After checking the Lync Servers in my lab I noticed a lot of errors logged for the LS Protocol stack:

Lync server 2013 event id: 14507 source: ls protocol stack
Lync Server 2013 Event ID: 14507 Source: LS Protocol Stack 1

Full Error:

At least one attempt to reference stale (non-existent or deleted) security association was detected.

There were 44 messages with signature that referenced stale (non-existent or deleted) security association in the last 2 minutes. The last one was this SIP message:

Trace-Correlation-Id: 3769196292
Instance-Id: 85D801
Direction: no-direction-info
Source: Edge Pool:60539
Message-Type: request
Start-Line: REGISTER SIP/2.0
From: <sip:[email protected]>;tag=cf2cb29f47;epid=c21162d645
To: <sip:[email protected]>
Call-ID: 95681a4aa9fe45b495c55d476b9f0382
Contact: <sip:ExternalIP:51416;transport=tls;ms-opaque=8fcb2db704;ms-received-cid=D9AF00>;methods=”INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY”;+sip.instance=”<urn:uuid:1C92DC22-B01F-5455-B8DE-A40F4D6E9B71>”
Via: SIP/2.0/TLS IPAddress:60539;branch=z9hG4bK141B394C.197D8EA643772698;branched=FALSE;ms-received-port=60539;ms-received-cid=312C800
Via: SIP/2.0/TLS IPAddress:51416;received=ExternalIP;ms-received-port=51416;ms-received-cid=D9AF00
Record-Route: <sip:edgepool:5061;transport=tls;ms-fe=<ServerName>-;opaque=state:Ee.gdrDCvQtpxGhwL07_0vSrTPQAA;lr>;tag=F3963F209867CB91EB10FB501666D8E9
Max-Forwards: 69
Content-Length: 0
ms-edge-proxy-message-trust: ms-source-type=InternetUser;ms-ep-fqdn=edgepool;ms-source-verified-user=verified
Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.
None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.


This error is logged as the above user in the warning is using more than 8 devices to log into the Lync. Default number of devices is 8 for a user.

To check the defaults you can run the following command from the Lync Management Shell, look for the MaxEndpointsPerUser field:

  • Get-CsRegistrarConfiguration

To increase the count you can run the next command from the Lync Management Shell:

  • Set-CsRegistrarConfiguration -MaxEndpointsPerUser 15

This will increase the count to 15 and the warnings should stop.

Hope it helps.

Discover more from COLLABORATION PRO

Subscribe now to keep reading and get access to the full archive.

Continue reading