Survivable branch appliance – User authentication


 How does user authentication happens in Lync branch site ? 

  • Lync client will generate a DNS SRV request to identify Lync Pool FQDN .This request will forward to Lync central AD site and it returns director pool FQDN .
  • Lync client will send a TLS sip registration request to director and director will returns a certificate challenge for client
  • Client connects lync 2010 certificate service  its windows credential . Server create a certificate and returns it to client as well as SBA device via replication .
  • With issued certificate , client will sent a sip register request to director . Director will again redirect the request to branch site SBA as user’s primary pool is set to SBA.
  • Client will sent a new sip registration request to SBA , it will authenticate after verifying the certificate . Client will cache the certificate for reuse . 

Why certificate based authentication model ? 

  • Incase WAN connection goes down between branch site and central site , user would still authenticate with local certificate .
  • No dependency on central site domain controller.
  • Above authentication process is a one-time activity for new users , hence local authentication against SBA would be fast .

Comments (2)

  1. Awesome explanation!!!!!!!

  2. Facetime for PC says:

    this is really fantastic explanation and you can check out the ebst ever facetime for pc app on check out the best best app facetime for pc on

    http://www.facetimeonlaptop.com/search/label/Facetime-For-Laptop
    and
    http://www.facetimeonlaptop.com/2015/12/facetime-for-laptop.html
    also on
    http://www.facetimeonlaptop.com/ which is really awesome app ever

Skip to main content