The best way to understand the internals of a product or service is to reverse engineer the process using logging and network captures. Capturing the process end-to-end helps paint a clear view as to what is going. Here is what happens when you sign-in on the Lync Mobile client for Windows Phone.

  1. Enter sign-in information and credentials into the Lync Mobile client. (hmmm, screen crack)

  2. Performs a standard DNS query for lyncdiscoverinternal.<sip domain namespace>.

    If the client is external, this DNS resolution will fail and the client will drop to the next discovery record

  3. Performs a standard DNS query for lyncdiscover.<sip domain namespace>.

    This DNS query will succeed and typically respond with a subsequent query for the value of the lyncdiscover.<sip domain namespace> CNAME entry. In my case, this is the Lync External Web Services URL.

  4. Perform a standard DNS query for external Lync Web services URL and return the IP to connect.
  5. Establish a HTTP and HTTPS connection to the resolved lyncdiscover.<sip domain namespace> location, which will be a TMG or other reverse proxy.
  6. As all good citizens should, our TMG listener switches HTTP inbound traffic to HTTPS.

    We’re now only talking to TMG using HTTPS. As a result a bunch of stuff happens on the wire that I cannot see, so look at TMG logs to get further information

  7. The TMG request is destined to lyncdiscover.<sip domain namespace>/?sipuri=<your sip address>
  8. The client is provided the Lync external web services URL, which will be used for all further communications.
  9. The first activity is to authenticate the client. A Web Ticket request is raised to obtain a client certificate for authentication.


    With authentication complete, Lync sign-in and in-band provisioning occurs. To capture this information, I’m looking at the MCXService and SIPStack traces at sign-in.


  10. The REGISTER request comes into the Lync Front-end as using the McxSipExternalListeningPort, 5087 (CONTACT: <sip:<<LYNC FRONT-END POOL>:5087)


  11. First and foremost, am I granted a mobility policy? sip:[email protected] is enabled for mobility: True… Phew.


    To grant a mobility policy, assign the policy scope Global, to a Site, or to a User. For example: Get-CsUser -filter {samaccountname -eq “bcarius”} | Grant-CsMobilityPolicy -PolicyName All_Mobility. The “All_Mobility” policy grants Mobility and Outside Voice Control (get-csmobilitypolicy).


  12. The standing in-band provisioning occurs on the Lync front-end and I expect MCX is parsing this provisioning to provide the Lync Mobile client only what is requires. This includes:
    1. My Voicemail URI
    2. Whether I’m allows simRing, callForwarding, delegation, team call,
    3. The Address Book, Group Expansion, Location Information URLs
    4. Contact and photo display policies
    5. Mobility policies (outside voice, push notification etc)
    6. And my Dial Plan, ahhh wonderful, a consistent dialing experience to when I’m in the office, this is excellent!!!
  13. I now need to figure out if I am a push or pull sorta guy. If I am enabled for PUSH notification, I need to establish a subscription to the Microsoft Online Push Notification Service. If I’m a Pull sorta guy, then my TMG server with GET/POST requests will be apples.


  14. From here I’m subscribed and ready to use Lync Mobile, my buddy list and contact cards are retrieved.

Join the conversation! 5 Comments

  1. I’ve setup Lync Mobility. ipad, iphone and andriod without any issues.
    i cannot get any of my windows devices to connect. Using 7.5 on all devices.
    any ideas someone said someting about client pack

  2. Thanks for this blog, How does Lync 2013 desktop or mobile client signs in as they both will look for if you can blog upon Lync 2013 clients will be of great help.

Comments are closed.