External User login for the first time:

When user click sign-in, Client will search for DNS record i.e., SRV Record.
  1. If SRV Record is not created then It will use A record of Access Edge server
  2. By using the SRV Record or A record , client will get Access Edge server IP over 443 port
  3. Here Edge server will reject request for 3 times as it does not know request and it will ask authorize your self
  4. Client will provide Root CA to the edge server
  5. By looking at the Root CA Edge server will send the request to the front End server
  6. FE doesn't understand this request and it will provide the certificate provisioning URL
  7. By using the URL client will download the Lync certificate and will install on the local machine
  8. Once certificate installed on the local cert store then user will get authentication pop-up
  9. After providing the credentials request will go to FE and FE will check in SQL DB.
  10. If the user is enabled for Lync then will be able to login
  11. After sign-in completed client will subscribe for the presence and other details
  12. From the second time client will show the Lync cert and client will be able login