我已经在定制的lync客户端中实现了用于lync服务器登录的ntlmv2。我发送到服务器的消息是。。。。。
(第三条注册信息)
REGISTER sip:example.com SIP/2.0
Via: SIP/2.0/TLS 19x.1xx.0.1xx:3246
From: <sip:lynctest8@example.com>;tag=2257063211;epid=22570632
To: <sip:lynctest8@example.com>
Call-ID: A2B000F95CB8XZRikcdYitb4QBvEr4P2
CSeq: 3 REGISTER
Contact: <sip:19x.1xx.0.1xx:3246;transport=tls;ms-opaque=28c9d310c1>;methods="INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY";proxy=replace;+sip.instance="<urn:uuid:6b6590c5-2a3f-5dee-ad87-5ab6694cf66d>"
Max-Forwards: 70
User-Agent: UCCAPI/4.0.7577.0 OC/4.0.7577.0 (Microsoft Lync 2010)
Supported: gruu-10, adhoclist, msrtc-event-categories
Supported: ms-forking
Supported: ms-cluster-failover
Supported: ms-userservices-state-notification
Ms-keep-alive: UAC;hop-hop=yes
Event: registration
Ms-subnet: 19x.1xx.0.0
Proxy-Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="8CEED616", targetname="lyncfe.example.com", version=4, gssapi-data="TlRMTVNTUAADAAAAGAAYAKgAAADGAMYAwAAAABAAEABYAAAALAAsAGgAAAAUABQAlAAAABAAEACGAQAAVYKQYgYBsR0AAAAPAAAAAAAAAAAAAAAAAAAAAG4AZQB5AGUAYgBhAGwAbABsAHkAbgBjAHQAZQBzAHQAOABAAG4AZQB5AGUAYgBhAGwAbAAuAGMAbwBtAEUAWQBFAEIAQQBMAEwALQBQAEMA9jYBMVaneo2SEFBrg1/YnLPWl4gGzCyjeTg+SJIb99jnRvh/xOM1KQEBAAAAAAAAAD9j2kfbzAGz1peIBswsowAAAAACABAATgBFAFkARQBCAEEATABMAAEADABMAFkATgBDAEYARQAEABgAbgBlAHkAZQBiAGEAbABsAC4AYwBvAG0AAwAmAGwAeQBuAGMAZgBlAC4AbgBlAHkAZQBiAGEAbABsAC4AYwBvAG0ABQAYAG4AZQB5AGUAYgBhAGwAbAAuAGMAbwBtAAcACABjQk/rRdvMAQAAAAAAAAAAGL4kYo+YoVBEmij7AkIylQ==" , crand="becdaa89", cnum ="1", response="0100000024A95BA08AA3947964000000"
Content-Length: 0
我从服务器得到的响应在日志中是……
TL_INFO(TF_COMPONENT) [0]05FC.02D0::01/25/2012-08:06:57.900.00000042 (SIPStack,CSIPMessage::CacheConnectionFlags:SIPMessage.cpp(1664))[0]( 00000000039B4DC0 ) From server [lyncfe.example.com] connection, flags [PeerInternal TrafficInternal 0xa0100c], CID [0x12300]
TL_INFO(TF_PROTOCOL) [0]05FC.02D0::01/25/2012-08:06:57.900.00000043 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 4074196035
Instance-Id: 000018F0
Direction: incoming;source="internal edge";destination="external edge"
Peer: lyncfe.example.com:5061
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lynctest8@example.com>;tag=1672455111;epid=16724551
To: <sip:lynctest8@example.com>;tag=6E92C85AEBAC66461CD3D9E7FF35D674
CSeq: 3 REGISTER
Call-ID: CDEA0494B083GDXKgQYZ3IuhqvqePNLL
Date: Wed, 25 Jan 2012 08:06:57 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="lyncfe.example.com", version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="lyncfe.example.com", version=4, sts-uri="https://lyncfe.example.com:443/CertProv/CertProvisioningService.svc"
Via: SIP/2.0/TLS 19x.1xx.0.2xx:60027;branch=z9hG4bK72A5FBC9.AAC299504F0761A1;branched=FALSE;ms-received-port=60027;ms-received-cid=16B9100
Via: SIP/2.0/TLS 19x.1xx.0.1xx:3082;received=2xx.xx.1xx.1xx;ms-received-port=3082;ms-received-cid=12700
ms-diagnostics: 1000;reason="Final handshake failed";HRESULT="0xC3E93EC3(SIP_E_AUTH_UNAUTHORIZED)";source="lyncfe.example.com"
Server: RTC/4.0
Content-Length: 0
Message-Body: –
$$end_record
这里有什么问题?你能给出一些解决问题的提示/解决方案吗?
这很可能是由于端点时的SSL握手https://lyncfe.example.com:443/CertProv/CertProvisioningService.svc".请检查您的客户端证书,并启用SSL调试,以查看握手过程中发生了什么。
谢谢大家。我的问题已经解决了。这是GSS-API-数据和授权生成问题。