Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2265
  • Last Modified:

Why would the FE Servers On-Prem in Lync 2013 try to reach All the DC's in Domain? How can we limit the connection to one of two DC's?

I have been working on finding if there is way to limit the number of DCs to which Lync 2013 would like to connect to. This is an event that is frequently reported. All of the IPs belong to DC but I would like to know why the Lync Server needs to reach DCs on port 5061. Any thoughts?

12/11/2014 09:56:30 AM
LogName=Lync Server
SourceName=LS Protocol Stack
EventCode=14584
EventType=2
Type=Error
ComputerName=
TaskCategory=LS Protocol Stack
OpCode=None
RecordNumber=1122212
Keywords=Classic
Message=Connection attempt to at least one service in a pool failed.


Connection attempts to the following services have failed. Another attempt will be made for each service every 10 minutes.
Service Address: 10.4.8.103:5061; Pool FQDN: *.org; Down Time: 0:00

Cause: The specified service(s) are unavailable.

Resolution:
Check the servers in the pool(s) on which the service(s) are installed.
0
Anthony K O365
Asked:
Anthony K O365
  • 5
  • 4
3 Solutions
 
Adam FarageEnterprise ArchCommented:
Lync should be hitting domain controllers within there local AD site only. I believe there is a way to limit this to a particular domain controller (as you can do with Exchange) but I wouldn't recommend it. This is built in resiliency for the situation where a DC goes down, Lync can utilize another in-site domain controller to authenticate.

In the event that an in-site domain controller is not available it will then go to the closest site (depending on site link values) and utilize that domain controller.
0
 
Cliff GaliherCommented:
Looks like a DNS or maybe a topology issue. 5061 is SIP, and Lync has no reason to contact a DC via SIP. It is also reporting your pool FQDN as *.org, which means Lync will think every record in DNS is a part of the pool. So it isn't trying to contact a DC, it thinks it is trying to contact a pool member.
0
 
Anthony K O365Author Commented:
Cliff,

The actual Pool ID has been purposely omitted. So I don't think DNS is the issue. What protocol will Lync use to contact a DC? And is there a way to limit it to certain DC's in same site i.e. Exchange?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Cliff GaliherCommented:
LDAP, not SIP. That 5061 is still a sign of a misconfigurarion.  There is no way that I'm aware of to restrict Lync Server to specific DCs.
0
 
Anthony K O365Author Commented:
We have TMG in a DMZ and we're also using a Director role in our environment. Does that make a difference?
0
 
Cliff GaliherCommented:
Nope.
0
 
Anthony K O365Author Commented:
Thanks!
0
 
Anthony K O365Author Commented:
I constantly get these from SCOM...related to Lync 2013. Could this be related?

Alert: [LYNC] The number of requests currently in processing by application that have not yet been authenticated or are processed anonymously.
Source: Application Pool [LM_W3SVC_34577_ROOT_GroupExpansion]
Path: LyncServer.Domain.org
Last modified by: System
Last modified time: 12/22/2014 1:21:58 PM Alert description: Perf Object Name:
Perf Counter Name: WEB - Unauthenticated Requests In Processing Perf Counter Value: 4294967296 Error Threshold: 2499 Warning Threshold: 2000 Delta Window Size: 3 Dynamic Instance. Name: Application Pool DependencyId: ApplicationPool Symbol Prefix: WEBAUTH Category: LS:WEB - Throttling and Authentication Discover Interval: 14400 Excluded Instances:
Please see the 'Product Knowledge' and the 'Alert Context' tab on Alert Properties view for more information.
0
 
Cliff GaliherCommented:
Possibly. Tough to tell for sure.
0
 
Anthony K O365Author Commented:
Comments were very helpful! Still looking for a solution, but comments pointed me in right direction.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now