Topic Last Modified: 2013-03-05

The Lync Server 2013 Autodiscover Service runs on the Director and Front End pool servers, and when published in DNS using the lyncdiscover.<domain> and lyncdiscoverinternal.<domain> host records, can be used by clients to locate Lync Server features. In order for mobile devices running Lync Mobile to use Autodiscover, you may first need to modify certificate subject alternative name lists on any Director and Front End Server running the Autodiscover Service. In addition, it may be necessary to modify the subject alternative name lists on certificates used for external web service publishing rules on reverse proxies.

The decision about whether to use subject alternative name lists on reverse proxies is based on whether you publish the Autodiscover Service on port 80 or on port 443:

Firewall Details for Reverse Proxy Server: External Interface

Protocol/TCP or UDP/Port Source IP Address Destination IP Address Notes

HTTP/TCP/80

Any

Reverse proxy listener

(Optional) Redirection to HTTPS if user enters http://<publishedSiteFQDN>. Also required if using Office Web Apps for conferencing and the Autodiscover Service for mobile devices running Lync in situations where the organization does not want to modify the external web service publishing rule certificate.

HTTPS/TCP/443

Any

Reverse proxy listener

Address book downloads, Address Book Web Query service, Autodiscover, client updates, meeting content, device updates, group expansion, Office Web Apps for conferencing, dial-in conferencing, and meetings.

Firewall Details for Reverse Proxy Server: Internal Interface

Protocol/TCP or UDP/Port Source IP Address Destination IP Address Notes

HTTP/TCP/8080

Internal reverse proxy interface

Front End Server, Front End pool, Director, Director pool, Office Web Apps for conferencing

Required if using the Autodiscover Service for mobile devices running Lync in situations where the organization does not want to modify the external web service publishing rule certificate. Traffic sent to port 80 on the reverse proxy external interface is redirected to a pool on port 8080 from the reverse proxy internal interface so that the pool Web Services can distinguish it from internal web traffic.

HTTPS/TCP/4443

Internal reverse proxy interface

Front End Server, Front End pool, Director, Director pool, Office Web Apps for conferencing

Traffic sent to port 443 on the reverse proxy external interface is redirected to a pool on port 4443 from the reverse proxy internal interface so that the pool web services can distinguish it from internal web traffic.