AuthorJosh ArchivesCategories |
Back to Blog
Office 365 Skype For Business On Mac10/19/2021
However, Skype for Business on Mac users can communicate with Skype users if they know the Skype user's Microsoft account.It has been a while since my last “Simple Understanding” article, so as the year getting to an end, I decided to address a topic that is already address before in many great blog articles, but hay… you know me, it is important to me that my followers and readers can have everything they look for in my blog as well as I’m addressing this topic, and as I always do with my simple understanding series, I will be using non-technical words as much as I can, easy to understand phrases and explanation and of course videos shows the flow under the hood, so let’s get cracking □Start Outlook. Skype for Business on Mac users can't search the Skype directory, although you've enabled this functionality for your organization. In the menu bar navigate to Skype for Business > Preferences. Enable logging in Skype for Business for Mac. In the menu bar navigate to Communicator > Preferences or Lync > Preferences, then to General tab and check the Turn on logging for troubleshooting checkbox: Back to top. &0183 &32 Enabling logging in Communicator 2011 for Mac or Lync 2011 for Mac.In the COM Add-Ins dialog box, select the Skype Meeting Add-in for Microsoft Office 2016 option, and then click OK. On the Manage menu, select COM Add-Ins, and then click Go. In the navigation pane, click Add-Ins.User Outside the Corp-Network using a domain joined laptopBefore we dig in, understand that Skype for business as well as previous version of Lync uses 3 different methods of authentication: User inside the Corp-Network using a domain joined laptop Skype4b Client – AuthenticatingOk so the Client successfully located the frontend, now comes the fun part, authenticating against the frontend there are a number of scenarios to consider here: Well you get the idea □Back to our example let’s consider that all your DNS requirements are there, what happens then is because the new employee sitting inside the Corp network, the client will get a response for the lyncdiscoverinternal record and then will contact the frontend pool and authenticate with it.In case you did not already catch on that, skype4b try to resolve either lyncdiscoverinternal or lyncdiscover which will let the client to know if it is inside or outside the Corp-Network.Just for your information the second time the user will try to sign-in the client will go directly to the Frontend pool, not going through the whole process again unless it cannot discover the lyncdiscoverinternal or you flushed the DNS. It works with Office 2011, Office 2016, Office 365, and.So let us say that a new Employee joined the company, got his/her new company’s laptop and sitting in the office, fired it up and started Skype for business client, wrote the SIP-address and password and clicked “Sign-In”, now what? What is happening in the background? Following video shows a step by step of the discovery mechanism that Skype for business client conduct to locate the frontend.Skype for business client autodiscover logicNote: in real life not all mentioned steps are conducted by the Skype for Business client.So as you see in the video, the Skype4b client is designed to search for the frontend pool using pre-coded DNS records, it gets the domain name from the user’s sip-address one in red (user sip-domain) then start adding to it pre-coded values in the following order:I did a test using a fake sip-domain to show you the logic in how Skype4b client discover the frontend IP-addresses, following screenshot is taken from MS Network Monitoring toolWhen the client cannot resolve the first DNS records it tries the second one, if not then the third if not then…. Will start with explaining how SkypeFB client locate the frontend, then moving forward will explain the Authentication process, this will be very handy for you when troubleshooting.Until then, Lync for Mac 2011 is included with Office 365 and available for you to download and install.
Office 365 Skype For Business On Mac Users CanHTTPS://pool.domain/Autodiscover/AutodiscoverService.svc/root/ user HTTPS://pool.domain/Autodiscover/AutodiscoverService.svc/root/ domain Client will get back a response with two HTTPS URLs in it this is a screenshot take by Fiddler for a real life example with office 365 Client will try to locate the Auto discover services, the use of the Autodiscover services is to tell the client where is the user is homed, client does that by sending two parallel HTTP and HTTPS GET requests to the Autodiscover services running on the pool and as following: Client then try again to authenticate with the Autodiscover services to obtain the information about home pool, but this time it will authenticate using the TLS-DSK method (Certificate) Client will start talking to the web ticket services running on the pool and try to get a certificate by authenticating using NTLM, the pool will authenticate the user and create a self signed certificate for him/her that is valid for 180 days. another capture of my office 365 traffic Client will try to use the /root/user/ URL to get the info it need about the home pool, but first it will try to authenticate using the AD username and password (NTLM) which will return a 401 Unauthorized and attach the Web ticket services URL in the response for the client to go and obtain a certificate from it. /Root/user URL need authentication and used information about the user’s home pool and frontend. Best free steam games for mac 2016Skype4b Client will try to authenticate using NTLM, which will return Unauthorized Authentication traffic will be proxy via the Edge pool to the Pool (Director or Frontend) Client authenticate successfully and get a response from the Autodiscover services with the information needed in the format of xml, below is a real life capture from my office 365 accountAnd here is a short video to show the work flow of how authentication worksSkype for business authentication overview User Outside Corp-Network with domain joined laptop:External users trying to sign in from outside the Corp-Network using a domain joined machine, lets assume that the user never signed in before and have no certificate from Lync.Lync uses two method of authentications here:Assuming that the Lync Edge and the reverse proxy servers are deployed and have no problem the authentication process will be same as scenario one but with the following differences: Client start communicating to the user’s home frontend and go through step 3-5 again ![]()
0 Comments
Read More
Leave a Reply. |