If you're using Mac, click the three dots icon next to your profile picture in the upper-left corner, and select Audio & Video Settings. On Windows, click the Tools tab at the top of the Skype window, select Options, and click Audio settings under General on the left menu. Click the Microphone menu.On the performance front, Microsoft says that it optimized Skype in key scenarios to deliver a 30% boost in performance on desktop, and over 2,000% increase on Android. In addition, mobile users will also be able to use the Office Lens app to scan documents while on a call to instantly share them with the participants.Whether youre on Zoom, Skype, FaceTime, Youtube, Twitter, Google Meet.
![]() Client will try to locate the Auto discover services, the use of the Autodiscover services is to tell the client where is the user is homed, client does that by sending two parallel HTTP and HTTPS GET requests to the Autodiscover services running on the pool and as following: Certificate (TLS-DSK) << most preferred oneUser Inside Corp-Network with domain joined laptop:P.S I will be using the word “Pool” a lot, and by pool here I mean your frontend or director pool depending on your deployment type.So this employee we are talking about above is signing in for the first time using the Active directory username and password and the client resolved the lyncdiscoverinternal DNS record successfully, now what? User Outside the Corp-Network using a domain joined laptopBefore we dig in, understand that Skype for business as well as previous version of Lync uses 3 different methods of authentication: User inside the Corp-Network using a domain joined laptop Skype4b Client – AuthenticatingOk so the Client successfully located the frontend, now comes the fun part, authenticating against the frontend there are a number of scenarios to consider here: HTTPS://pool.domain/Autodiscover/AutodiscoverService.svc/root/ user HTTPS://pool.domain/Autodiscover/AutodiscoverService.svc/root/ domain Client will get back a response with two HTTPS URLs in it Loading and using a window emulator on macClient will get a response with where the user’s home pool is. Client then try again to authenticate with the Autodiscover services to obtain the information about home pool, but this time it will authenticate using the TLS-DSK method (Certificate) Client will start talking to the web ticket services running on the pool and try to get a certificate by authenticating using NTLM, the pool will authenticate the user and create a self signed certificate for him/her that is valid for 180 days. another capture of my office 365 traffic Client will try to use the /root/user/ URL to get the info it need about the home pool, but first it will try to authenticate using the AD username and password (NTLM) which will return a 401 Unauthorized and attach the Web ticket services URL in the response for the client to go and obtain a certificate from it. /Root/user URL need authentication and used information about the user’s home pool and frontend. Skype4b Client will try to authenticate using NTLM, which will return Unauthorized Authentication traffic will be proxy via the Edge pool to the Pool (Director or Frontend) Client authenticate successfully and get a response from the Autodiscover services with the information needed in the format of xml, below is a real life capture from my office 365 accountAnd here is a short video to show the work flow of how authentication worksSkype for business authentication overview User Outside Corp-Network with domain joined laptop:External users trying to sign in from outside the Corp-Network using a domain joined machine, lets assume that the user never signed in before and have no certificate from Lync.Lync uses two method of authentications here:Assuming that the Lync Edge and the reverse proxy servers are deployed and have no problem the authentication process will be same as scenario one but with the following differences: Is There A Skype Download Self SignedSkype4b Mobile – AuthenticatingMobile client authentication is very much the same as Scenario oneThat’s all, a quick deep dive into autodiscover and authentication of Skype for business clients, this article if understood can help you troubleshoot future problems with signing in and discovery.Wish you all and your families a very merry Christmas and happy new year. Skype4b Mobile – Locating the FrontendSkype for business Mobile and windows Metro app clients are different in the discovery method than normal desktop clients, the Mobile clients try to resolve two DNS records to locate the pool:As best practice you should always point the lyncdiscover to the reverse proxy of your infrastructure where the services is published using a public SSL certificate, why you ask, because Skype4b mobile and windows app cannot request and download self signed certificate like normal desktop clients, that’s why the public SSL certificate deployed on your reverse proxy is used.If the Mobile client or windows metro app client cannot resolve those two DNS records, the discover simply fail and user cannot login, the clients won’t fail back to SRV records like in desktop client. User Outside Corp-Network with none domain joined laptop:So last scenario is user trying to sign in to Skype for business client on a none domain joined machine, assuming that the machine is not connected to the corp-network because allowing none domain joined machines to the internal corp-Network will be a stupid thing to do for so many reasons I won’t discuss here, so let’s say the user will connect from a guest Wifi or a home which is considered a none corp-Network, the process will be same as scenario two with user and domain joined machines, the authentication traffic will be proxy to the pool via Edge, and then redirected to the Reverse proxy server to obtain and download certificate which will be stored in the personal store on the machine.The credentials will be saved in the Windows Credentials manager if you choose to save my credentials when signing in to Skype for business. now back again to proxy traffic via the Edge server, the Skype4b client will authenticate against the pool using TLS-DSK which will work and the user sign-in.Following is a video showing the steps of singing in. using NTLM authenticate against the Web services a self signed certificate is issued and stored in the client “Personal Store”
0 Comments
Leave a Reply. |
AuthorBrad ArchivesCategories |