Lync Phone edition device randomly signing out

I have an Aastra 6725ip handset (running version 4.0.755.4066) and the handset intermittently signs out and I see the following error in the Lync server event log on the standard edition server. I have also observed this behavior with a Polycom CX500, but it doesn't seem to be effecting other handsets (Mix of Polycom CX500 & CX600)

Log Name:      Lync Server
Source:        LS Protocol Stack
Date:          05/07/2012 14:08:49
Event ID:      14507
Task Category: (1001)
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      LyncServer.domain.local
Description:
At least one attempt to reference stale (non-existent or deleted) security association was detected.

There were 1 messages with signature that referenced stale (non-existent or deleted) security association in the last 115 minutes. The last one was this SIP message:

Trace-Correlation-Id: 3956458956
Instance-Id: 00004B7B
Direction: no-direction-info
Message-Type: request
Start-Line: REGISTER sip:domain.co.uk SIP/2.0
From: <sip:user@domain.co.uk>;tag=e46fa2f41d;epid=ce147c8b1d
To: <sip:User@domain.co.uk>
CSeq: 1 REGISTER
Call-ID: b7647d0cb37ad851d0c2cf356800e2e5
Contact: <sip:172.16.1.214:50667;transport=tls;ms-opaque=944216978e;ms-received-cid=B9E00>;methods="INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY";+sip.instance="<urn:uuid:83461967-81BD-5B62-B491-961144E4FD56>"
Via: SIP/2.0/TLS 172.16.1.214:50667;ms-received-port=50667;ms-received-cid=B9E00
Max-Forwards: 70
User-Agent: CPE/4.0.7577.4066 OCPhone/4.0.7577.4066 (Microsoft Lync 2010 Phone Edition)
Supported: gruu-10, adhoclist, msrtc-event-categories
Supported: ms-forking
Supported: ms-cluster-failover
Supported: ms-userservices-state-notification
ms-keep-alive: UAC;hop-hop=yes
Event: registration
Ms-Device-Info: MAC=00-08-5D-31-06-B1, vendor=Aastra, version=6725ip
Proxy-Authorization: TLS-DSK qop="auth", realm="SIP Communications Service", opaque="75AABBF0", targetname="LyncServer.Domain.local", crand="d0e7dd70", cnum="85", response="d1724a6b86118acecb509a20e185b91452c54468"
Content-Length: 0


Cause: This could be due to users that utilize large number of devices (in excess of configured maximum), or due to connection refresh logic re-balancing remote users to a different director in a bank or a pool, or it could be due to an attacker.
Resolution:
None needed unless the failure count is high (>100). Check if number of allowed devices per user is too low for existing usage scenarios. Check your network for any rogue clients. Restart the server if problem persists.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="LS Protocol Stack" />
    <EventID Qualifiers="33769">14507</EventID>
    <Level>3</Level>
    <Task>1001</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-05T13:08:49.000000000Z" />
    <EventRecordID>122664</EventRecordID>
    <Channel>Lync Server</Channel>
    <Computer>LyncServer.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>115</Data>
    <Data>1</Data>
    <Data>Trace-Correlation-Id: 3956458956
Instance-Id: 00004B7B
Direction: no-direction-info
Message-Type: request
Start-Line: REGISTER sip:domain.co.uk SIP/2.0
From: &lt;sip:user@domain.co.uk&gt;;tag=e46fa2f41d;epid=ce147c8b1d
To: &lt;sip:user@domain.co.uk&gt;
CSeq: 1 REGISTER
Call-ID: b7647d0cb37ad851d0c2cf356800e2e5
Contact: &lt;sip:172.16.1.214:50667;transport=tls;ms-opaque=944216978e;ms-received-cid=B9E00&gt;;methods="INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY";+sip.instance="&lt;urn:uuid:83461967-81BD-5B62-B491-961144E4FD56&gt;"
Via: SIP/2.0/TLS 172.16.1.214:50667;ms-received-port=50667;ms-received-cid=B9E00
Max-Forwards: 70
User-Agent: CPE/4.0.7577.4066 OCPhone/4.0.7577.4066 (Microsoft Lync 2010 Phone Edition)
Supported: gruu-10, adhoclist, msrtc-event-categories
Supported: ms-forking
Supported: ms-cluster-failover
Supported: ms-userservices-state-notification
ms-keep-alive: UAC;hop-hop=yes
Event: registration
Ms-Device-Info: MAC=00-08-5D-31-06-B1, vendor=Aastra, version=6725ip
Proxy-Authorization: TLS-DSK qop="auth", realm="SIP Communications Service", opaque="75AABBF0", targetname="LyncServer.domain.local", crand="d0e7dd70", cnum="85", response="d1724a6b86118acecb509a20e185b91452c54468"
Content-Length: 0
</Data>
  </EventData>
</Event>


July 5th, 2012 6:16pm

Ok, you don't have more as 8 Endpoints connected at the same time, by default 8 Endpoints are the default configuration

Please updtae the phone to the latest Firmware. 4066 is very old.

http://www.microsoft.com/en-us/download/details.aspx?id=18390

Free Windows Admin Tool Kit Click here and download it now
July 5th, 2012 6:37pm

Thanks for the quick response!

I had already updated the MaxEndpointsPerUser to 15 but it made no difference

I have applied the latest device update (7577.4100) and updated the device in question but it is still signing out.

July 5th, 2012 7:32pm

Hi,Will,

You can run Invoke-CsManagementStoreReplication and Get-CsManagementStoreReplicationStatus to verify the replication has been completed.

Also please sign out the user completely then sign in again to make the configuration take effect.

Besides please make sure the latest dirver are installed for the USB interface and you can diagnose it to see if there are problems with it.

B/R

Sharon

Free Windows Admin Tool Kit Click here and download it now
July 6th, 2012 12:39pm

Hi Sharon

I have checked and the management store replication has been completed ok and also the USB interface is up to date.

I also tried logging on to the device with a different account, but the same problem still occurs.

Regards

Will

July 10th, 2012 1:21pm

We are experiencing the same issue. Some phones have the problem and others dont. I have tried various different firmware versions and all have the same problem.

Did you get anywhere with this?

Thanks,

Andrew

Free Windows Admin Tool Kit Click here and download it now
August 6th, 2012 1:07am

Hi Andrew

No, I'm still looking for a solution.

The problem seems to be related to the certificate and it seems to be device specific.

regards

Will

August 6th, 2012 7:07pm

Yeah frustrating! I will let you know if I come up with anything.

Andrew

Free Windows Admin Tool Kit Click here and download it now
August 7th, 2012 12:12am

After 3 days of searching the net I think I have resolved the issue - well so far so good!

If SCHANNEL is sending a truncated list of trusted root certificate authorities to the Lync phone edition client during the TLS/SSL handshake process, this can explain the symptoms.

To check this look in your Lync FE servers system event log for the following warning:

----
EVENT ID: 36885

When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.
----

The easiest way to fix this is to configure SCHANNEL on the Lync FE's not to send this list:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey - 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

3. On the Edit menu, point to New, and then click DWORD Value.
4. Type SendTrustedIssuerList, and then press ENTER to name the registry entry.
5. Right-click SendTrustedIssuerList, and then click Modify.
6. In the Value data box, type 0 if that value is not already displayed, and then click OK.
7. Exit Registry Editor.

You shouldn't need to reboot the server for this to take effect.

Hope this helps!!

For more information and other options on how to resolve this see Microsoft article - 

http://support.microsoft.com/kb/2464556

Thanks,
Andrew

August 9th, 2012 7:45am

Hi Andrew

Thanks for posting this fix, resolved this issue for that I had been banging my head on for a couple of days.

Cheers

Jamie

Free Windows Admin Tool Kit Click here and download it now
January 14th, 2013 6:13pm

Hi Andew

Thanks for this, I have been going nuts regarding this for many months, so have applied the fix. Can't wait to stop the cycling or log offs!

Cheers

Paul

July 29th, 2013 3:52pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics