401 unauthorized on final REGISTER Handshake on custom lync-client

10.8k views Asked by At

I have implemented ntlmv2 for lync-server login in an custom made lync client.The message that I send to server is .....

(3rd register message)

REGISTER sip:example.com SIP/2.0
Via: SIP/2.0/TLS 19x.1xx.0.1xx:3246
From: <sip:[email protected]>;tag=2257063211;epid=22570632
To: <sip:[email protected]>
Call-ID: A2B000F95CB8XZRikcdYitb4QBvEr4P2
CSeq: 3 REGISTER
Contact: <sip:19x.1xx.0.1xx:3246;transport=tls;ms-opaque=28c9d310c1>;methods="INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY";proxy=replace;+sip.instance="<urn:uuid:6b6590c5-2a3f-5dee-ad87-5ab6694cf66d>"
Max-Forwards: 70
User-Agent: UCCAPI/4.0.7577.0 OC/4.0.7577.0 (Microsoft Lync 2010)
Supported: gruu-10, adhoclist, msrtc-event-categories
Supported: ms-forking
Supported: ms-cluster-failover
Supported: ms-userservices-state-notification
Ms-keep-alive: UAC;hop-hop=yes
Event: registration
Ms-subnet: 19x.1xx.0.0
Proxy-Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="8CEED616", targetname="lyncfe.example.com", version=4, gssapi-data="TlRMTVNTUAADAAAAGAAYAKgAAADGAMYAwAAAABAAEABYAAAALAAsAGgAAAAUABQAlAAAABAAEACGAQAAVYKQYgYBsR0AAAAPAAAAAAAAAAAAAAAAAAAAAG4AZQB5AGUAYgBhAGwAbABsAHkAbgBjAHQAZQBzAHQAOABAAG4AZQB5AGUAYgBhAGwAbAAuAGMAbwBtAEUAWQBFAEIAQQBMAEwALQBQAEMA9jYBMVaneo2SEFBrg1/YnLPWl4gGzCyjeTg+SJIb99jnRvh/xOM1KQEBAAAAAAAAAD9j2kfbzAGz1peIBswsowAAAAACABAATgBFAFkARQBCAEEATABMAAEADABMAFkATgBDAEYARQAEABgAbgBlAHkAZQBiAGEAbABsAC4AYwBvAG0AAwAmAGwAeQBuAGMAZgBlAC4AbgBlAHkAZQBiAGEAbABsAC4AYwBvAG0ABQAYAG4AZQB5AGUAYgBhAGwAbAAuAGMAbwBtAAcACABjQk/rRdvMAQAAAAAAAAAAGL4kYo+YoVBEmij7AkIylQ==" , crand="becdaa89", cnum ="1", response="0100000024A95BA08AA3947964000000"
Content-Length: 0

The response that I get from server is in log is......

TL_INFO(TF_COMPONENT) [0]05FC.02D0::01/25/2012-08:06:57.900.00000042 (SIPStack,CSIPMessage::CacheConnectionFlags:SIPMessage.cpp(1664))[0]( 00000000039B4DC0 ) From server [lyncfe.example.com] connection, flags [PeerInternal TrafficInternal 0xa0100c], CID [0x12300]
TL_INFO(TF_PROTOCOL) [0]05FC.02D0::01/25/2012-08:06:57.900.00000043 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 4074196035
Instance-Id: 000018F0
Direction: incoming;source="internal edge";destination="external edge"
Peer: lyncfe.example.com:5061
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:[email protected]>;tag=1672455111;epid=16724551
To: <sip:[email protected]>;tag=6E92C85AEBAC66461CD3D9E7FF35D674
CSeq: 3 REGISTER
Call-ID: CDEA0494B083GDXKgQYZ3IuhqvqePNLL
Date: Wed, 25 Jan 2012 08:06:57 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="lyncfe.example.com", version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="lyncfe.example.com", version=4, sts-uri="https://lyncfe.example.com:443/CertProv/CertProvisioningService.svc"
Via: SIP/2.0/TLS 19x.1xx.0.2xx:60027;branch=z9hG4bK72A5FBC9.AAC299504F0761A1;branched=FALSE;ms-received-port=60027;ms-received-cid=16B9100
Via: SIP/2.0/TLS 19x.1xx.0.1xx:3082;received=2xx.xx.1xx.1xx;ms-received-port=3082;ms-received-cid=12700
ms-diagnostics: 1000;reason="Final handshake failed";HRESULT="0xC3E93EC3(SIP_E_AUTH_UNAUTHORIZED)";source="lyncfe.example.com"
Server: RTC/4.0
Content-Length: 0
Message-Body: –
$$end_record

What is the problem here? Can you give any hints/solutions to solve it?

2

There are 2 answers

0
Robel Sharma On BEST ANSWER

Thanks, Everyone. My problem has been solved. It was GSS-API-data and auth-token generation problem.

1
user47900 On

It most likely due to SSL handshake while end point "https://lyncfe.example.com:443/CertProv/CertProvisioningService.svc". Please check your client certs and also enable SSL debug to see what's happening during handshake.