Lync clients upon start opening up connections to foreign servers
We are seeing a weird behavior on all of our Lync clients. I am wondering why it would open connections to foreign servers while it starts, and then those connections end just as mysteriously as they started. We are using Lync 2010 and along with the June 2013 updates. We discovered this by accident while reviewing TCPView. If you need any more information just ask.
January 7th, 2014 4:11pm

What foreign servers is it exactly trying to connect to?
Free Windows Admin Tool Kit Click here and download it now
January 7th, 2014 7:47pm

204.160.108.126 http       
a72-246-40-88.deploy.akamaitechnologies.com http
57496 204.160.108.126 http       
ord08s10-in-f12.1e100.net http 

This is just a sample of the foreign servers our Lync clients try to connect to. I am wondering if TMG isn't behaving as a proxy by passing along all http/https traffic, but that's just a guess. Otherwise, I am stumped.

January 7th, 2014 8:41pm

Akami is used by many vendors to distribute software including Antivirus definitions from Symantec etc... so it is a genuine connection possibly from quicktime or other software on your client PC.
Free Windows Admin Tool Kit Click here and download it now
January 7th, 2014 11:13pm

Right, but through TCPView, we could see where communicator.exe had connections to these servers. I am baffled.
January 7th, 2014 11:15pm

You can have you Lync client logging enabled, then sign in, check if you can find the detailed information about the IP and URL.

Free Windows Admin Tool Kit Click here and download it now
January 8th, 2014 10:35am

Thanks, Lisa. I did that, but I cannot find any of the FQDN's in the log. I did find a foreign URL, but that one has never appeared in TCPView.
January 8th, 2014 4:42pm

Do you see the same behavior on a clean machine?  Could a proxy/spyware/AV checks or anything be getting in the way?

Free Windows Admin Tool Kit Click here and download it now
January 8th, 2014 7:56pm

We have tried it on a clean machine and we get the same behavior. What I don't understand is why communicator.exe would be the program making multiple connections which do not appear in the log. I can close the Lync client and then reopen it, and instantly the connections to foreign servers happens...sometimes to the same URL's as prior attempts, sometimes not. In any event, after two minutes the connections on communicator.exe close except for the connection to our Lync server.
January 8th, 2014 8:16pm

Can you run Fiddler or Wireshark and look inside the packets?  See what's being sent.  It's probably all legit, but it would be a fun deep dive.

Free Windows Admin Tool Kit Click here and download it now
January 8th, 2014 8:20pm

Also, is it possible these are image requests for federated users?  When my client starts up, I get a handful of http requests to servers where people are using web URLS for their Lync pictures. 

Can you see what the full path is?  Fiddler should really help.

What if you start up a client that has never had a contact in it?  Same behavior?

January 8th, 2014 8:24pm

I'll answer this one first. In many cases, what you said makes sense. In my own case, I do not use a picture, yet communicator.exe makes connections to servers I have never heard of except for the Google-owned 1e100.net. The question is would our other servers access a Chilean school to retrieve the photo for the other accounts in my Contact list?

I will fire up Wireshark and see what that reveals. I will say you have a great idea! It's much more than I had.

Free Windows Admin Tool Kit Click here and download it now
January 8th, 2014 8:33pm

Anthony, I believe you have solved the problem! I turned on Wireshark and I could see HTTP GET's for .jpg's. Thank you!
January 8th, 2014 8:45pm

You're right, it's not your picture, but if there's a contact in your list that has a web url published for their picture for other users to see, communicator.exe will make an http connection upon startup to go fetch it.  These can be all over the place on whatever server the person chose.  Whatever it is, Fiddler or Wireshark will tell you what the full URL it's asking for is and give you a clue as to what it is.

Edit: You figured it out as I was writing this.  That was an interesting one...  Thanks for marking my reply!

Free Windows Admin Tool Kit Click here and download it now
January 8th, 2014 8:47pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics