Lync 2010 Mobility Sign-in Internals
December 12, 2011 3 Comments
The best way to understand the internals of a product or service is to reverse engineer the process using logging and network captures. Capturing the process end-to-end helps paint a clear view as to what is going. Here is what happens when you sign-in on the Lync Mobile client for Windows Phone.
-
Enter sign-in information and credentials into the Lync Mobile client. (hmmm, screen crack)
-
Performs a standard DNS query for lyncdiscoverinternal.<sip domain namespace>.
If the client is external, this DNS resolution will fail and the client will drop to the next discovery record
-
Performs a standard DNS query for lyncdiscover.<sip domain namespace>.
This DNS query will succeed and typically respond with a subsequent query for the value of the lyncdiscover.<sip domain namespace> CNAME entry. In my case, this is the Lync External Web Services URL.
- Perform a standard DNS query for external Lync Web services URL and return the IP to connect.
- Establish a HTTP and HTTPS connection to the resolved lyncdiscover.<sip domain namespace> location, which will be a TMG or other reverse proxy.
-
As all good citizens should, our TMG listener switches HTTP inbound traffic to HTTPS.
We’re now only talking to TMG using HTTPS. As a result a bunch of stuff happens on the wire that I cannot see, so look at TMG logs to get further information
- The TMG request is destined to lyncdiscover.<sip domain namespace>/?sipuri=<your sip address>
- The client is provided the Lync external web services URL, which will be used for all further communications.
-
The first activity is to authenticate the client. A Web Ticket request is raised to obtain a client certificate for authentication.
With authentication complete, Lync sign-in and in-band provisioning occurs. To capture this information, I’m looking at the MCXService and SIPStack traces at sign-in.
-
The REGISTER request comes into the Lync Front-end as using the McxSipExternalListeningPort, 5087 (CONTACT: <sip:<<LYNC FRONT-END POOL>:5087)
-
First and foremost, am I granted a mobility policy? sip:brendan.carius@kloud.com.au is enabled for mobility: True… Phew.
To grant a mobility policy, assign the policy scope Global, to a Site, or to a User. For example: Get-CsUser -filter {samaccountname -eq “bcarius”} | Grant-CsMobilityPolicy -PolicyName All_Mobility. The “All_Mobility” policy grants Mobility and Outside Voice Control (get-csmobilitypolicy).
-
The standing in-band provisioning occurs on the Lync front-end and I expect MCX is parsing this provisioning to provide the Lync Mobile client only what is requires. This includes:
- My Voicemail URI
- Whether I’m allows simRing, callForwarding, delegation, team call,
- The Address Book, Group Expansion, Location Information URLs
- Contact and photo display policies
- Mobility policies (outside voice, push notification etc)
- And my Dial Plan, ahhh wonderful, a consistent dialing experience to when I’m in the office, this is excellent!!!
-
I now need to figure out if I am a push or pull sorta guy. If I am enabled for PUSH notification, I need to establish a subscription to the Microsoft Online Push Notification Service. If I’m a Pull sorta guy, then my TMG server with GET/POST requests will be apples.
- From here I’m subscribed and ready to use Lync Mobile, my buddy list and contact cards are retrieved.
Pingback: Lync 2010 Mobility – Do I need lyncdiscoverinternal? « Kloud Blog
Pingback: Troubleshooting tips for Lync Mobility « Thoughts From a Böt Named Flinch
Pingback: Lync Server Mobility Troubleshooting Tips « msunified.net