Lync Server 2013 Event ID: 14507 Source: LS Protocol Stack
After checking Lync Servers in the lab we noticed a lot of errors logged for the LS Protocol stack:
https://collaborationpro.com/wp-content/uploads/2015/04/LyncProtocolstack1-300x168.png
Full Error:
At least one attempt to reference stale (non-existent or deleted) security association was detected.
There were 44 messages with signature that referenced stale (non-existent or deleted) security association in the last 2 minutes. The last one was this SIP message:
Trace-Correlation-Id: 3769196292
Instance-Id: 85D801
Direction: no-direction-info
Source: Edge Pool:60539
Message-Type: request
Start-Line: REGISTER sip:domain.com SIP/2.0
From: <sip:user@domain.com>;tag=cf2cb29f47;epid=c21162d645
To: <sip:user@domain.com>
Call-ID: 95681a4aa9fe45b495c55d476b9f0382
CSeq: 4 REGISTER
Contact: <sip:ExternalIP:51416;transport=tls;ms-opaque=8fcb2db704;ms-received-cid=D9AF00>;methods="INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY";+sip.instance="<urn:uuid:1C92DC22-B01F-5455-B8DE-A40F4D6E9B71>"
Via: SIP/2.0/TLS IPAddress:60539;branch=z9hG4bK141B394C.197D8EA643772698;branched=FALSE;ms-received-port=60539;ms-received-cid=312C800
Via: SIP/2.0/TLS IPAddress:51416;received=ExternalIP;ms-received-port=51416;ms-received-cid=D9AF00
Record-Route: <sip:edgepool:5061;transport=tls;ms-fe=<ServerName>-;opaque=state:Ee.gdrDCvQtpxGhwL07_0vSrTPQAA;lr>;tag=F3963F209867CB91EB10FB501666D8E9
Max-Forwards: 69
Content-Length: 0
ms-edge-proxy-message-trust: ms-source-type=InternetUser;ms-ep-fqdn=edgepool;ms-source-verified-user=verified
Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.
Resolution:
None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.
Solution
This error is logged as the above user in the warning is using more than eight devices to log into the Lync. The default number of devices is eight for a user.
To check the defaults you can run the following command from the Lync Management Shell, look for the MaxEndpointsPerUser field:
-
Get-CsRegistrarConfiguration
To increase the count, you can run the next command from the Lync Management Shell:
-
Set-CsRegistrarConfiguration -MaxEndpointsPerUser 15
This will increase the count to 15 and the warnings should stop.