How to find the number of devices a user is Logged into using Lync/SfB Client logs ?

Recently, we had issue reported regarding the trusted application. While troubleshooting the issue, we had a requirement to understand the number of devices on which a user is logged in.

In our client environment we are using a third party Contact center solution as a trusted application. It was a kind of weird one, where the callers of a Contact center number where complaining they are not able to reach any agents. Whereas, the agents complained us that they are NOT receiving any calls.  

While we were discussing this issue with my colleagues we had a question, can we find the total number of registered end points for a sip account using the Lync/SfB client logs. That was a very good question. Because we have seen some third party applications actually providing the details like a user with a sip address say UserA@uctest.com has signed to 3 devices. So,  it was interesting to find out how a third party reporting applications can get the list of  devices to which a users had signed in to ? So, I tried to understand if there are anyways to get this information from the client/server  logs and understand the number of End points on which a user is logged into. 

NOTE:

I am writing this article in order to help those administrators who don't have Monitoring/Reporting solution available at their environment. Since, some Lync/SfB environment do not have the Monitoring server role or any third party Monitoring/Reporting solutions. 

There are two ways  to find out the list of get this information one using the Server logs and the other using the Client logs.

Solution #1: From the Server  logs

My first suggestion was to enable logging on all the Lync/SfB FE server and then make a test call to that the end point. Since Front End server will fork the incoming calls to all the registered end points we will get multiple 180 Ringing SIP Response if a user has signed on to multiple devices. 

So, if a user is signed on two devices like computer and a mobile phone, then I will get two 180 Ringing in the FE server logs.  Though this is helpful, this requires little bit of time and effort (to collect the logs on all the Lync/SfB servers during business hours will end up generating more logs). Moreover, if you have 10 servers in a pool then the amount of logs generated and analyzed from all the servers in the Lync/SfB FE pool will require more effort.

Solution #2: Using the Lync/SfB Client logs

But later, I realized that there is much better way to get this information and with less effort. All you need to do is, ask the user is to Sign in to another computer once again and provide the Lync/SfB client logs.  So, is it possible to get the find the number of devices on which a user is logged into using the recently gathered Lync/SfB client logs ? The answer is Yes J

I will explain this with an example. I singed into one computer, say Computer #1, then a mobile device. Later,  I singed to another computer,  Computer #2. So, now I am signed into my Lync accounts from 2 computers and one mobile client, so I have multiple registered end points for my sip account.

I collected the Lync client logs from the second computer Computer #2 (this is the latest computer on which I signed in). Then, I looked for the response 200 OK for the SIP REGISTER packet (In this 200 OK response there are three Contact: headers in it.

NOTE: You have to ask the user to Sign-in to Computer once again and then collect the client logs.This is a very important step, if you skip this step then you might not get the correct details.

07/04/2016|21:46:11.303 1834:1838 INFO  :: Data Received -10.1.92.181:5061 (To Local Address: 172.24.41.159:59266) 1640 bytes:

07/04/2016|21:46:11.303 1834:1838 INFO  :: SIP/2.0 200 OK

ms-keep-alive: UAS; tcp=no; hop-hop=yes; end-end=no; timeout=300

Authentication-Info: TLS-DSK qop="auth", opaque="F8084D77", srand="468DD1A4", snum="1", rspauth="2891b96442e3e7c7af0ef004a7babb9063fd48ba", targetname="FE01.uctest.com", realm="SIP Communications Service", version=4

From: "SOMASUNDARAM Yogesh"<sip:yogesh.somasundaram@uctest.com>;tag=cc0f68ce68;epid=6c1409c121

To: <sip:yogesh.somasundaram@uctest.com>;tag=99C17913B0B71378DCADCD792D587E29

Call-ID: d8060b5307124a1787e243e9ff587edc

CSeq: 12 REGISTER

Via: SIP/2.0/TLS 172.24.41.159:59266;ms-received-port=59266;ms-received-cid=39F2FF00

Contact: <sip:172.24.41.159:59266;transport=tls;ms-opaque=61fe165797;ms-received-cid=39F2FF00>;expires=7200;+sip.instance="<urn:uuid:aa39a11c-7a67-5d34-a985-7418ff06799c>";gruu="sip:yogesh.somasundaram@uctest.com;opaque=user:epid:HKE5qmd6NF2phXQY_wZ5nAAA;gruu"

Contact: <sip:FEPOOL01.uctest.com:5088;ms-fe=FE02.uctest.com;transport=Tls;ms-opaque=43b8303fcf7aa2b4>;expires=1295940;+sip.instance="<urn:uuid:aad6c08c-7dd8-5733-8b9e-cdcb8b0a1827>";gruu="sip:yogesh.somasundaram@uctest.com;opaque=user:epid:jMDWqth9M1eLns3LiwoYJwAA;gruu"

Contact: <sip:172.24.41.172:50900;transport=tls;ms-opaque=353dd698df;ms-received-cid=3A42B400>;expires=6311;+sip.instance="<urn:uuid:b9cc1792-d0cf-51ae-8c7e-6a0504a8b81c>";gruu=sip:yogesh.somasundaram@uctest.com;opaque=user:epid:khfMuc_QrlGMfmoFBKi4HAAA;gruu

If you have a mobile client then you will find that the Contact: header has the  FE pool name with the port number 5088 (unlike the IP address of computer).  This is because, the UCWA sip Listening port is 5088. In order to find this port number, on a FE server if you run the Get-csService | Fl *UC*  this will let you know that the UcwaSIP PrimaryListeningPort  is 5088.

So with the Contact header field present in the 200 OK, we can confirm that a user is logged into two different computer and one mobile client. And there is no need to collect the logs from the FE server’s logs in order to find this out J

Hope you find this information helpful.

NOTE:  I am sure, there are many ways to get his information and it is possible from SQL database too. However, if you are not having access to write a SQL query (like me) then it is easy to check the Client SIP logs rather than writing a SQL query.