How to Update Windows Firewall Rules for Lync Server 2010 After Installation

  • Article

I had a question from a customer the other day about how to add the firewall rules for Lync Server 2010 to the Windows Firewall after installation.  Unlike in the OCS days, adding the firewall rules back to the Windows Firewall is rather simple.  This issue comes up because in some environments the Windows Firewall is disabled as part of the build process.  Then sometime in the future they want to start using the Windows Firewall and this is where the issue arises.  There are two ways to go about disabling the Windows Firewall and both affect differently what Lync Server 2010 does during install.  The first option is to just go into the Windows Firewall control panel and disable the firewall from there:

However, this leaves the Windows Firewall server running:

Which means that during the install, Lync Server 2010 will add all the firewall rules to the Windows Firewall:

So all you need to do is turn the Windows Firewall back on from the inside the Control Panel.  The second way customers disable the Windows Firewall is to disable the Windows Firewall service from the Services control panel:

This means that the Windows Firewall snap-in won't even load:

In this case, during the install Lync Server 2010 won't be able to create the firewall rules.  After the install, if you go back and enable the Windows Firewall service and check the snap-in, you'll see that the CS group of firewall rules is missing:

In this case, we need a way to add all of the rules back to the Windows Firewall.  You could do that manually, but that would be time consuming and there's a much easier way..the Lync Server 2010 Deployment Wizard.  All you need to do once you enable the Windows Firewall service is to run Step 2 from the Deployment Wizard:

This step will check the local configuration on the machine and make any necessary changes...in this case, adding the Windows Firewall rules.  After running Step 2, if you check the Windows Firewall snap-in, you'll see that the CS group and all the associated firewall rules are there:

So in Lync Server 2010, adding back the firewall rules is a much easier process than before!