When I enable Federation my Front End Server goes nuts with error 14433 in the Logs RRS feed

  • Question

  • I am having an issue that whenever federation is enabled I start seeing my logs fill up with Error 14498 it reads like this(30-40 and hour);

    "A significant number of authentication or authorization failures have occurred on messages for the account user@company.com and the first attempt was from the IP address 10.133.XXX.XXX. 30 failures have been identified in the last 0 minutes. There have been 30 errors in total. Note: the user uri might have been truncated to 64 characters.
    It is recommended that this IP address be examined to determine if it should be blocked at the firewall to prevent password guessing attacks. This account may also be worth blocking with a script on the Access Edge Server to prevent continued attacks against it."

    It seems like this is happening for most of the users on the environment. I think it may be due to the large number of contacts everyone has in their address books. The minute I disable federation all the errors stop. If I leave federation enabled it ends up killing the server in a couple of days.

    Environment details:

    -Windows Server 2k8 R2

    -Front end server, Monitoring and archiving Server, Database server and Edge server

    -Lync Enterprise

    Any Help is appreciated, Thank you

    Tuesday, June 4, 2013 2:45 PM

All replies

  • It sounds like you're enabling open federation (ie; anyone can federate). You can reduce these errors by adding the domains mentioned to the SIP Federated Domains tab in Lync CSCP.

    Alternatively, disable 'Enable partner domain discovery' via the Access Edge Configuration tab. This will allow you to keep federation but only with those listed in the SIP Federated Domains tab.

    Tuesday, August 6, 2013 1:52 PM