Event log LS Response Group Service errors 31196 and 14614

שאל שאלה

יום רביעי 14 דצמבר 2011 16:48

0

I have a customer with a small Lync deployment that keeps having an issue where they will pick up a ringing phone (Polycom CX700) but the phone continues to ring and the call is not connected. The only errors I am seeing on the server are the below two event log entries. The 31196 error repeats fairly frequently, the other one only occurs once or twice per day.

Their network consists of 2x AD servers, one that is 2003 and the other 2008 R2. Neither server is showing any errors related to Actiuve Directory or authentication. The Lync server event logs dont show any errors of this nature either, nor do any other devices on the network.

Log Name:      Lync Server
Source:        LS Response Group Service
Date:          12/14/2011 8:56:44 AM
Event ID:      31196
Task Category: (2001)
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      LYNC
Description:
Collaboration platform has failed to provision the data.

Collaboration platform has failed to provision the data because of the following exception:
Exception: Microsoft.Rtc.Collaboration.ProvisioningFailureException:Cannot read contacts from Active Directory: Active Directory server "AD1" is not available. Try again later.
Detected at System.Environment.get_StackTrace()
   at Microsoft.Rtc.Collaboration.ProvisioningFailureException..ctor(String message, Exception innerException, ProvisioningFailureReason failureReason)
   at Microsoft.Rtc.Collaboration.ProvisioningSourceImpl.ErrorOccurred(Object sender, SettingsErrorEventArgs e)
   at Microsoft.Rtc.Internal.ServerConfiguration.UCSettings.RaiseError(SettingsInitializationError error, String messageFormatString, Object[] args)
   at Microsoft.Rtc.Internal.ServerConfiguration.UCSettings.<QueryContacts>d__6.MoveNext()
   at Microsoft.Rtc.Internal.ServerConfiguration.UCSettings._contactsTimer_Elapsed(Object sender)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading._TimerCallback.PerformTimerCallback(Object state)
FailureReason = 0

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="LS Response Group Service" />
    <EventID Qualifiers="34769">31196</EventID>
    <Level>3</Level>
    <Task>2001</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-12-14T15:56:44.000000000Z" />
    <EventRecordID>43487</EventRecordID>
    <Channel>Lync Server</Channel>
    <Computer>LYNC</Computer>
    <Security />
</System>
<EventData>
    <Data>Microsoft.Rtc.Collaboration.ProvisioningFailureException:Cannot read contacts from Active Directory: Active Directory server "AD1" is not available. Try again later.
Detected at System.Environment.get_StackTrace()
   at Microsoft.Rtc.Collaboration.ProvisioningFailureException..ctor(String message, Exception innerException, ProvisioningFailureReason failureReason)
   at Microsoft.Rtc.Collaboration.ProvisioningSourceImpl.ErrorOccurred(Object sender, SettingsErrorEventArgs e)
   at Microsoft.Rtc.Internal.ServerConfiguration.UCSettings.RaiseError(SettingsInitializationError error, String messageFormatString, Object[] args)
   at Microsoft.Rtc.Internal.ServerConfiguration.UCSettings.<QueryContacts>d__6.MoveNext()
   at Microsoft.Rtc.Internal.ServerConfiguration.UCSettings._contactsTimer_Elapsed(Object sender)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading._TimerCallback.PerformTimerCallback(Object state)
FailureReason = 0</Data>
</EventData>
</Event>

Log Name:      Lync Server
Source:        LS Protocol Stack
Date:          12/14/2011 6:38:28 AM
Event ID:      14614
Task Category: (1001)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LYNC
Description:
User authentication with NTLM protocol failed with error SEC_E_UNSUPPORTED_FUNCTION. This indicates a potential mismatch between security policy settings on the client and server computers.

The last failure was this SIP message:

Trace-Correlation-Id: 2448580648
Instance-Id: 0008A025
Direction: no-direction-info
Message-Type: request
Start-Line: REGISTER sip:example.com SIP/2.0
From: <sip:someone@example.com>;tag=2628819b87;epid=88d423357d
To: <sip:someone@example.com>
CSeq: 3 REGISTER
Call-ID: 21f85ffac5684e6fba447b6ab701aff5
Contact: <sip:192.168.1.3:4987;transport=tls;ms-opaque=183d37120d;ms-received-cid=192400>;methods="INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY";+sip.instance="<urn:uuid:3912FAE1-30A7-5B3A-8BB1-D392DC1E734B>"
Via: SIP/2.0/TLS 192.168.1.3:4987;ms-received-port=4987;ms-received-cid=192400
Max-Forwards: 70
User-Agent: UCCAPI/4.0.7577.0 OC/4.0.7577.0 (Microsoft Lync 2010)
Supported: gruu-10, adhoclist, msrtc-event-categories
Supported: ms-forking
Supported: ms-cluster-failover
Supported: ms-userservices-state-notification
ms-keep-alive: UAC;hop-hop=yes
Event: registration
ms-subnet: 192.168.1.0
Proxy-Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="FCB067AA", targetname="LYNC", version=4, gssapi-data="TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABIAAAACgAKAFQAAAAMAAwAXgAAABAAEACaAAAAVYKQQgUCzg4AAAAPQQBHAFQAVQBSAEYAagBsAGEAdgB5AEEARwBUAFMAMAAxAM/7s2MYsgxTg5R2fIBZ6+0tttNr1dSIEM/7s2MYsgxTg5R2fIBZ6+0tttNr1dSIEFi0iZiSjvZAKjDjo5RO11Y=", crand="24e7cb08", cnum="1", response="0100000032333335c1d265b35760bc8b"
Content-Length: 0

Cause: This error can occur if the settings in "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" policy on the client computer are not the same as the settings in the "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" policy on this server. By default, the "Require 128-bit encryption" setting is disabled for computers running Windows Server 2008, Windows Vista, Windows Server 2003, Windows 2000 Server, or Windows XP. For computers running Windows 7 or Windows Server 2008 R2, this setting enabled by default.
Resolution:
Ensure that the "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" policy settings on the computers from which users log on are the same as "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" policy settings on this server.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="LS Protocol Stack" />
    <EventID Qualifiers="50153">14614</EventID>
    <Level>2</Level>
    <Task>1001</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-12-14T13:38:28.000000000Z" />
    <EventRecordID>43408</EventRecordID>
    <Channel>Lync Server</Channel>
    <Computer>LYNC</Computer>
    <Security />
</System>
<EventData>
    <Data>Trace-Correlation-Id: 2448580648
Instance-Id: 0008A025
Direction: no-direction-info
Message-Type: request
Start-Line: REGISTER sip:example.com SIP/2.0
From: <sip:someone@example.com>;tag=2628819b87;epid=88d423357d
To: <sip:someone@example.com>
CSeq: 3 REGISTER
Call-ID: 21f85ffac5684e6fba447b6ab701aff5
Contact: <sip:192.168.1.3:4987;transport=tls;ms-opaque=183d37120d;ms-received-cid=192400>;methods="INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY";+sip.instance="<urn:uuid:3912FAE1-30A7-5B3A-8BB1-D392DC1E734B>"
Via: SIP/2.0/TLS 192.168.1.3:4987;ms-received-port=4987;ms-received-cid=192400
Max-Forwards: 70
User-Agent: UCCAPI/4.0.7577.0 OC/4.0.7577.0 (Microsoft Lync 2010)
Supported: gruu-10, adhoclist, msrtc-event-categories
Supported: ms-forking
Supported: ms-cluster-failover
Supported: ms-userservices-state-notification
ms-keep-alive: UAC;hop-hop=yes
Event: registration
ms-subnet: 192.168.1.0
Proxy-Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="FCB067AA", targetname="LYNC", version=4, gssapi-data="TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABIAAAACgAKAFQAAAAMAAwAXgAAABAAEACaAAAAVYKQQgUCzg4AAAAPQQBHAFQAVQBSAEYAagBsAGEAdgB5AEEARwBUAFMAMAAxAM/7s2MYsgxTg5R2fIBZ6+0tttNr1dSIEM/7s2MYsgxTg5R2fIBZ6+0tttNr1dSIEFi0iZiSjvZAKjDjo5RO11Y=", crand="24e7cb08", cnum="1", response="0100000032333335c1d265b35760bc8b"
Content-Length: 0
</Data>
</EventData>
</Event>
- תגובה
- ציטוט

כל התגובות

יום חמישי 15 דצמבר 2011 03:41

0

Hi,

This error is due to a mismact between the server security policy and clients. check the below URL for a resolution. check the "some clients unable to login externally" section

http://lokna.no/?cat=7

Thamara. MCTS, MCITP Ent Admin, Specialized in U.C Voice OCS 2007 R2
- תגובה
- ציטוט
יום חמישי 15 דצמבר 2011 15:58

0

That makes sense for the 2nd error, but what about the first one that keeps spamming the event log every couple of minutes?

Would either cause the issue with phones continuing to ring after they have been answered?
- תגובה
- ציטוט
יום שני 19 דצמבר 2011 03:57

מנחה דיון

0

How many CX700 phone in you company?

Do they have the same issue?

Please check if it is a phone hardware device problem.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- תגובה
- ציטוט
יום שני 19 דצמבר 2011 17:11

0

25 phones, all have the same issue and all are on the most current firmware (issue was present before firmware upgrade as well).
- תגובה
- ציטוט
יום שלישי 20 דצמבר 2011 07:57

מנחה דיון

0

Hi,

Do you try to enable the windows server 2003 "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" policy and "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" policy value to "Require 128-bit encryption"?

About the warning event ID 31196, please try to restart LS Response Group Service in lync FE server.

About the Polycom phone continue to ring, does the lync client have the same issue?

Do you try to restart lync FE server to verify if the problem occurs again?

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- תגובה
- ציטוט
יום שלישי 20 דצמבר 2011 15:41

0

Yes, changing the local security policy fixed the 2nd event log error as expected.

All the users have Polycom phones (no one uses just the Lync client with any other type of device) so we dont really have a way to test that.

The server was restarted after installing updates last week and that did not solve any of the issues.
- תגובה
- ציטוט
יום שישי 09 מרץ 2012 14:45

0

Did you ever get an answer to this? I'm having the same issue...
- תגובה
- ציטוט
יום שישי 13 אפריל 2012 16:33

0

direct link to my article about event 14614: http://lokna.no/?p=937
If you have nothing to say, you should probably blog about it
- תגובה
- ציטוט
יום שני 21 מאי 2012 15:18

0

Hello,

At my organization I saw a lot of the error below:

User authentication with NTLM protocol failed with error SEC_E_UNSUPPORTED_FUNCTION. This indicates a potential mismatch between security policy settings on the client and server computers.

This error posted a last failure SIP message with some good information. The problem we were experiencing was simple. The user has been deployed the Lync client and it was set to auto login each time the computer was started. The user had NOT been enabled for Lync yet and so each time her system started she generated a LS Protocol Stack failure (14614) authentication failure. Removing autologin from the Lync client until the user was actually enabled stopped this error.
- תגובה
- ציטוט
יום שלישי 22 מאי 2012 23:51

0

have you resolved your event ID 31196 issue? I'm having the same one - shows up every 2 minutes in the event viewer.
- תגובה
- ציטוט
יום שישי 25 מאי 2012 13:44

0

I gotta get in on this one too ... i'm getting it in my log files for the past few weeks ... only on 1 of my 2 FE servers.
if my post is helpful - please click on the green arrow. (please excuse, in advance, any perceived sarcasm/humor - as I often forget it does not translate through text) :)
- תגובה
- ציטוט
שבת 26 מאי 2012 02:05

0

Also getting event 31196 every 2 minutes on just one of my FEs
- תגובה
- ציטוט
יום שני 30 יולי 2012 12:32

0

Anyone resolve the event ID 31196 issue? We are now experiencing this as well.
- תגובה
- ציטוט
יום שלישי 14 אוגוסט 2012 20:34

4
A restart of the Response Group service fixed it. We had a Domain Controller go down in a power outage and even though it came back up quickly (and there are other domain controllers at the site) we got that error every 2 minutes until we restarted the service and then it went away
- הוצע כתשובה על-ידי Amit Sharma 7N יום שלישי 30 אפריל 2013 07:10
- תגובה
- ציטוט
יום שלישי 30 אפריל 2013 07:12

0

A restart of the Response Group service fixed it. We had a Domain Controller go down in a power outage and even though it came back up quickly (and there are other domain controllers at the site) we got that error every 2 minutes until we restarted the service and then it went away

Great Post Thanks it works for me thanks again

Amit Sharma

Technology Consultant
- תגובה
- ציטוט

Event log LS Response Group Service errors 31196 and 14614

כל התגובות

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?