Thursday, February 21, 2008

REGISTER,From:To

When debugging your logging in OCS you see that everything is logged about how the client (in this case Microsoft Office Communicator 2007) is handshaking with the OCS server.

When the client is authenticating itself it can be by Kerberos (preferred) of NTLM authentication.

Maybe it's good to know before debugging your log files how these steps technically working.

Method 1. (Authenticating by Kerberos)

  • 1. Client: REGISTER (unauthenticated) to OCS
  • 2. 401 Unauthorized > response with NTLM/Kerberos (pingback from OCS server)
  • 3. Client: REGISTER - kerberos response
  • 4. Server: 200 OK - kerberos signature

Method 2. (Authenticating by NTLM)

  • 1. Client: REGISTER (unauthenticated) to OCS
  • 2. 401 Unauthorized > response with NTLM/Kerberos (pingback from OCS server)
  • 3. Client: REGISTER - ask for NTLM challenge response
  • 4. Server: 401 Unauthorized - challenge with NTLM
  • 5. Client: REGISTER - NTLM response
  • 6. Server: 200 OK - NTLM signature 

Make sure that when the server has a REGISTER it can respond with different respond codes (categories).

Short summary:

301 Redirect - the server is telling the user which server is the home server (very efficient logon)

200 OK - the server is directly accepting the registration

403 Forbidden - in this case the SIP URI is already used in the organization and related to another user

404 Not Found - the client is not allowed log in because user URI does not exist

504 Server Timed-Out - indicates a network rounting problem of outage

Source: Microsoft Office Communications Server 2007 Resource Kit

No comments: