Conversion Project from On-Prem Lync.Open Task Manager by pressing Ctrl + Alt + Delete. Skype for Business on Mac helpIt has been a while since my last “Simple Understanding” article, so as the year getting to an end, I decided to address a topic that is already address before in many great blog articles, but hay… you know me, it is important to me that my followers and readers can have everything they look for in my blog as well as I’m addressing this topic, and as I always do with my simple understanding series, I will be using non-technical words as much as I can, easy to understand phrases and explanation and of course videos shows the flow under the hood, so let’s get cracking □Full Management of Skype For Business Server infrastructure with Online and On-Prem IM, PSTN, and Call Center Management. Skype for Business meetings: Set up a Skype for Business meeting in Outlook Join a meeting Call into a meeting from your mobile phone or landline For a more in-depth look at Skype for Business, log on to LinkedIn Learning and watch Skype for Business Essential Training.Then open the run command by pressing Windows + R and type msconfig and hit enter.Currently there is only support on MAC for Skype for Business. If you are using windows 7. Now restart the machine and check once.
Login Into Skyp For Business Linel Password And ClickedSkype4b Client – AuthenticatingOk so the Client successfully located the frontend, now comes the fun part, authenticating against the frontend there are a number of scenarios to consider here: Well you get the idea □Back to our example let’s consider that all your DNS requirements are there, what happens then is because the new employee sitting inside the Corp network, the client will get a response for the lyncdiscoverinternal record and then will contact the frontend pool and authenticate with it.In case you did not already catch on that, skype4b try to resolve either lyncdiscoverinternal or lyncdiscover which will let the client to know if it is inside or outside the Corp-Network.Just for your information the second time the user will try to sign-in the client will go directly to the Frontend pool, not going through the whole process again unless it cannot discover the lyncdiscoverinternal or you flushed the DNS. Skype for Business Server 2015 customers should at a minimum download and install the Skype for Business Server 2015 Cumulative Update version 9319.272 or higher.So let us say that a new Employee joined the company, got his/her new company’s laptop and sitting in the office, fired it up and started Skype for business client, wrote the SIP-address and password and clicked “Sign-In”, now what? What is happening in the background? Following video shows a step by step of the discovery mechanism that Skype for business client conduct to locate the frontend.Skype for business client autodiscover logicNote: in real life not all mentioned steps are conducted by the Skype for Business client.So as you see in the video, the Skype4b client is designed to search for the frontend pool using pre-coded DNS records, it gets the domain name from the user’s sip-address one in red (user sip-domain) then start adding to it pre-coded values in the following order:I did a test using a fake sip-domain to show you the logic in how Skype4b client discover the frontend IP-addresses, following screenshot is taken from MS Network Monitoring toolWhen the client cannot resolve the first DNS records it tries the second one, if not then the third if not then…. How do I sign in to Skype You can sign in to Skype with a Skype name, email or phone.If you already have a Skype or Microsoft account: Open Skype and click or tap Skype For the best Mac client experiences and an always up-to-date infrastructure, we recommend all customers migrate to Office 365. Will start with explaining how SkypeFB client locate the frontend, then moving forward will explain the Authentication process, this will be very handy for you when troubleshooting.If you dont have a Microsoft account for Skype: In the Skype sign in window, select Create new account (or go directly to the Create an account.![]() Client will try to use the /root/user/ URL to get the info it need about the home pool, but first it will try to authenticate using the AD username and password (NTLM) which will return a 401 Unauthorized and attach the Web ticket services URL in the response for the client to go and obtain a certificate from it. /Root/user URL need authentication and used information about the user’s home pool and frontend. /root/domain URL accessed without need to authenticate and used to get general information about the Topology Client authenticate successfully and get a response from the Autodiscover services with the information needed in the format of xml, below is a real life capture from my office 365 accountAnd here is a short video to show the work flow of how authentication worksSkype for business authentication overview User Outside Corp-Network with domain joined laptop:External users trying to sign in from outside the Corp-Network using a domain joined machine, lets assume that the user never signed in before and have no certificate from Lync.Lync uses two method of authentications here:Assuming that the Lync Edge and the reverse proxy servers are deployed and have no problem the authentication process will be same as scenario one but with the following differences: Client start communicating to the user’s home frontend and go through step 3-5 again Client will get a response with where the user’s home pool is. Client then try again to authenticate with the Autodiscover services to obtain the information about home pool, but this time it will authenticate using the TLS-DSK method (Certificate) Client will start talking to the web ticket services running on the pool and try to get a certificate by authenticating using NTLM, the pool will authenticate the user and create a self signed certificate for him/her that is valid for 180 days. Officejet pro 8710 driver for macusing NTLM authenticate against the Web services a self signed certificate is issued and stored in the client “Personal Store” Edge will redirect the Client to the external web services URL, this services usually published by the Reverse Proxy Skype4b Client will try to authenticate using NTLM, which will return Unauthorized Top ps2 emulator for macSkype4b Mobile – AuthenticatingMobile client authentication is very much the same as Scenario oneThat’s all, a quick deep dive into autodiscover and authentication of Skype for business clients, this article if understood can help you troubleshoot future problems with signing in and discovery.Wish you all and your families a very merry Christmas and happy new year. Skype4b Mobile – Locating the FrontendSkype for business Mobile and windows Metro app clients are different in the discovery method than normal desktop clients, the Mobile clients try to resolve two DNS records to locate the pool:As best practice you should always point the lyncdiscover to the reverse proxy of your infrastructure where the services is published using a public SSL certificate, why you ask, because Skype4b mobile and windows app cannot request and download self signed certificate like normal desktop clients, that’s why the public SSL certificate deployed on your reverse proxy is used.If the Mobile client or windows metro app client cannot resolve those two DNS records, the discover simply fail and user cannot login, the clients won’t fail back to SRV records like in desktop client. User Outside Corp-Network with none domain joined laptop:So last scenario is user trying to sign in to Skype for business client on a none domain joined machine, assuming that the machine is not connected to the corp-network because allowing none domain joined machines to the internal corp-Network will be a stupid thing to do for so many reasons I won’t discuss here, so let’s say the user will connect from a guest Wifi or a home which is considered a none corp-Network, the process will be same as scenario two with user and domain joined machines, the authentication traffic will be proxy to the pool via Edge, and then redirected to the Reverse proxy server to obtain and download certificate which will be stored in the personal store on the machine.The credentials will be saved in the Windows Credentials manager if you choose to save my credentials when signing in to Skype for business.
0 Comments
Leave a Reply. |
AuthorMufti ArchivesCategories |