Skype for business mobile client distribution group (DL) expansion insights
This article may be helpful for reference. I have used Skype for business 2015 server, ARR reverse proxy and Skype for business windows mobile client for the testing. Exchange DL name is empl@domain.com. I have separated DL expansion process in to four sections.
Authentication
When a user signed in to Skype for business mobile client, frontend server will provision a web ticket for the mobile user. Normally, this web ticket will be valid for 8 hours. Using this web ticket mobile client can request for the client certificate from skype for business cert provision service. By default, client certificate will be valid for 180 days. Mobile client will present the same web ticket for address book web queries and DL expansion requests if it is valid.
Search
I have launched SFB mobile client and signed in successfully. Then searched DL name with keyword ‘em’ from address bar.SFB mobile client initiated the web query as below. You can see the webticket header part of the request.
Log. 1. Search query from mobile
82005 GET https://ext.domain.com/ucwa/v1/applications/212484333169/people/search?query=em\&limit=20
82006 Request Id: 065BDBDC
82007 HttpHeader:Accept application/vnd.microsoft.com.ucwa+xml
82008 HttpHeader:Content-Type application/vnd.microsoft.com.ucwa+xml
82009 HttpHeader:X-MS-Namespace internal
82010 HttpHeader:X-MS-WebTicket XXXXXXX
Log. 2. Query response from FE servers with XML.
82020 GET https://ext.domain.com/ucwa/v1/applications/212484333169/people/search?query=em\&limit=20
82021 Request Id: 065BDBDC
82022 HttpHeader:Cache-Control no-cache
82023 HttpHeader:client-request-id ac8511da-29fc-4257-8237-64a0c2bc8bda
82024 HttpHeader:Content-Type application/vnd.microsoft.com.ucwa+xml; charset=utf-8
82025 HttpHeader:Date Wed, 09 Mar 2016 22:29:29 GMT
82026 HttpHeader:Server Microsoft-IIS/7.5
82027 HttpHeader:StatusCode 200
82028 HttpHeader:Strict-Transport-Security max-age=31536000; includeSubDomains
82029 HttpHeader:X-MS-Correlation-Id 2147484647
82030 HttpHeader:X-Ms-Namespace internal
82031 HttpHeader:X-MS-Server-Fqdn pool.domain.com
82032 HttpHeader:X-Powered-By ARR/2.5
82034 <?xml version="1.0" encoding="utf-8"?><resource rel="search" href="/ucwa/v1/applications/212484333169/people/search?query=em&limit=20" revision="2" xmlns="https://schemas.microsoft.com/rtc/2012/03/ucwa"><property name="moreResultsExtailable">False</property><resource rel="distributionGroup" href="/ucwa/v1/applications/212484333169/people/groups/empl@domain.com"><link rel="expandDistributionGroup" href="/ucwa/v1/applications/212484333169/people/groups/empl@domain.com/expand" /><link rel="addToContactList" href="/ucwa/v1/applications/212484333169/people/groups/addToContactList?displayName=empl+%26+contra&smtpAddress=empl%40domain.com" /><property name="uri">empl@domain.com</property><property name="id">empl@domain.com</property><property name="name">empl & contra</property></resource></resource>
DL expansion
Mobile client received a 200 OK from server. XML response from FE server has the DL expansion URL.I have selected DL name from search results and clicked on expand. Skype for business mobile client sent a new request to FE server. I got the DL membership information from the response. In my case test user1 is a member of this DL. XML response file will also include all relevant URLs for presence, photo download etc.
Log. 3. DL expansion request
82056 GET https://ext.domain.com/ucwa/v1/applications/212484333169/people/groups/empl\@domain.com/expand
82057 Request Id: 065BF52C
82058 HttpHeader:Accept application/vnd.microsoft.com.ucwa+xml
82059 HttpHeader:Content-Type application/vnd.microsoft.com.ucwa+xml
82060 HttpHeader:X-MS-Namespace internal
82061 HttpHeader:X-MS-WebTicket XXXXXXX
Log. 4. DL expansion response from FE server
82073 GET https://ext.domain.com/ucwa/v1/applications/212484333169/people/groups/empl\@domain.com/expand
82074 Request Id: 065BF52C
82075 HttpHeader:Cache-Control no-cache
82076 HttpHeader:client-request-id 377684b7-dede-49d2-a115-f463cc87be0d
82077 HttpHeader:Content-Type application/vnd.microsoft.com.ucwa+xml; charset=utf-8
82078 HttpHeader:Date Wed, 09 Mar 2016 22:29:32 GMT
82079 HttpHeader:Server Microsoft-IIS/7.5
82080 HttpHeader:StatusCode 200
82081 HttpHeader:Strict-Transport-Security max-age=31536000; includeSubDomains
82082 HttpHeader:X-MS-Correlation-Id 2147485827
82083 HttpHeader:X-Ms-Namespace internal
82084 HttpHeader:X-MS-Server-Fqdn SE.DOMAIN.COM
82085 HttpHeader:X-Powered-By ARR/2.5
82087 <?xml version="1.0" encoding="utf-8"?><resource rel="distributionGroup" href="/ucwa/v1/applications/212484333169/people/groups/empl@domain.com/expand" xmlns="https://schemas.microsoft.com/rtc/2012/03/ucwa"><property name="uri">empl@domain.com</property><property name="id">empl@domain.com</property><property name="name">empl & contra</property><resource rel="contact" href="/ucwa/v1/applications/212484333169/people/testuser1@domain.com"><link rel="contactPhoto" href="/ucwa/v1/applications/212484333169/photos/testuser1@domain.com" /><link rel="contactPresence" href="/ucwa/v1/applications/212484333169/people/testuser1@domain.com/presence" /><link rel="contactLocation" href="/ucwa/v1/applications/212484333169/people/testuser1@domain.com/location" /><link rel="contactNote" href="/ucwa/v1/applications/212484333169/people/testuser1@domain.com/note" /><link rel="contactSupportedModalities" href="/ucwa/v1/applications/212484333169/people/testuser1@domain.com/supportedMedia" /><link rel="contactPrivacyRelationship" href="/ucwa/v1/applications/212484333169/people/testuser1@domain.com/privacyRelationship" revision="2" /><property name="uri">sip:testuser1@domain.com</property><property name="sourceNetwork">SameEnterprise</property><propertyList name="emailAddresses"><item>testuser1@domain.com</item></propertyList><property name="type">User</property><property name="name">test user1</property><property name="etag">1476383057</property></resource></resource>
Subscription
Once DL expansion is completed. Mobie client will sent a subscription request to FE server to get the presence status of the DL members. Received a response from server with the presence status. You can also see other requests such as photo download , supported media etc.
Log. 5. DL member's presence subscription request
82211 POST https://ext.domain.com/ucwa/v1/applications/212484333169/people/presenceSubscriptions
82212 Request Id: 065BF01C
82213 HttpHeader:Accept application/vnd.microsoft.com.ucwa+xml
82214 HttpHeader:Content-Type application/vnd.microsoft.com.ucwa+xml
82215 HttpHeader:X-MS-Namespace internal
82216 HttpHeader:X-MS-WebTicket XXXXXXX
82218 <input xmlns="https://schemas.microsoft.com/rtc/2012/03/ucwa">
82219 <property name="duration">30</property>
82220 <propertyList name="uris">
82221 <item>sip:testuser1@domain.com</item>
82222 </propertyList>
82223 </input>
Log. 6. DL members presence subscription response
82367 HTTP/1.1 200 OK
82368 Cache-Control: no-cache
82369 X-Ms-Namespace: internal
82370 Content-Type: application/vnd.microsoft.com.ucwa+xml; charset=utf-8
82372 <?xml version="1.0" encoding="utf-8"?><resource rel="contactPresence" href="/ucwa/v1/applications/212484333169/people/testuser1@domain.com/presence" xmlns="https://schemas.microsoft.com/rtc/2012/03/ucwa"><property name="extailability">Online</property><property name="deviceType">PC</property></resource>
82373 --ed58f802-3438-47d1-b646-965f70e2d5f5
82374 Content-Type: application/http; msgtype=response
SFB FE Server responses:
When I sent the address book query, UCWA collaborated with abs service and initiated a search query to find the DL information. Authentication module kicks in and verified webticket from header. Later, provided abs webquery results. UCWA called DLx module to contact AD and find the DL membership information. Dlx returned members list. Lync FE server collated all information in Xml response.
Log. 7. ABS web query on SFB FE.
08829 TL_VERBOSE(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:29.479.00013220 (Dlx,AbWebService.SexteSqlQueryResultToAbQueryResult:rtcabwebsvc.cs(1606)) 1/1 contacts added to web query result
08830 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:29.479.00013221 (UCWA,AddressBookService.GetSearchResultData:addressbookservice.cs(645)) Abs search return 1 results for Query: em
Log. 8. Webticket verification on FE.
08856 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.0001323B (WebInfrastructure,OCSAuthModule.BeginRequest:iismodule.cs(459)) [2147485827]Enter - <uri,https://ext.domain.com:4443/ucwa/v1/applications/212484333169/people/groups/empl@domain.com/expand>
08857 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.0001323C (WebInfrastructure,OCSAuthModule.BeginRequestImpl:iismodule.cs(512)) [2147485827]<credTypes, WebTicket>, <legacyWinAuth, False>
08859 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.0001323E (WebInfrastructure,OCSAuthModule.BeginAuthenticateUser:iismodule.cs(653)) [2147485827]<endp, https://~/v1/applications/212484333169/people/groups/empl@domain.com/expand>
08860 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.0001323F (WebInfrastructure,OCSAuthModule.BeginAuthenticateUser:iismodule.cs(700)) [2147485827]<credTypes, WebTicket>, <legacyWinAuth, False>, <maxRequestLength, 102400>, <acceptedRemoteCredentials, SplitDomain>
08861 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.00013240 (WebInfrastructure,HttpWebticketAuthRequestHandler.ExtractCredentials:httprequestauthhandlerimpl.cs(228)) [2147485827]X-MS-WebTicket header found
08862 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.00013241 (WebInfrastructure,OCSWebTicketCredentials.ExtractInstance:credentialsimpl.cs(2134)) [2147485827]Exit: CompactWebTicketCredentials found
08863 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.00013242 (WebInfrastructure,CompactWebTicketCredentials.ExtractValidWebTicketCallback:credentialsimpl.cs(2756)) [2147485827]Found user compact web ticket.
Log. 9. Dlx module lookup
08889 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.823.0001325C (Dlx,Service.GetGlobalCatalogDirectorySearcher:service.cs(786)) GC:DC.DOMAIN.COM[192.168.2.62], OS:Windows Server 2012 Datacenter, Domain:DOMAIN.COM, Site:Default-First-Site-Name
08890 TL_VERBOSE(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.823.0001325D (Dlx,Service.QueryADGetDistributionListInfo:service.cs(3929)) Looking up: empl@domain.com
Log. 10. Dlx AD query response on FE
08901 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.00013268 (Dlx,Service.QueryADGetDistributionListInfo:service.cs(4033)) Found : empl@domain.com08902 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.00013269 (Dlx,Service.ProcessADRequest:service.cs(3129)) User found. DN is CN=empl & contra,CN=Users,DC=domain,DC=ORG08903 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326A (Dlx,Service.ProcessADRequest:service.cs(3163)) msRTCSIP-TenantId of the dl is 00000000-0000-0000-0000-00000000000008904 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326B (Dlx,Service.ProcessADRequest:service.cs(3178)) msRTCSIP-GroupingId of the dl is 00000000-0000-0000-0000-00000000000008905 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326C(Dlx,Service.GatherAndPopulateMembers:service.cs(3489)) Found : 2 members in CN=empl & contra,CN=Users,DC=domain,DC=ORG08906 TL_VERBOSE(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326D (Dlx,Service.QueryADAndPopulateResults:service.cs(3550)) Requesting AD for properties of : 2 members08907 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326E (Dlx,Service.PopulateGroupMemberResults:service.cs(3812)) Ignoring member because SipUri is not found: CN=Administrator,OU=hybrid,DC=domain,DC=ORG
Conclusion:
This article may be helpful for understanding the DL expansion behavior in Skype for business mobile client and server. I haven't included any troubleshooting steps in this document. If you know the call flow if you would be easy to isolate the issue.