Many security events have been identified by the proxy stack.
The server may be under attack, or there might be a configuration problem that is causing errors.
Launch the Skype for Business Server 2015 Logging Tool. Select the "SIPStack" component, the "Errors" level and the TF_SECURITY flag. Review the events reported to the trace log using the "Analyze Log Files" feature of the logging tool.
Target | Microsoft.LS.2015.Component.AccessEdge | ||
Parent Monitor | System.Health.SecurityState | ||
Category | SecurityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.LS.2015.MonitorType.TimerResetEvent.Repeated | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.LS.2015.Monitoring.UnitMonitor.TimerResetEvent.AccessEdge.SIP_W_FLAT_FILE_LOG_SECURITY_ALERT" Accessibility="Public" Enabled="true" Target="Microsoft.LS.2015.Component.AccessEdge" ParentMonitorID="Health!System.Health.SecurityState" Remotable="true" Priority="Normal" TypeID="Microsoft.LS.2015.MonitorType.TimerResetEvent.Repeated" ConfirmDelivery="true">
<Category>SecurityHealth</Category>
<AlertSettings AlertMessage="Alert_Many_security_events_have_been_identified_by_the_proxy_stack.">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/Context/DataItem/EventDescription$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Microsoft.LS.2015.Monitoring.UnitMonitor.TimerResetEvent.AccessEdge.SIP_W_FLAT_FILE_LOG_SECURITY_ALERT.Timer" MonitorTypeStateID="TimerEventRaised" HealthState="Success"/>
<OperationalState ID="Microsoft.LS.2015.Monitoring.UnitMonitor.TimerResetEvent.AccessEdge.SIP_W_FLAT_FILE_LOG_SECURITY_ALERT.Repeated" MonitorTypeStateID="RepeatedEventRaised" HealthState="Error"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Lync Server</LogName>
<ErrorExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">14425</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">LS Protocol Stack</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</ErrorExpression>
<AutoResolveInterval>300</AutoResolveInterval>
<TimerWindowInSeconds>120</TimerWindowInSeconds>
<RepeatCount>30</RepeatCount>
</Configuration>
</UnitMonitor>