Lync client and server communicating through a SIP Proxy


  • Hi all,

    First I have to say I'm not very familiarized with Lync, although I'm experienced with VoIP and SIP, so please excuse me if I don't explain me with the right terms.

    I have the following scenario:

    Lync 2010 client -> SIP Proxy (OpenSIPS) -> Lync Server 2010

    The SIP Proxy currently does nothing special besides staying between both but we need it for several tasks. It uses TLS and the communication works fine.

    It is already possible to log in successfully and the Lync client displays the contact list. However, the status always appears as offline even if I change it, although the user is logged in. When other users log in (also through the SIP Proxy), they can see the right status of the first one, but any later attempt at changing the status is not displayed. It is also not possible to send IM messages. So basically it seems like if clients didn't get notified when something changes.

    When the Lync client connects directly to the Lync server (without the SIP Proxy), everything works fine. But as soon as I try to make it connect through the SIP Proxy, this problem occurs.

    Taking a network capture and decrypting it with Wireshark, I have observed that the Lync server provides a different response from the moment when the client registers for the first time. Things just get worse from that moment on.

    When the communication is direct, the registration process is like this:

    > REGISTER SIP/2.0

    < SIP/2.0 401 Unauthorized
      WWW-Authenticate: NTLM realm="...", targetname="", version=4
      WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/", version=4
      WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="", version=4, sts-uri=""

    > REGISTER SIP/2.0
      Authorization: TLS-DSK ...

    < SIP/2.0 401 Unauthorized
      WWW-Authenticate: TLS-DSK ...

    > REGISTER SIP/2.0
      Authorization: TLS-DSK ...

    < SIP/2.0 401 Unauthorized
      WWW-Authenticate: TLS-DSK ...

    > REGISTER SIP/2.0
      Proxy-Authorization: TLS-DSK ...

    < SIP/2.0 200 OK
      Authentication-Info: TLS-DSK ...

    However, when going through the SIP Proxy (this is the traffic that goes TO and BACK FROM the server):

    > REGISTER SIP/2.0

    < SIP/2.0 200 OK
      ms-registrar-cdr-info: cdr-endpoint-era="{4AE19159-6AF3-48A3-A308-F6B54F6519D1}"

    The first request is exactly the same, but the response is different. I don't get any WWW-Authenticate headers and instead there's the ms-registrar-cdr-info header. Besides that, for one of the 200 OK responses to the SUBSCRIBE requests, "Supported: ms-benotify, ms-piggyback-first-notify" appears with direct traffic:

    SIP/2.0 200 OK
    Contact: <;transport=tls>
    Authentication-Info: TLS-DSK qop="auth", opaque="B1ECDC3C", srand="A2F48B0A", snum="3", rspauth="6cf81f99f236e46ffc602fe629829c439c87a6a1", targetname="", realm="SIP Communications Service", version=4
    Content-Length: 416
    From: "John Doe"<>;tag=139fbf55d3;epid=e22334326b
    To: <>;tag=90DF9A54
    Call-ID: 25a7024da3324b4ba4e5a025b1a5c615
    Via: SIP/2.0/TLS;ms-received-port=53024;ms-received-cid=59500
    Expires: 21887
    Content-Type: application/vnd-microsoft-roaming-contacts+xml
    Event: vnd-microsoft-roaming-contacts
    subscription-state: active;expires=21887
    ms-piggyback-cseq: 1
    Supported: ms-benotify, ms-piggyback-first-notify

    <contactList deltaNum="4" >
    <group id="1" name="~" externalURI=""  />

    However, the Lync server doesn't provide "ms-benotify" when the traffic goes through the SIP Proxy. With direct traffic, I can also see BENOTIFY requests but there's none when it goes through the SIP Proxy.

    I guess this might be the cause of the presence issue, but why does the Lync Server not report BENOTIFY as supported?

    Thanks in advance for your help.

    Thursday, May 16, 2013 4:07 PM