 or later (download Cumulative Update 6). | Microsoft SQL Server 2012 Enterprise (64-bit edition), and we recommend running with the latest service pack. |
Microsoft SQL Server 2019 Standard (64-bit edition), and we recommend running with the latest service pack. | Microsoft SQL Server 2017 Standard (64-bit edition), and we recommend running with the latest service pack. | Microsoft SQL Server 2016 Standard (64-bit edition) with Service Pack 1 or later, and you must run with Skype for Business Cumulative Update 7 or later (download Skype for Business Cumulative Update). | Microsoft SQL Server 2014 Standard (64-bit edition), and you must run with Cumulative Update 6 or later (download Cumulative Update 6). | Microsoft SQL Server 2012 Standard (64-bit edition), and we recommend running with the latest service pack. |
If you don't see the SQL Server edition you want to use listed here, you can't use it.
- You're also going to need to install SQL Server Reporting Services for the Monitoring Server role.
- For a well-connected SQL back end, the connection to the Skype for Business front end should be local, and not across a low speed link.
- Sharing SQL back ends between two or more pools is not supported.
Microsoft Exchange storage
Meeting content files, such as PowerPoint presentations, are archived as attachments. If you want to store Skype for Business archive data with Exchange compliance data, you must use Exchange for your Exchange deployment and ensure that the maximum storage size supports storage of the meeting content files. You must deploy Exchange prior to deploying and enabling archiving using the Microsoft Exchange integration option.
Hardware and software requirements for archiving in Skype for Business Server 2015
Archiving is not a defined server role, you do not need to install a separate server for archiving. Unified Data Collection Agents are installed and activated automatically on every Enterprise Edition Front End pool and every Standard Edition Server. You will need to enable and publish your archiving topology by using Topology Builder.
Archiving uses the Skype for Business Server file storage for temporary storage of meeting content files, so you do not set up a separate file store for archiving.
Microsoft Message Queuing is not required.
You will need to set up the infrastructure for archiving storage. This includes choosing either Exchange or Archiving storage using SQL Server. Skype for Business Server Archiving infrastructure requirements are the same as for deployment of Skype for Business Server. For details, see Requirements for your Skype for Business environment.
Note
To support users who are not homed on Exchange servers, or if you do not want to use the Microsoft Exchange integration option, you must deploy archiving storage using a 64-bit SQL Server database.
You must set up the SQL Server platforms prior to deploying and enabling archiving. If the account to be used to publish the topology has the appropriate administrator rights and permissions, you can create the Archiving database (LcsLog) when you publish your topology. You can also create the database later, included as part of the installation procedure. For details about SQL Server, see the SQL Server documentation.
The load increase for archiving can be significant. Therefore, you should ensure that disk space is adequate for Front End Servers on which archiving is enabled.
SQL Mirroring, SQL Clustering, and SQL Always On
You are able to use SQL Mirroring or SQL Clustering with Skype for Business Server 2015, it's supported. SQL Mirroring's set up through the Skype for Business Server Topology Builder. If you're intent on setting up SQL Clustering, that's done in SQL Server.
Make sure you have an active/passive configuration for SQL Clustering, as that's what's supported. Don't share the passive node with any other SQL instance.
You can have the following for failover clustering:
Two-node:
- Microsoft SQL Server 2019 Standard (64-bit edition), and we recommend running with the latest service pack.
- Microsoft SQL Server 2017 Standard (64-bit edition), and we recommend running with the latest service pack.
- Microsoft SQL Server 2016 Standard (64-bit edition) with Service Pack 1 or later. We recommend running with the latest service pack.
- Microsoft SQL Server 2014 Standard (64-bit edition), and we recommend running with the latest service pack.
- Microsoft SQL Server 2012 Standard (64-bit edition), and we recommend running with the latest service pack.
Sixteen-node:
- Microsoft SQL Server 2019 Enterprise (64-bit edition), and we recommend running with the latest service pack.
- Microsoft SQL Server 2017 Enterprise (64-bit edition), and we recommend running with the latest service pack.
- Microsoft SQL Server 2016 Enterprise (64-bit edition) with Service Pack 1 or later. We recommend running with the latest service pack.
- Microsoft SQL Server 2014 Enterprise (64-bit edition), and we recommend running with the latest service pack.
- Microsoft SQL Server 2012 Enterprise (64-bit edition), and we recommend running with the latest service pack.
Important
For upgrading, we do want you to ensure that on your Front End Servers you have at least SQL Server 2012 SP1 installed prior to upgrade. Here's a link to SP1 if you want to download it right away.
If you need to read up more on SQL Mirroring, we have a Back End Server high availability in Skype for Business Server 2015 topic. Configure SQL Server clustering for Skype for Business Server 2015 has the steps for getting clustering ready. There are also further links on failover clustering for SQL, for 2014, 2012, and 2008.
Note
Skype For Business 2016 Os Xp
New to the 2015 release is support of SQL Always On. It is supported, and you can read more about it in the Back End Server high availability in Skype for Business Server 2015 topic.
Note
SQL Mirroring is available in Skype for Business Server 2015 but is no longer supported in Skype for Business Server 2019. The AlwaysOn Availability Groups, AlwaysOn Failover Cluster Instances (FCI), and SQL failover clustering methods are preferred with Skype for Business Server 2019.
Software that should be installed before a Skype for Business Server 2015 deployment
There are some things you're going to need to install or configure for any server running Skype for Business Server 2015, and they're listed below. After that are additional requirements for specific server roles.
All Servers:
Software/Role | Details |
---|---|
Windows PowerShell 3.0 | All Skype for Business Server servers need Windows PowerShell 3.0 installed. • If you're doing the installation on Windows Server 2012 or Windows Server 2012 R2, you're set, because it's already there. • If you're doing an upgrade on Windows Server 2008 R2, you can download the Windows Management Framework 3.0 to get it. Tip: Once you have the correct PowerShell on there, confirm that it's BuildVersion 6.2.9200.0 or later by going to the PowerShell prompt and typing $PSVersionTable . This should bring up the information you need. |
Microsoft .NET Framework | WCF services is a Feature that's installed as a Windows feature, under Server Manager, no downloads needed. • You need to make sure, when you install this feature, or if it's already installed and you're checking on it, that the HTTP Activation option is also checked and installed, as follows: Don't worry if you get an additional pop-up saying some other things need to be installed for HTTP Activation to be installed. That's normal, click OK and go ahead. If you don't get this pop-up, then assume those things are already installed, and go ahead. Microsoft .NET Framework is usually installed when Windows Server 2012 R2 or Windows Server 2016 are installed. Skype for Business Server works with the following Microsoft .NET Framework versions: • .NET 3.5 • .NET 4.5 • .NET 4.6.x • .NET 4.7.1 (for Skype for Business Server CU 5 or later releases) • .NET 4.7.2 (for Skype for Business Server CU 6 or later releases) • .NET 4.8 (for Skype for Business Server CU 9 or later releases) .NET Framework 3.5 will likely be installed by default on your Windows Server 2008 R2 machine (definitely check to be sure before you upgrade), but it actually won't be on your Windows Server 2012/Windows Server 2012 R2 servers (for new installations). To add it in, you'll need access to your installation drive or media (the place your Windows Server was installed from, or where the install files are now). Then go ahead and install it as a feature from Server Manager, and point to the installation media (specifically the sourcessxs folder) when asked for it, and continue on to install it. |
Media Foundation | For Windows Server 2016, Windows Server 2012 and Windows Server 2012 R2 the Windows Media Format Runtime installs with Microsoft Media Foundation. All Front End Servers and Standard Edition servers used for conferencing require Windows Media Format Runtime to run the Windows Media Audio (.wma) files that the Call Park, Announcement, and Response Group applications play for announcements and music. |
Windows Identity Foundation | We need Windows Identity Foundation 3.5 to support server-to-server authentication scenarios for Skype for Business Server 2015. • For Windows Server 2012 and Windows Server 2012 R2, there's no need to download anything. Open Server Manager, and go to the Add Roles and Features Wizard. Windows Identity Foundation 3.5 is listed under the Features section. If it's checked, you're good. Otherwise select it and click Next to reach the Install button. |
Remote Server Administration Tools | Role Administration Tools: AD DS and AD LDS tools |
Front End Servers and Standard Edition server also need:
Software/Role | Details |
---|---|
Internet Information Services (IIS) | IIS is needed on all Front End Servers, as well as all Standard Edition servers, with the following modules selected: • Common HTTP Features: Default Document, HTTP Errors, Static Content • Health and Diagnostics: HTTP Logging, Logging Tools, Tracing • Performance: Static Content Compression, Dynamic Content Compression • Security: Request Filtering, Client Certificate Mapping Authentication, Windows Authentication • Application Development: .NET Extensibility 3.5, .NET Extensibility 4.5, ASP.NET 3.5, ASP.NET 4.5, ISAPI Extensions, ISAPI Filters • Management Tools: IIS Management Console, IIS Management Scripts and Tools We should also note Anonymous Access is also needed, but you get that when you install IIS, so you don't have a place to select that on the list. |
Windows Media Format Runtime | For Windows Server 2016, Windows Server 2012, and Windows Server 2012 R2, you'll need to install the Media Foundation feature in Server Manager. Now, you actually can start your Skype for Business Server 2015 installation without this one, but you'll be prompted to install it, and then reboot the server, before the Skype for Business Server 2015 install continues. Better to do it ahead of time. |
Silverlight | You can install the latest version of Silverlight at this link. |
Note
You may also need to enable Directory Browsing if you are using a load balancer.Otherwise a blank page will load which the load balancer might consider a failure.
To help you out, here's a sample PowerShell script you can run to automate this:
Note
The command looks for source files in a specific order.If you are online, the command accesses Windows Update.However, if you are offline, you need to make sure the source files are available to the command.For more information about using PowerShell to install roles and features,see Install or Uninstall Roles, Role Services, or FeaturesDon't forget to run Windows Update again after you install prerequisites, even if you use the PowerShell command.
Directors also need:
IIS, with the following modules selected:
![Business Business](/uploads/1/2/6/6/126644033/623407720.png)
- Common HTTP Features
- Default Document
- HTTP Errors
- Static Content
- Health and Diagnostics
- HTTP Logging
- Logging Tools
- Tracing
- Performance
- Static Content Compression
- Security
- Request Filtering
- Client Certificate Mapping Authentication
- Windows Authentication
- Application Development
- .NET Extensibility 3.5
- .NET Extensibility 4.5
- ASP.NET 3.5
- ASP.NET 4.5
- ISAPI Extension
- ISAPI Filters
(If you're wondering, it's the same module set as the Front End Servers and Standard Edition servers, with the Dynamic Content Compression and Management Tools left out.)
And we have some PowerShell code below for this too:
Persistent Chat Servers also need:
Message Queuing, which is also called MSMQ. It's a Windows Server component, and you can install it under the Features section in Server Manager. If you want to read more about this, check out Installing and Managing Message Queuing.
Last thoughts:
Please don't install any Microsoft Internet Security and Acceleration (ISA) Server client software, or any other Winsock Layered Service Providers (LSP) software (any third-party firewalls or anti-virus network inspection software would be included here) on any of your front end servers or standalone mediation servers. Poor media traffic performance has been seen when that software's installed.
-->Summary: Review the port usage considerations before implementing Skype for Business Server.
Skype for Business Server requires that specific ports on the external and internal firewalls be open. Additionally, if Internet Protocol security (IPsec) is deployed in your organization, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panorama video.
While this may seem a bit daunting at first, the heavy lifting for planning this can be done using the Skype for Business Server 2015 Planning Tool. Once you've gone through the wizard's questions about what features you plan to use, for each site you define you can view the Firewall Report within the Edge Admin Report, and use the information listed there to create yourfirewall rules. You can also make adjustments to many of the names and IP addresses used, for details see Review the Firewall Report. Keep in mind you can export the Edge Admin Report to an Excel spreadsheet, and the Firewall Report will be one of the worksheets in the file.
You can also find the information in these tables in diagram form by reviewing the Protocol Workloads poster linked off of the Technical diagrams for Skype for Business Server 2015 article.
Note
- If you're implementing Skype for Business Online (Microsoft 365 or Office 365) refer to Microsoft 365 and Office 365 URLs and IP address ranges. Hybrid environments will need to reference this topic and also Plan hybrid connectivity.
- You can have hardware or software firewalls, we don't require specific models or versions. What matters is what ports are whitelisted so the firewall won't impair the functioning of Skype for Business Server.
Port and Protocol Details
This section summarizes the ports and protocols used by servers, load balancers, and clients in a Skype for Business Server deployment.
Note
When Skype for Business Server starts, it opens the required ports in the Windows Firewall. Windows Firewall should already be running in most normal applications, but if it is not being used Skype for Business Server will function without it.
For details about firewall configuration for edge components, see Edge Server scenarios in Skype for Business Server 2015.
The following table lists the ports that need to be open on each internal server role.
Required Server Ports (by Server Role)
Server role | Service name | Port | Protocol | Notes |
---|---|---|---|---|
All Servers | SQL Browser | 1434 | UDP | SQL Browser for the local replicated copy of the Central Management Store database. |
Front End Servers | Skype for Business Server Front-End service | 5060 | TCP | Optionally used by Standard Edition servers and Front End Servers for static routes to trusted services, such as remote call control servers. |
Front End Servers | Skype for Business Server Front-End service | 5061 | TCP (TLS) | Used by Standard Edition servers and Front End pools for all internal SIP communications between servers (MTLS), for SIP communications between Server and Client (TLS) and for SIP communications between Front End Servers and Mediation Servers (MTLS). Also used for communications with a Monitoring Server. |
Front End Servers | Skype for Business Server Front-End service | 444 | HTTPS TCP | Used for HTTPS communication between the Focus (the Skype for Business Server component that manages conference state) and the individual servers. This port is also used for TCP communication between Survivable Branch Appliances and Front End Servers. |
Front End Servers | Skype for Business Server Front-End service | 135 | DCOM and remote procedure call (RPC) | Used for DCOM based operations such as Moving Users, User Replicator Synchronization, and Address Book Synchronization. |
Front End Servers | Skype for Business Server IM Conferencing service | 5062 | TCP | Used for incoming SIP requests for instant messaging (IM) conferencing. |
Front End Servers | Skype for Business Server Web Conferencing service | 8057 | TCP (TLS) | Used to listen for Persistent Shared Object Model (PSOM) connections from client. |
Front End Servers | Skype for Business Server Web Conferencing Compatibility service | 8058 | TCP (TLS) | Used to listen for Persistent Shared Object Model (PSOM) connections from the Live Meeting client and previous versions of Skype for Business Server. |
Front End Servers | Skype for Business Server Audio/Video Conferencing service | 5063 | TCP | Used for incoming SIP requests for audio/video (A/V) conferencing. |
Front End Servers | Skype for Business Server Audio/Video Conferencing service | 57501-65535 | TCP/UDP | Media port range used for video conferencing. |
Front End Servers | Skype for Business Server Web Compatibility service | 80 | HTTP | Used for communication from Front End Servers to the web farm FQDNs (the URLs used by IIS web components) when HTTPS is not used. |
Front End Servers | Skype for Business Server Web Compatibility service | 443 | HTTPS | Used for communication from Front End Servers to the web farm FQDNs (the URLs used by IIS web components). |
Front End Servers | Skype for Business Server Web Compatibility service | 8080 | TCP and HTTP | Used by web components for external access. |
Front End Servers | Web server component | 4443 | HTTPS | HTTPS (from Reverse Proxy) and HTTPS Front End inter-pool communications for Autodiscover sign-in. |
Front End Servers | Web server component | 8060 | TCP (MTLS) | |
Front End Servers | Web server component | 8061 | TCP (MTLS) | |
Front End Servers | Mobility Services component | 5086 | TCP (MTLS) | SIP port used by Mobility Services internal processes |
Front End Servers | Mobility Services component | 5087 | TCP (MTLS) | SIP port used by Mobility Services internal processes |
Front End Servers | Mobility Services component | 443 | HTTPS | |
Front End Servers | Skype for Business Server Conferencing Attendant service (dial-in conferencing) | 5064 | TCP | Used for incoming SIP requests for dial-in conferencing. |
Front End Servers | Skype for Business Server Conferencing Attendant service (dial-in conferencing) | 5072 | TCP | Used for incoming SIP requests for Attendant (dial in conferencing). |
Front End Servers that also run a Collocated Mediation Server | Skype for Business Server Mediation service | 5070 | TCP | Used by the Mediation Server for incoming requests from the Front End Server to the Mediation Server. |
Front End Servers that also run a Collocated Mediation Server | Skype for Business Server Mediation service | 5067 | TCP (TLS) | Used for incoming SIP requests from the PSTN gateway to the Mediation Server. |
Front End Servers that also run a Collocated Mediation Server | Skype for Business Server Mediation service | 5068 | TCP | Used for incoming SIP requests from the PSTN gateway to the Mediation Server. |
Front End Servers that also run a Collocated Mediation Server | Skype for Business Server Mediation service | 5081 | TCP | Used for outgoing SIP requests from the Mediation Server to the PSTN gateway. |
Front End Servers that also run a Collocated Mediation Server | Skype for Business Server Mediation service | 5082 | TCP (TLS) | Used for outgoing SIP requests from the Mediation Server to the PSTN gateway. |
Front End Servers | Skype for Business Server Application Sharing service | 5065 | TCP | Used for incoming SIP listening requests for application sharing. |
Front End Servers | Skype for Business Server Application Sharing service | 49152-65535 | TCP | Media port range used for application sharing. |
Front End Servers | Skype for Business Server Conferencing Announcement service | 5073 | TCP | Used for incoming SIP requests for the Skype for Business Server Conferencing Announcement service (that is, for dial-in conferencing). |
Front End Servers | Skype for Business Server Call Park service | 5075 | TCP | Used for incoming SIP requests for the Call Park application. |
Front End Servers | Skype for Business Server Audio Test service | 5076 | TCP | Used for incoming SIP requests for the Audio Test service. |
Front End Servers | Not applicable | 5066 | TCP | Used for outbound Enhanced 9-1-1 (E9-1-1) gateway. |
Front End Servers | Skype for Business Server Response Group service | 5071 | TCP | Used for incoming SIP requests for the Response Group application. |
Front End Servers | Skype for Business Server Response Group service | 8404 | TCP (MTLS) | Used for incoming SIP requests for the Response Group application. |
Front End Servers | Skype for Business Server Bandwidth Policy Service | 5080 | TCP | Used for call admission control by the Bandwidth Policy service for A/V Edge TURN traffic. |
Front End Servers | Skype for Business Server File Share server access | 445 | SMB/TCP | Used to retrieve Address book, meeting content, and other items stored on the File Share server. |
Front End Servers | Skype for Business Server Bandwidth Policy Service | 448 | TCP | Used for call admission control by the Skype for Business Server Bandwidth Policy Service. |
Front End Servers where the Central Management store resides | Skype for Business Server Master Replicator Agent service | 445 | TCP | Used to push configuration data from the Central Management store to servers running Skype for Business Server. |
All Servers | SQL Browser | 1434 | UDP | SQL Browser for local replicated copy of Central Management store data in local SQL Server instance |
All internal servers | Various | 49152-57500 | TCP/UDP | Media port range used for audio conferencing on all internal servers. Used by all servers that terminate audio: Front End Servers (for Skype for Business Server Conferencing Attendant service, Skype for Business Server Conferencing Announcement service, and Skype for Business Server Audio/Video Conferencing service), and Mediation Server. |
Office Web Apps Servers | 443 | Used by Skype for Business Server to connect to Office Web Apps Server. | ||
Directors | Skype for Business Server Front-End service | 5060 | TCP | Optionally used for static routes to trusted services, such as remote call control servers. |
Directors | Skype for Business Server Front-End service | 444 | HTTPS TCP | Inter-server communication between Front End and Director. Additionally, client certificate publish (to Front End Servers) or validate if the client certificate has already been published. |
Directors | Skype for Business Server Web Compatibility service | 80 | TCP | Used for initial communication from Directors to the web farm FQDNs (the URLs used by IIS web components). In normal operation, will switch to HTTPS traffic, using port 443 and protocol type TCP. |
Directors | Skype for Business Server Web Compatibility service | 443 | HTTPS | Used for communication from Directors to the web farm FQDNs (the URLs used by IIS web components). |
Directors | Skype for Business Server Front-End service | 5061 | TCP | Used for internal communications between servers and for client connections. |
Mediation Servers | Skype for Business Server Mediation service | 5070 | TCP | Used by the Mediation Server for incoming requests from the Front End Server. |
Mediation Servers | Skype for Business Server Mediation service | 5067 | TCP (TLS) | Used for incoming SIP requests from the PSTN gateway. |
Mediation Servers | Skype for Business Server Mediation service | 5068 | TCP | Used for incoming SIP requests from the PSTN gateway. |
Mediation Servers | Skype for Business Server Mediation service | 5070 | TCP (MTLS) | Used for SIP requests from the Front End Servers. |
Persistent Chat Front End Server | Persistent Chat SIP | 5041 | TCP (MTLS) | |
Persistent Chat Front End Server | Persistent Chat Windows Communication Foundation (WCF) | 881 | TCP (TLS) and TCP (MTLS) | |
Persistent Chat Front End Server | Persistent Chat File Transfer Service | 443 | TCP (TLS) |
Note
Some remote call control scenarios require a TCP connection between the Front End Server or Director and the PBX. Although Skype for Business Server no longer uses TCP port 5060, during remote call control deployment you create a trusted server configuration, which associates the RCC Line Server FQDN with the TCP port that the Front End Server or Director will use to connect to the PBX system. For details, see the CsTrustedApplicationComputer cmdlet in the Skype for Business Server Management Shell documentation.
For your pools that use only hardware load balancing (not DNS load balancing), the following table shows the ports that need to open the hardware load balancers.
Hardware Load Balancer Ports if Using Only Hardware Load Balancing
Load Balancer | Port | Protocol |
---|---|---|
Front End Server load balancer | 5061 | TCP (TLS) |
Front End Server load balancer | 444 | HTTPS |
Front End Server load balancer | 135 | DCOM and remote procedure call (RPC) |
Front End Server load balancer | 80 | HTTP |
Front End Server load balancer | 8080 | TCP - Client and device retrieval of root certificate from Front End Server - clients and devices authenticated by NTLM |
Front End Server load balancer | 443 | HTTPS |
Front End Server load balancer | 4443 | HTTPS (from reverse proxy) |
Front End Server load balancer | 5072 | TCP |
Front End Server load balancer | 5073 | TCP |
Front End Server load balancer | 5075 | TCP |
Front End Server load balancer | 5076 | TCP |
Front End Server load balancer | 5071 | TCP |
Front End Server load balancer | 5080 | TCP |
Front End Server load balancer | 448 | TCP |
Mediation Server load balancer | 5070 | TCP |
Front End Server load balancer (if the pool also runs Mediation Server) | 5070 | TCP |
Director load balancer | 443 | HTTPS |
Director load balancer | 444 | HTTPS |
Director load balancer | 5061 | TCP |
Director load balancer | 4443 | HTTPS (from reverse proxy) |
Your Front End pools and Director pools that use DNS load balancing also must have a hardware load balancer deployed. The following table shows the ports that need to be open on these hardware load balancers.
Hardware Load Balancer Ports if Using DNS Load Balancing
Load Balancer | Port | Protocol |
---|---|---|
Front End Server load balancer | 80 | HTTP |
Front End Server load balancer | 443 | HTTPS |
Front End Server load balancer | 8080 | TCP - Client and device retrieval of root certificate from Front End Server - clients and devices authenticated by NTLM |
Front End Server load balancer | 4443 | HTTPS (from reverse proxy) |
Director load balancer | 443 | HTTPS |
Director load balancer | 4443 | HTTPS (from reverse proxy) |
Required Client Ports
Component | Port | Protocol | Notes |
---|---|---|---|
Clients | 67/68 | DHCP | Used by Skype for Business Server to find the Registrar FQDN (that is, if DNS SRV fails and manual settings are not configured). |
Clients | 443 | TCP (TLS) | Used for client-to-server SIP traffic for external user access. |
Clients | 443 | TCP (PSOM/TLS) | Used for external user access to web conferencing sessions. |
Clients | 443 | TCP (STUN/MSTURN) | Used for external user access to A/V sessions and media (TCP) |
Clients | 3478 | UDP (STUN/MSTURN) | Used for external user access to A/V sessions and media (UDP) |
Clients | 5061 | TCP (MTLS) | Used for client-to-server SIP traffic for external user access. |
Clients | 6891-6901 | TCP | Used for file transfer between Skype for Business clients and previous clients. |
Clients | 1024-65535 * | TCP/UDP | Audio port range (minimum of 20 ports required) |
Clients | 1024-65535 * | TCP/UDP | Video port range (minimum of 20 ports required). |
Clients | 1024-65535 * | TCP | Peer-to-peer file transfer (for conferencing file transfer, clients use PSOM). |
Clients | 1024-65535 * | TCP | Application sharing. |
Aastra 6721ip common area phone Aastra 6725ip desk phone HP 4110 IP Phone (common area phone) HP 4120 IP Phone (desk phone) Polycom CX500 IP common area phone Polycom CX600 IP desk phone Polycom CX700 IP desk phone Polycom CX3000 IP conference phone | 67/68 | DHCP | Used by the listed devices to find the Skype for Business Server certificate, provisioning FQDN, and Registrar FQDN. |
* To configure specific ports for these media types, use the CsConferencingConfiguration cmdlet (ClientMediaPortRangeEnabled, ClientMediaPort, and ClientMediaPortRange parameters).
Note
The setup programs for Skype for Business clients automatically create the required operating-system firewall exceptions on the client computer.
Note
The ports that are used for external user access are required for any scenario in which the client must traverse the organization's firewall (for example, any external communications or meetings hosted by other organizations).
IPsec exceptions
For enterprise networks where Internet Protocol security (IPsec) (see IETF RFC 4301-4309) has been deployed, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panoramic video. The recommendation is motivated by the need to avoid any delay in the allocation of media ports due to IPsec negotiation.
The following table explains the recommended IPsec exception settings.
![2016 2016](/uploads/1/2/6/6/126644033/876031082.webp)
Recommended IPsec Exceptions
Rule name | Source IP | Destination IP | Protocol | Source port | Destination port | Authentication Requirement |
---|---|---|---|---|---|---|
A/V Edge Server Internal Inbound | Any | A/V Edge Server Internal | UDP and TCP | Any | Any | Do not authenticate |
A/V Edge Server External Inbound | Any | A/V Edge Server External | UDP and TCP | Any | Any | Do not authenticate |
A/V Edge Server Internal Outbound | A/V Edge Server Internal | Any | UDP & TCP | Any | Any | Do not authenticate |
A/V Edge Server External Outbound | A/V Edge Server External | Any | UDP and TCP | Any | Any | Do not authenticate |
Mediation Server Inbound | Any | Mediation Server(s) | UDP and TCP | Any | Any | Do not authenticate |
Mediation Server Outbound | Mediation Server(s) | Any | UDP and TCP | Any | Any | Do not authenticate |
Conferencing Attendant Inbound | Any | Front End Server running Conferencing Attendant | UDP and TCP | Any | Any | Do not authenticate |
Conferencing Attendant Outbound | Front End Server running Conferencing Attendant | Any | UDP and TCP | Any | Any | Do not authenticate |
A/V Conferencing Inbound | Any | Front End Servers | UDP and TCP | Any | Any | Do not authenticate |
A/V Conferencing Outbound | Front End Servers | Any | UDP and TCP | Any | Any | Do not authenticate |
Exchange Inbound | Any | Exchange Unified Messaging | UDP and TCP | Any | Any | Do not authenticate |
Application Sharing Servers Inbound | Any | Application Sharing Servers | TCP | Any | Any | Do not authenticate |
Application Sharing Server Outbound | Application Sharing Servers | Any | TCP | Any | Any | Do not authenticate |
Exchange Outbound | Exchange Unified Messaging | Any | UDP and TCP | Any | Any | Do not authenticate |
Clients | Any | Any | UDP | Specified media port range | Any | Do not authenticate |