Polycom RealPresence Desktop & Active Dircetory communication

Real Presence Desktop (RDP) is a program which you can: share your desktop with the other person, established video connection to other person who have RPD, chat and allows connection to video conference room. This program needs Windows AD service for authenticate users in domain. I will show you how looks communication between RPD and AD to authenticate user.
I decided that I will be using shortcut for easy notification. In this scenario:
RPD is a Polycom server AD is a Windows Server with 2008R2 operating system.

Let's start:

RPD -> AD = DNS QUERY
AD -> RPD = DNS RESPONSE
RPD <-> AD = SYN,SYN ACK
RPD -> AD = NBSS SESSION REQUEST
AD -> RPD = NBSS POSITIVE SESSION RESPONSE
RPD -> AD = SMB NEGOTIATE PROTOCOL REQUEST
AD -> RPD = SMB NEGOTIATE PROTOCOL RESPONSE
RPD -> AD = SMB SESSION SETUP ANDX REQUEST, NTLMSSP_NEGOTIATE
AD -> RPD = SMB SESSION SETUP ANDX RESPONSE, NTLMSSP_CHALLENGE, ERROR: STATUS_MORE_PROCESSING_REQUIRED
RPD -> AD = SMB SESSION SETUP ANDX REQUEST, NTLMSSP_AUTH, USER: domena\nazwa_komputera
AD -> RPD = SMB SESSION SETUP ANDX RESPONSE
AD -> RPD = SMB TREE CONNECT ANDX RESPONSE
AD -> RPD = SMB NT CREATE ANDX RESPONSE
RPD -> AD = DCERPC BIND: CALL_ID: XXX
RPD -> AD = LSARPC LSA_OPENPOLICY2 REQUEST
AD -> RPD = LSARPC LSA_OPENPOLICY2 RESPONSE
AD -> RPD = LSARPC LSA_QUERYINFOPOLICY RESONSE
RPD -> AD = LSARPC LSA_CLOSE REQUEST
RPD -> AD = SMB CLOSE REQUEST
AD -> RPD = SMB CLOSE RESPONSE
RPD -> AD = NT CREATE ANDX REQUEST, PATH: \NETLOGON
AD -> RPD = NT CREATE ANDX RESPONSE FID: XxXXXX
AD -> RPD = DCERPC CALL_ID: XXX .. RESULT: ACCEPTANCE
RPD -> AD = RPC_NET NETSERVERREQCHALLENGE REQUEST
AD -> RPD = RPC_NET NETSERVERREQCHALLENGE RESPONSE
RPD -> AD = RPC_NET NETSERVERAUTHENTICATE2 REQUEST
AD -> RPD = RPC_NET NETSERVERAUTHENTICATE 2 RESPONSE
AD -> RPD - RPC_NET NETLOGONSAMLOGON RESONSE

MANY ACK, RST, ACK AND RETRANSIMISSION ALSO

RPD -> AD = RPC_NET NETLOGONSAMLOGON REQUEST
AD -> RPD = RPC_NET NETLOGONSAMLOGON RESPONSE


I dropped many duplicate TCP [ack] AND other retransmissions. If you have any problem with communication between, you can compare this communication and find differences to resolve your problem. If you are a programmer this type communication maybe it can be interesting for you.

Usefull commands for admins (cisco router)

How to check who is using EZ VPN:
sh crypto session brief

How to check VPN tunnel/tunnels status:
sh crypto isakmp sa

Show IP NAT translations include IP
sh ip nat translations | inc x.x.x.x

How to verify QoS policy:
sh policy-map interface type x/x

Show me neighbor devices (CDP must be enable):
sh cdp neighbors

How to export certificate from ASA to JAVA (self-signed)

I want to show you how export security certificate from Cisco ASA 5520 and import to Java. First of all we have to this command for show your truspoint:

asa1(config)# sh crypto ca trustpoints

Next we are using export to pem file (must write name of trustpoint):

asa1(config)# crypto ca export TRUST_NAME identity-certificate

you will see:
-----BEGIN CERTIFICATE----- MIIB+zCCAWSgAwIBAgIEJqphUTANBgkqhkiG9w0BAQUFADBCMRMwEQYDVQQDEwpD TkJFSUZXRDAxMSswKQYJKoZIhvcNAQkCFhxDTkJFSUZXRDAxLmRwY2xlYW50ZWNo LmxvY2FsMB4XDTEzMTEwNjE1MzQwOFoXDTIzMTEwNDE1MzQwOFowQjETMBEGA1UE .. -----END CERTIFICATE-----

Next you must copy this all text from console and paste in text file (notepad) and save as *.CSR

Next open Java Control Panel, go to Security tab and run Manage Certificates button. You shoud see Certificates window. Select Certificate Type like "secure site" and import your file. Now you can open your ASDM via web browser using Java.