204.160.108.126 http
a72-246-40-88.deploy.akamaitechnologies.com http
57496 204.160.108.126 http
ord08s10-in-f12.1e100.net http
This is just a sample of the foreign servers our Lync clients try to connect to. I am wondering if TMG isn't behaving as a proxy by passing along all http/https traffic, but that's just a guess. Otherwise, I am stumped.
- Edited by Bruce_Porter Tuesday, January 07, 2014 8:20 PM
You can have you Lync client logging enabled, then sign in, check if you can find the detailed information about the IP and URL.
Do you see the same behavior on a clean machine? Could a proxy/spyware/AV checks or anything be getting in the way?
Can you run Fiddler or Wireshark and look inside the packets? See what's being sent. It's probably all legit, but it would be a fun deep dive.
Also, is it possible these are image requests for federated users? When my client starts up, I get a handful of http requests to servers where people are using web URLS for their Lync pictures.
Can you see what the full path is? Fiddler should really help.
What if you start up a client that has never had a contact in it? Same behavior?
I'll answer this one first. In many cases, what you said makes sense. In my own case, I do not use a picture, yet communicator.exe makes connections to servers I have never heard of except for the Google-owned 1e100.net. The question is would our other servers access a Chilean school to retrieve the photo for the other accounts in my Contact list?
I will fire up Wireshark and see what that reveals. I will say you have a great idea! It's much more than I had.
You're right, it's not your picture, but if there's a contact in your list that has a web url published for their picture for other users to see, communicator.exe will make an http connection upon startup to go fetch it. These can be all over the place on whatever server the person chose. Whatever it is, Fiddler or Wireshark will tell you what the full URL it's asking for is and give you a clue as to what it is.
Edit: You figured it out as I was writing this. That was an interesting one... Thanks for marking my reply!