After checking the Lync Servers in my lab I noticed a lot of errors logged for the LS Protocol stack:
At least one attempt to reference stale (non-existent or deleted) security association was detected.
There were 44 messages with signature that referenced stale (non-existent or deleted) security association in the last 2 minutes. The last one was this SIP message:
Source: Edge Pool:60539
Start-Line: REGISTER sip:domain.com SIP/2.0
CSeq: 4 REGISTER
Contact: <sip:ExternalIP:51416;transport=tls;ms-opaque=8fcb2db704;ms-received-cid=D9AF00>;methods=”INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY”;+sip.instance=”<urn:uuid:1C92DC22-B01F-5455-B8DE-A40F4D6E9B71>”
Via: SIP/2.0/TLS IPAddress:60539;branch=z9hG4bK141B394C.197D8EA643772698;branched=FALSE;ms-received-port=60539;ms-received-cid=312C800
Via: SIP/2.0/TLS IPAddress:51416;received=ExternalIP;ms-received-port=51416;ms-received-cid=D9AF00
Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.
None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.
This error is logged as the above user in the warning is using more than 8 devices to log into the Lync. Default number of devices is 8 for a user.
To check the defaults you can run the following command from the Lync Management Shell, look for the MaxEndpointsPerUser field:
To increase the count you can run the next command from the Lync Management Shell:
- Set-CsRegistrarConfiguration -MaxEndpointsPerUser 15
This will increase the count to 15 and the warnings should stop.
Hope it helps.