Your comments

Make that the second IP address, sorry about that - just re-read this and noted there might be some confusion. The URL won't change when load balanced.

Hi Joe,


You're welcome, and yes - the address instance-xat0wr-relay.screenconnect.com is the right address. If you're ever load balanced onto a different server in our cloud, the second URL you posted should change (most of the servers are in Amazon's cloud but we have some in other networks as well). You could potentially whitelist all of our server IPs, but there are around 50 of them, and the list is growing - so it's probably not going to be scalable or easily maintained in your router. If you want to see the full, up to date list, the command is:


nslookup servers.screenconnect.com screenconnect.trafficmanager.net


-Michael

Just FYI in the interim - your relay/session URL does not change. If you're able to whitelist a specific URL, you can find out what the address is by opening up your installed ScreenConnect client and looking at the Relay Server field. If the IP does change, you can do an nslookup for that URL to get the new IP.

This field can be customized by setting up the LDAP user source method instead of Active Directory:

https://help.screenconnect.com/Windows_Active_Directory_and_LDAP_authentication#LDAP


Specifically, you would specify it under the UserPasswordQuestionAttribute field.