我已经在定制的lync客户端中为lync-server登录实现了ntlmv2。我发送给服务器的消息是.....
(第3次注册消息)
REGISTER sip:example.com SIP/2.0
Via: SIP/2.0/TLS 19x.1xx.0.1xx:3246
From: <sip:lynctest8@example.com>;tag=2257063211;epid=22570632
To: <sip:lynctest8@example.com>
Call-ID: A2B000F95CB8XZRikcdYitb4QBvEr4P2
CSeq: 3 REGISTER
Contact: <sip:19x.1xx.0.1xx:3246;transport=tls;ms-opaque=28c9d310c1>;methods="INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY";proxy=replace;+sip.instance="<urn:uuid:6b6590c5-2a3f-5dee-ad87-5ab6694cf66d>"
Max-Forwards: 70
User-Agent: UCCAPI/4.0.7577.0 OC/4.0.7577.0 (Microsoft Lync 2010)
Supported: gruu-10, adhoclist, msrtc-event-categories
Supported: ms-forking
Supported: ms-cluster-failover
Supported: ms-userservices-state-notification
Ms-keep-alive: UAC;hop-hop=yes
Event: registration
Ms-subnet: 19x.1xx.0.0
Proxy-Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="8CEED616", targetname="lyncfe.example.com", version=4, gssapi-data="TlRMTVNTUAADAAAAGAAYAKgAAADGAMYAwAAAABAAEABYAAAALAAsAGgAAAAUABQAlAAAABAAEACGAQAAVYKQYgYBsR0AAAAPAAAAAAAAAAAAAAAAAAAAAG4AZQB5AGUAYgBhAGwAbABsAHkAbgBjAHQAZQBzAHQAOABAAG4AZQB5AGUAYgBhAGwAbAAuAGMAbwBtAEUAWQBFAEIAQQBMAEwALQBQAEMA9jYBMVaneo2SEFBrg1/YnLPWl4gGzCyjeTg+SJIb99jnRvh/xOM1KQEBAAAAAAAAAD9j2kfbzAGz1peIBswsowAAAAACABAATgBFAFkARQBCAEEATABMAAEADABMAFkATgBDAEYARQAEABgAbgBlAHkAZQBiAGEAbABsAC4AYwBvAG0AAwAmAGwAeQBuAGMAZgBlAC4AbgBlAHkAZQBiAGEAbABsAC4AYwBvAG0ABQAYAG4AZQB5AGUAYgBhAGwAbAAuAGMAbwBtAAcACABjQk/rRdvMAQAAAAAAAAAAGL4kYo+YoVBEmij7AkIylQ==" , crand="becdaa89", cnum ="1", response="0100000024A95BA08AA3947964000000"
Content-Length: 0
我从服务器获得的响应是在日志中......
TL_INFO(TF_COMPONENT) [0]05FC.02D0::01/25/2012-08:06:57.900.00000042 (SIPStack,CSIPMessage::CacheConnectionFlags:SIPMessage.cpp(1664))[0]( 00000000039B4DC0 ) From server [lyncfe.example.com] connection, flags [PeerInternal TrafficInternal 0xa0100c], CID [0x12300]
TL_INFO(TF_PROTOCOL) [0]05FC.02D0::01/25/2012-08:06:57.900.00000043 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 4074196035
Instance-Id: 000018F0
Direction: incoming;source="internal edge";destination="external edge"
Peer: lyncfe.example.com:5061
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lynctest8@example.com>;tag=1672455111;epid=16724551
To: <sip:lynctest8@example.com>;tag=6E92C85AEBAC66461CD3D9E7FF35D674
CSeq: 3 REGISTER
Call-ID: CDEA0494B083GDXKgQYZ3IuhqvqePNLL
Date: Wed, 25 Jan 2012 08:06:57 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="lyncfe.example.com", version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="lyncfe.example.com", version=4, sts-uri="https://lyncfe.example.com:443/CertProv/CertProvisioningService.svc"
Via: SIP/2.0/TLS 19x.1xx.0.2xx:60027;branch=z9hG4bK72A5FBC9.AAC299504F0761A1;branched=FALSE;ms-received-port=60027;ms-received-cid=16B9100
Via: SIP/2.0/TLS 19x.1xx.0.1xx:3082;received=2xx.xx.1xx.1xx;ms-received-port=3082;ms-received-cid=12700
ms-diagnostics: 1000;reason="Final handshake failed";HRESULT="0xC3E93EC3(SIP_E_AUTH_UNAUTHORIZED)";source="lyncfe.example.com"
Server: RTC/4.0
Content-Length: 0
Message-Body: –
$$end_record
这是什么问题?你能给出任何提示/解决方案来解决它吗?
答案 0 :(得分:0)
这很可能是由于SSL握手而终点“https://lyncfe.example.com:443/CertProv/CertProvisioningService.svc”。请检查您的客户端证书,并启用SSL调试以查看握手期间发生的情况。
答案 1 :(得分:-2)
谢谢大家。我的问题已经解决了。这是GSS-API-data和auth-token生成问题。
如果有人需要帮助,请转到以下链接上的说明以获取REGISTER成功响应。我已经完成了Lync客户端的auth-negotiation部分。您可以在我的博客www.matrixsust.blogspot.com上找到详细信息。 希望它有助于其他人!