Event ID: 14507 Source: LS Protocol Stack

Howdy All,

As i was doing some health check on the Lync Infrastructure at one of my Clients, i found out that they have a big number of Warning on the Event Viewer for LS Protocol Stack.

it was the following:

At least one attempt to reference stale (non-existent or deleted) security association was detected.

There were 1 messages with signature that referenced stale (non-existent or deleted) security association in the last 22 minutes. The last one was this SIP message:

Trace-Correlation-Id: 762942407

Instance-Id: 006390CC

Direction: no-direction-info

Message-Type: request

Start-Line: REGISTER sip:irena.org SIP/2.0

From: <sip:User@example.com>;tag=6bbfdbd26f;epid=c5edb4ca66

To: <sip:User@example.com>


Call-ID: 54cae678dfc042b8b6e2fcc63c211b61

Contact: <sip:;transport=tls;ms-opaque=bd7d5ed2a0;ms-received-cid=1885100>;methods=”INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY”;+sip.instance=”<urn:uuid:7E2D6FB3-60ED-5BF8-B7F5-1C679DB89A0A>”

Via: SIP/2.0/TLS;ms-received-port=59048;ms-received-cid=1885100

Max-Forwards: 70

User-Agent: UCCAPI/4.0.7577.4072 OC/4.0.7577.4087 (Microsoft Lync 2010)

Supported: gruu-10, adhoclist, msrtc-event-categories

Supported: ms-forking

Supported: ms-cluster-failover

Supported: ms-userservices-state-notification

ms-keep-alive: UAC;hop-hop=yes

Event: registration

Proxy-Authorization: TLS-DSK qop=”auth”, realm=”SIP Communications Service”, opaque=”8924DAF8″, targetname=”FE01.example.int”, crand=”f8736067″, cnum=”182″, response=”f5a0711e6fafa425d5ce7ef96747cd12382fed0b”

Content-Length: 0


Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.


None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.


So Basically this is due to that the Mentioned user in the Warning is using more than 8 devices to log into the Lync ( 8 is the default number )

to Stop getting this Warning you can increase the Maximum Number of End Point that can be used to log into Lync using PowerShell Console.

That’s it for now



Author: Lyncdude

A Senior Service Engineer with more than 9 years of experience in Microsoft Exchange and Microsoft Lync Server / Skype for Business. Egyptian guy lives and works in Frankfurt - Germany. what is written in this blog is my own opinion and thoughts, not my employer and does not reflect their opinion

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: