Lync 2010 Mobility Sign-in Internals


The best way to understand the internals of a product or service is to reverse engineer the process using logging and network captures. Capturing the process end-to-end helps paint a clear view as to what is going. Here is what happens when you sign-in on the Lync Mobile client for Windows Phone.

  1. Enter sign-in information and credentials into the Lync Mobile client. (hmmm, screen crack)

  2. Performs a standard DNS query for lyncdiscoverinternal.<sip domain namespace>.

    If the client is external, this DNS resolution will fail and the client will drop to the next discovery record

  3. Performs a standard DNS query for lyncdiscover.<sip domain namespace>.

    This DNS query will succeed and typically respond with a subsequent query for the value of the lyncdiscover.<sip domain namespace> CNAME entry. In my case, this is the Lync External Web Services URL.

  4. Perform a standard DNS query for external Lync Web services URL and return the IP to connect.
  5. Establish a HTTP and HTTPS connection to the resolved lyncdiscover.<sip domain namespace> location, which will be a TMG or other reverse proxy.
  6. As all good citizens should, our TMG listener switches HTTP inbound traffic to HTTPS.

    We’re now only talking to TMG using HTTPS. As a result a bunch of stuff happens on the wire that I cannot see, so look at TMG logs to get further information

  7. The TMG request is destined to lyncdiscover.<sip domain namespace>/?sipuri=<your sip address>
  8. The client is provided the Lync external web services URL, which will be used for all further communications.
  9. The first activity is to authenticate the client. A Web Ticket request is raised to obtain a client certificate for authentication.

     

    With authentication complete, Lync sign-in and in-band provisioning occurs. To capture this information, I’m looking at the MCXService and SIPStack traces at sign-in.

     

  10. The REGISTER request comes into the Lync Front-end as using the McxSipExternalListeningPort, 5087 (CONTACT: <sip:<<LYNC FRONT-END POOL>:5087)

     

  11. First and foremost, am I granted a mobility policy? sip:brendan.carius@kloud.com.au is enabled for mobility: True… Phew.

     

    To grant a mobility policy, assign the policy scope Global, to a Site, or to a User. For example: Get-CsUser -filter {samaccountname -eq “bcarius”} | Grant-CsMobilityPolicy -PolicyName All_Mobility. The “All_Mobility” policy grants Mobility and Outside Voice Control (get-csmobilitypolicy).

     

  12. The standing in-band provisioning occurs on the Lync front-end and I expect MCX is parsing this provisioning to provide the Lync Mobile client only what is requires. This includes:
    1. My Voicemail URI
    2. Whether I’m allows simRing, callForwarding, delegation, team call,
    3. The Address Book, Group Expansion, Location Information URLs
    4. Contact and photo display policies
    5. Mobility policies (outside voice, push notification etc)
    6. And my Dial Plan, ahhh wonderful, a consistent dialing experience to when I’m in the office, this is excellent!!!
  13. I now need to figure out if I am a push or pull sorta guy. If I am enabled for PUSH notification, I need to establish a subscription to the Microsoft Online Push Notification Service. If I’m a Pull sorta guy, then my TMG server with GET/POST requests will be apples.

     

  14. From here I’m subscribed and ready to use Lync Mobile, my buddy list and contact cards are retrieved.
Tagged with:
Posted in Lync
4 comments on “Lync 2010 Mobility Sign-in Internals
  1. [...] Lync ← Lync 2010 Mobility Sign-in Internals [...]

  2. [...] good job of boiling down all of the steps in the Mobility Guide to a straightforward checklist. This blog entry also helped me get a grasp on how the client connects and all of the steps the client goes through. [...]

  3. Edward Walton says:

    I’ve setup Lync Mobility. ipad, iphone and andriod without any issues.
    i cannot get any of my windows devices to connect. Using 7.5 on all devices.
    any ideas someone said someting about client pack

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories
Follow

Get every new post delivered to your Inbox.

Join 663 other followers

%d bloggers like this: