Survivable branch appliance – User authentication

 How does user authentication happens in Lync branch site ? 

  • Lync client will generate a DNS SRV request to identify Lync Pool FQDN .This request will forward to Lync central AD site and it returns director pool FQDN .
  • Lync client will send a TLS sip registration request to director and director will returns a certificate challenge for client
  • Client connects lync 2010 certificate service  its windows credential . Server create a certificate and returns it to client as well as SBA device via replication .
  • With issued certificate , client will sent a sip register request to director . Director will again redirect the request to branch site SBA as user’s primary pool is set to SBA.
  • Client will sent a new sip registration request to SBA , it will authenticate after verifying the certificate . Client will cache the certificate for reuse . 

Why certificate based authentication model ? 

  • Incase WAN connection goes down between branch site and central site , user would still authenticate with local certificate .
  • No dependency on central site domain controller.
  • Above authentication process is a one-time activity for new users , hence local authentication against SBA would be fast .

Comments (2)

  1. Awesome explanation!!!!!!!

  2. Facetime for PC says:

    this is really fantastic explanation and you can check out the ebst ever facetime for pc app on check out the best best app facetime for pc on
    also on which is really awesome app ever

Skip to main content