As i was doing some health check on the Lync Infrastructure at one of my Clients, i found out that they have a big number of Warning on the Event Viewer for LS Protocol Stack.
it was the following:
At least one attempt to reference stale (non-existent or deleted) security association was detected.
There were 1 messages with signature that referenced stale (non-existent or deleted) security association in the last 22 minutes. The last one was this SIP message:
Start-Line: REGISTER sip:irena.org SIP/2.0
CSeq: 1 REGISTER
Contact: <sip:172.20.20.63:59048;transport=tls;ms-opaque=bd7d5ed2a0;ms-received-cid=1885100>;methods=”INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY”;+sip.instance=”<urn:uuid:7E2D6FB3-60ED-5BF8-B7F5-1C679DB89A0A>”
Via: SIP/2.0/TLS 172.20.20.63:59048;ms-received-port=59048;ms-received-cid=1885100
User-Agent: UCCAPI/4.0.7577.4072 OC/4.0.7577.4087 (Microsoft Lync 2010)
Supported: gruu-10, adhoclist, msrtc-event-categories
Proxy-Authorization: TLS-DSK qop=”auth”, realm=”SIP Communications Service”, opaque=”8924DAF8″, targetname=”FE01.example.int”, crand=”f8736067″, cnum=”182″, response=”f5a0711e6fafa425d5ce7ef96747cd12382fed0b”
Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.
None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.
So Basically this is due to that the Mentioned user in the Warning is using more than 8 devices to log into the Lync ( 8 is the default number )
to Stop getting this Warning you can increase the Maximum Number of End Point that can be used to log into Lync using PowerShell Console.
That’s it for now