Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Why would the FE Servers On-Prem in Lync 2013 try to reach All the DC's in Domain? How can we limit the connection to one of two DC's?

Posted on 2014-12-23
Medium Priority
Last Modified: 2014-12-25
I have been working on finding if there is way to limit the number of DCs to which Lync 2013 would like to connect to. This is an event that is frequently reported. All of the IPs belong to DC but I would like to know why the Lync Server needs to reach DCs on port 5061. Any thoughts?

12/11/2014 09:56:30 AM
LogName=Lync Server
SourceName=LS Protocol Stack
TaskCategory=LS Protocol Stack
Message=Connection attempt to at least one service in a pool failed.

Connection attempts to the following services have failed. Another attempt will be made for each service every 10 minutes.
Service Address:; Pool FQDN: *.org; Down Time: 0:00

Cause: The specified service(s) are unavailable.

Check the servers in the pool(s) on which the service(s) are installed.
Question by:Anthony K O365
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 300 total points
ID: 40515273
Lync should be hitting domain controllers within there local AD site only. I believe there is a way to limit this to a particular domain controller (as you can do with Exchange) but I wouldn't recommend it. This is built in resiliency for the situation where a DC goes down, Lync can utilize another in-site domain controller to authenticate.

In the event that an in-site domain controller is not available it will then go to the closest site (depending on site link values) and utilize that domain controller.
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1200 total points
ID: 40515281
Looks like a DNS or maybe a topology issue. 5061 is SIP, and Lync has no reason to contact a DC via SIP. It is also reporting your pool FQDN as *.org, which means Lync will think every record in DNS is a part of the pool. So it isn't trying to contact a DC, it thinks it is trying to contact a pool member.

Author Comment

by:Anthony K O365
ID: 40515286

The actual Pool ID has been purposely omitted. So I don't think DNS is the issue. What protocol will Lync use to contact a DC? And is there a way to limit it to certain DC's in same site i.e. Exchange?
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

LVL 59

Accepted Solution

Cliff Galiher earned 1200 total points
ID: 40515294
LDAP, not SIP. That 5061 is still a sign of a misconfigurarion.  There is no way that I'm aware of to restrict Lync Server to specific DCs.

Author Comment

by:Anthony K O365
ID: 40515325
We have TMG in a DMZ and we're also using a Director role in our environment. Does that make a difference?
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40515326

Author Comment

by:Anthony K O365
ID: 40515356

Author Comment

by:Anthony K O365
ID: 40515393
I constantly get these from SCOM...related to Lync 2013. Could this be related?

Alert: [LYNC] The number of requests currently in processing by application that have not yet been authenticated or are processed anonymously.
Source: Application Pool [LM_W3SVC_34577_ROOT_GroupExpansion]
Path: LyncServer.Domain.org
Last modified by: System
Last modified time: 12/22/2014 1:21:58 PM Alert description: Perf Object Name:
Perf Counter Name: WEB - Unauthenticated Requests In Processing Perf Counter Value: 4294967296 Error Threshold: 2499 Warning Threshold: 2000 Delta Window Size: 3 Dynamic Instance. Name: Application Pool DependencyId: ApplicationPool Symbol Prefix: WEBAUTH Category: LS:WEB - Throttling and Authentication Discover Interval: 14400 Excluded Instances:
Please see the 'Product Knowledge' and the 'Alert Context' tab on Alert Properties view for more information.
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40515401
Possibly. Tough to tell for sure.

Author Closing Comment

by:Anthony K O365
ID: 40517766
Comments were very helpful! Still looking for a solution, but comments pointed me in right direction.

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question