Lync Server 2013 Event ID: 14507 Source: LS Protocol Stack

After checking the Lync Servers in my lab I noticed a lot of errors logged for the LS Protocol stack:

LyncProtocolstack1

Full Error:

At least one attempt to reference stale (non-existent or deleted) security association was detected.

There were 44 messages with signature that referenced stale (non-existent or deleted) security association in the last 2 minutes. The last one was this SIP message:

Trace-Correlation-Id: 3769196292
Instance-Id: 85D801
Direction: no-direction-info
Source: Edge Pool:60539
Message-Type: request
Start-Line: REGISTER sip:domain.com SIP/2.0
From: <sip:user@domain.com>;tag=cf2cb29f47;epid=c21162d645
To: <sip:user@domain.com>
Call-ID: 95681a4aa9fe45b495c55d476b9f0382
CSeq: 4 REGISTER
Contact: <sip:ExternalIP:51416;transport=tls;ms-opaque=8fcb2db704;ms-received-cid=D9AF00>;methods=”INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY”;+sip.instance=”<urn:uuid:1C92DC22-B01F-5455-B8DE-A40F4D6E9B71>”
Via: SIP/2.0/TLS IPAddress:60539;branch=z9hG4bK141B394C.197D8EA643772698;branched=FALSE;ms-received-port=60539;ms-received-cid=312C800
Via: SIP/2.0/TLS IPAddress:51416;received=ExternalIP;ms-received-port=51416;ms-received-cid=D9AF00
Record-Route: <sip:edgepool:5061;transport=tls;ms-fe=<ServerName>-;opaque=state:Ee.gdrDCvQtpxGhwL07_0vSrTPQAA;lr>;tag=F3963F209867CB91EB10FB501666D8E9
Max-Forwards: 69
Content-Length: 0
ms-edge-proxy-message-trust: ms-source-type=InternetUser;ms-ep-fqdn=edgepool;ms-source-verified-user=verified
Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.
Resolution:
None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.

Solution:

This error is logged as the above user in the warning is using more than 8 devices to log into the Lync. Default number of devices is 8 for a user.

To check the defaults you can run the following command from the Lync Management Shell, look for the MaxEndpointsPerUser field:

  • Get-CsRegistrarConfiguration

To increase the count you can run the next command from the Lync Management Shell:

  • Set-CsRegistrarConfiguration -MaxEndpointsPerUser 15

This will increase the count to 15 and the warnings should stop.

Hope it helps.

Views All Time
Views All Time
Views Today
Views Today
Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *