Thursday, 8 May 2014

Analyzing Lync logs using Snooper

Working with snooper:


what happens when user initiates Lync call:


1.      Invite: From address , To address & Unique Call id:

2.      Static code : 180. early media: Before initiating call Lync will negotiate information about specific client through session deceptive protocol(SDP)  built on top of SIP

3.      SDP: Contains Session Id, Client IP, Destination IP, TCP , UDP, TRP headers.

4.      First Lync client will send candidate information

5.      Ack from 2nd client to 1st client saying that am available ,busy etc.

6.      2nd  client will share SDP information saying that will you be able to communicate ?

7.      SIP signaling will go this can be a ring , desktop sharing , IM popup.

8.      When user answer the call, Other client doesn’t know the other client location it could be LAN, WAN, Internet.

9.      ICE: Internet connectivity establishment. It is the protocol used to travers over firewalls.

10.  If we have two firewalls between the client networks then ICE will come into the picture it will use STUN & TURN to find out how can connect these two clients

11.  After exchanging the IP address and if they are belongs to same subnet then the call will be Peer-to-Peer. SIP Signaling stick to server.

12.  There will be 3-5 negotiation happen between the networks i.e., possible network via Intranet, Internet, WAN, Peer-to-Peer tec. And these negation happens simultaneously.

13.  There is option available to switch over to another path.

14.  Early media will calculate the Least cost IP to reach or connect with client. After establish the call if early media identifies that another path is Least cost IP then it will switch over to another path.

15.  Invite, ACK, SDP, ICE, STUN & TRUN, PUSH(Actual media)

16.  Bye: Disconnect the session.

Saturday, 15 March 2014

Lync client login process (External)

External User login for the first time:


1.       When user click sign-in, Client will search for DNS record i.e., SRV Record.

2.        If SRV Record is not created then It will use A record of Access Edge server

3.       By using the SRV Record or A record , client will get Access Edge server IP over 443 port

4.       Here Edge server will reject request for 3 times as it does not know request and it will ask authorize your self

5.       Client will provide Root CA to the edge server

6.       By looking at the Root CA Edge server will send the request to the front End server

7.       FE doesn’t understand this request and it will provide the certificate provisioning URL

8.       By using the URL client will download the Lync certificate and will install on the local machine

9.       Once certificate installed on the local cert store then user will get authentication pop-up

10.   After providing the credentials request will go to FE and FE will check in SQL DB.

11.   If the user is enabled for Lync then will be able to login

12.   After sign-in completed client will subscribe for the presence and other details

13.   From the second time client will show the Lync cert and client will be able login.