Event ID: 14507 Source: LS Protocol Stack

Howdy All,

As i was doing some health check on the Lync Infrastructure at one of my Clients, i found out that they have a big number of Warning on the Event Viewer for LS Protocol Stack.

it was the following:

At least one attempt to reference stale (non-existent or deleted) security association was detected.

There were 1 messages with signature that referenced stale (non-existent or deleted) security association in the last 22 minutes. The last one was this SIP message:

Trace-Correlation-Id: 762942407

Instance-Id: 006390CC

Direction: no-direction-info

Message-Type: request

Start-Line: REGISTER sip:irena.org SIP/2.0

From: <sip:User@example.com>;tag=6bbfdbd26f;epid=c5edb4ca66

To: <sip:User@example.com>

CSeq: 1 REGISTER

Call-ID: 54cae678dfc042b8b6e2fcc63c211b61

Contact: <sip:172.20.20.63:59048;transport=tls;ms-opaque=bd7d5ed2a0;ms-received-cid=1885100>;methods=”INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY”;+sip.instance=”<urn:uuid:7E2D6FB3-60ED-5BF8-B7F5-1C679DB89A0A>”

Via: SIP/2.0/TLS 172.20.20.63:59048;ms-received-port=59048;ms-received-cid=1885100

Max-Forwards: 70

User-Agent: UCCAPI/4.0.7577.4072 OC/4.0.7577.4087 (Microsoft Lync 2010)

Supported: gruu-10, adhoclist, msrtc-event-categories

Supported: ms-forking

Supported: ms-cluster-failover

Supported: ms-userservices-state-notification

ms-keep-alive: UAC;hop-hop=yes

Event: registration

Proxy-Authorization: TLS-DSK qop=”auth”, realm=”SIP Communications Service”, opaque=”8924DAF8″, targetname=”FE01.example.int”, crand=”f8736067″, cnum=”182″, response=”f5a0711e6fafa425d5ce7ef96747cd12382fed0b”

Content-Length: 0

 

Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.

Resolution:

None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.

image

So Basically this is due to that the Mentioned user in the Warning is using more than 8 devices to log into the Lync ( 8 is the default number )

to Stop getting this Warning you can increase the Maximum Number of End Point that can be used to log into Lync using PowerShell Console.

That’s it for now

Regards,

M.T

Advertisements

Author: Lyncdude

A Senior Microsoft Unified Communications Consultant with more than 9 years of experience in Microsoft Exchange and Microsoft Lync Server / Skype for Business. Egyptian guy lives and works in Frankfurt - Germany. Worked Closely with Microsoft Dubai for 3 years designing , building and supporting Exchange and Lync Infrastructures. A Microsoft Certified ITP in Lync, Exchange and also attended Microsoft Partner Primer Filed Support Engineer T1 Training for Microsoft Lync 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s