none
Connection attempt to at least one service in a pool failed (Event ID 14584) RRS feed

  • Question

  • I see a number of these errors on my Lync 2010 Server. I don't have federations or any other connections to these domains listed in the details (see bolded text). Why is my server attempting to contact them?

    Log Name:      Lync Server
    Source:        LS Protocol Stack
    Date:          3/16/2014 2:27:12 AM
    Event ID:      14584
    Task Category: (1001)
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      EdgeServer.mydomain.com
    Description:
    Connection attempt to at least one service in a pool failed.

    Connection attempts to the following services have failed. Another attempt will be made for each service every 10 minutes.
    Service Address: 128.229.5.30:5061; Pool FQDN: lcs.bah.com; Down Time: 65:25
    Service Address: 128.229.5.39:5061; Pool FQDN: lcs.bah.com; Down Time: 65:55
    Service Address: 151.151.42.145:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 66:14
    Service Address: 151.151.42.148:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
    Service Address: 151.151.42.151:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
    Service Address: 151.151.42.154:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
    Service Address: 170.12.17.4:5061; Pool FQDN: lync-edge.raymondjames.com; Down Time: 0:36

    Cause: The specified service(s) are unavailable.
    Resolution:
    Check the servers in the pool(s) on which the service(s) are installed.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="LS Protocol Stack" />
        <EventID Qualifiers="50153">14584</EventID>
        <Level>3</Level>
        <Task>1001</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2014-03-16T07:27:12.000000000Z" />
        <EventRecordID>32162</EventRecordID>
        <Channel>Lync Server</Channel>
        <Computer>EdgeServer.mydomain.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data>10</Data>
        <Data>Service Address: 128.229.5.30:5061; Pool FQDN: lcs.bah.com; Down Time: 65:25
    Service Address: 128.229.5.39:5061; Pool FQDN: lcs.bah.com; Down Time: 65:55
    Service Address: 151.151.42.145:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 66:14
    Service Address: 151.151.42.148:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
    Service Address: 151.151.42.151:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
    Service Address: 151.151.42.154:5061; Pool FQDN: sip.wellsfargo.com; Down Time: 71:17
    Service Address: 170.12.17.4:5061; Pool FQDN: lync-edge.raymondjames.com; Down Time: 0:36
    </Data>
      </EventData>
    </Event>


    Blog / Facebook / Twitter

    Monday, March 17, 2014 6:16 PM

Answers

All replies

  • Hi,

    Your edge server does not trust the root or intermediate certificates from these federated partners.

    Unless you have policies in place to ban federation your users can add contacts for external parties and Lync will attempt to pull presence.

    HTH

    Matt

    Monday, March 17, 2014 6:32 PM
  • Thanks, Matt. Is this considered a bug? I don't understand why Lync would even attempt to contact an external domain for which I have not allowed federation.

    Is there a way to "ban federation" with all domains except the ones I have explicitly allowed?


    Blog / Facebook / Twitter

    Monday, March 17, 2014 6:45 PM
  • To remove federation, verify from Topology builder that you disable lync federation.

    To get round above issue. On the Edge open a remote certificate snap-in on a 2008 machine. Open another certificate snap-in of the local Edge. Copy the missing Trusted Root Certificate Authorities from the remote machine to the Edge. This will hopefully include all the certificates relevant to your federated organizations, if not you'll need to acquire the root cert direct from the vendor.


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

    Monday, March 17, 2014 7:54 PM
  • Thanks, Mai, but I can't disable federation.

    I'm not concerned with missing certificates. I'm concerned with why my server is attempting to contact these remote servers. As I said, I am not federated with these other organizations and never have been.


    Blog / Facebook / Twitter

    Monday, March 17, 2014 8:15 PM
  • Hi,

    http://technet.microsoft.com/en-us/library/gg398359.aspx explains how to allow or deny federation for users

    http://uclobby.com/2013/09/30/difference-between-open-and-closed-federation-in-lync-20102013/ gives some explanation of the federation process, if you allow partner discovery then clients can try to get presence from their contacts.

    HTH,

    Matt

    Tuesday, March 18, 2014 10:08 PM
  • was there ever a real resolution to this?
    Wednesday, October 29, 2014 1:37 PM
  • Not really.

    Blog / Twitter

    Friday, October 31, 2014 4:29 PM
  • Personally, I consider this a bug.  Lync automatically tries to communicate with users in other organizations based on your Outlook email, regardless of your federation settings.  There appears to be no way to prevent this.  IMO, this is really stupid.  It generates lots of useless errors, and useless SIP traffic.
    Friday, September 22, 2017 5:30 PM