Howdy All,

As i was doing some health check on the Lync Infrastructure at one of my Clients, i found out that they have a big number of Warning on the Event Viewer for LS Protocol Stack.

it was the following:

At least one attempt to reference stale (non-existent or deleted) security association was detected.

There were 1 messages with signature that referenced stale (non-existent or deleted) security association in the last 22 minutes. The last one was this SIP message:

Trace-Correlation-Id: 762942407

Instance-Id: 006390CC

Direction: no-direction-info

Message-Type: request

Start-Line: REGISTER sip:irena.org SIP/2.0

From: <sip:User@example.com>;tag=6bbfdbd26f;epid=c5edb4ca66

To: <sip:User@example.com>

CSeq: 1 REGISTER

Call-ID: 54cae678dfc042b8b6e2fcc63c211b61

Contact: <sip:172.20.20.63:59048;transport=tls;ms-opaque=bd7d5ed2a0;ms-received-cid=1885100>;methods=”INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY”;+sip.instance=”<urn:uuid:7E2D6FB3-60ED-5BF8-B7F5-1C679DB89A0A>”

Via: SIP/2.0/TLS 172.20.20.63:59048;ms-received-port=59048;ms-received-cid=1885100

Max-Forwards: 70

User-Agent: UCCAPI/4.0.7577.4072 OC/4.0.7577.4087 (Microsoft Lync 2010)

Supported: gruu-10, adhoclist, msrtc-event-categories

Supported: ms-forking

Supported: ms-cluster-failover

Supported: ms-userservices-state-notification

ms-keep-alive: UAC;hop-hop=yes

Event: registration

Proxy-Authorization: TLS-DSK qop=”auth”, realm=”SIP Communications Service”, opaque=”8924DAF8″, targetname=”FE01.example.int”, crand=”f8736067″, cnum=”182″, response=”f5a0711e6fafa425d5ce7ef96747cd12382fed0b”

Content-Length: 0

 

Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.

Resolution:

None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.

image

So Basically this is due to that the Mentioned user in the Warning is using more than 8 devices to log into the Lync ( 8 is the default number )

to Stop getting this Warning you can increase the Maximum Number of End Point that can be used to log into Lync using PowerShell Console.

That’s it for now

Regards,

M.T