How to generate a client response when lync server asks NTLM challenge RRS feed

  • Question

  • In NTLM Authentication Example (step 4), the Lync server sends back the following challenge:

    SIP/2.0 401 Unauthorized
    Date: Thu, 31 Jan 2008 00:01:56 GMT
    WWWAuthenticate: NTLM opaque="BCDC0C9D", gssapi-data="12345678ABCDEF", targetname="", realm="SIP Communications Service", version=3
    From: <>;tag=4a2b44d131;epid=8248ca9ebb
    To: <>;tag=0858513FA91D3AAE1A5840DDB99599DF
    Call-ID: d5f2b95d5be64c2cbfb38aa5d3a87ae7
    CSeq: 170 REGISTER
    Via: SIP/2.0/TLS;ms-received-cid=1C500
    Content-Length: 0

    How can I generate client response? The server provides opaque, realm, target name, gssapi-data, and version number. How can I use these parameter?

    • Edited by Jing Jiang Tuesday, August 26, 2014 11:20 PM
    Tuesday, August 26, 2014 11:01 PM


All replies

  • Hello Jing

    Thank you for contacting Microsoft Support. A support engineer will be in touch to assist further.



    Tarun Chopra | Escalation Engineer | Open Specifications Support Team

    Tuesday, August 26, 2014 11:16 PM
  • Hi Jing Jiang:

    I'll help you with this issue.

    Can you please send the network trace that shows the negotiate and challenge messages? You can send it as an attachment to an email message to dochelp at Microsoft dot com with subject " Attention Obaid Farooqi".

    Regards, Obaid Farooqi

    Wednesday, August 27, 2014 10:38 PM
  • Hi Jing Jiang:

    The use of  opaque, realm, target name and version is described in MS-SIPAE section " Sending Messages to the SIP Server". The gssapi-data is base64 encoded NTLM messages, as mentioned in section " Processing Challenges from the SIP Server" of MS-SIPAE. gssapi-data is described also in other sections of MS-SIPAE.

    The gssapi-data shown in the example NTLM authentication is just an example and does not represent an actual NTLM base64 encoded token.

    Please let me know if this does not answer your question. 

    Regards, Obaid Farooqi

    Thursday, August 28, 2014 12:17 AM
  • Hi Obaid,

    Thanks for your help. I will review the docs you mentioned and will do some experiments. I will let you know the result.

    Thank you very much,


    Thursday, August 28, 2014 4:12 PM
  • Hi Obaid,

    I just sent you a wireshark trace. I implemented the NTLMv2 authentication following those docs (MS-NTLM and MS-SIPAE) you mentioned. However, the server wasn't happy for my authentication response. I am not clear where I am missing. The server complains my auth header is invalid.

    Thursday, September 4, 2014 10:41 PM
  • Forum update: I am communicating with Jing through email. Once the issue is resolved, the resolution will be posted here.

    Regards, Obaid Farooqi

    Saturday, September 6, 2014 8:08 PM
  • The problem had been resolved. Once I generated the correct number, the NTLM authentication was passed. Thank you, Obaid.
    Wednesday, October 22, 2014 6:35 PM