Lync Server 2013: Event 14497,14517 LS Protocol Stack

This issue dates a while back, but after Lync Server 2013 Cumulative Update 3 (5.0.8308.556 and above) the Edge Server Access Service won’t start with the Event 14497 LS Protocol Stack:

event14517-14497-01

One or more configuration errors were detected at startup that cannot be mitigated.

Cause: There are serious problems with the server configuration that prevented it from starting up.
Resolution:
Review the previous event log entries to identify failures. Alter the server configuration as required. If problems persist, contact Product Support Services.

Log Name:      Lync Server
Source:        LS Protocol Stack
Date:          07/05/2015 17:41:09
Event ID:      14497
Task Category: (1001)
Level:         Error
Keywords:      Classic
User:          N/A

Computer:      edge01.gears.lab

In a previous error, we found the following in Event Viewer:

event14517-14497-02

Event 14517, LS Protocol Stack

The server configuration validation mechanism detected some serious problems.

1 errors and 0 warnings were detected.

ERRORS:
The server at FQDN [sipfed.online.lync.com] is configured as both type ‘allowed partner server’ and type ‘IM service provider’.

WARNINGS:
No warnings

Cause: The configuration is invalid and the server might not behave as expected.
Resolution:
Review and correct the errors listed above, then restart the service. You may also wish to review any warnings present.

Log Name:      Lync Server
Source:        LS Protocol Stack
Date:          07/05/2015 10:32:35
Event ID:      14517
Task Category: (1001)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      edge01.gears.lab

Both the errors helped us to find the issue easily. In this case, we had configured a Lync Online tenant as Allowed Domain in SIP Federated Domains before updating to Lync Server 2013 CU3:

Lync Server Control Panel

event14517-14497-03

event14517-14497-04

Lync Server PowerShell

Lync Server 2013: Get-CsAllowedDomain
https://technet.microsoft.com/en-us/library/gg398164(v=ocs.15).aspx

event14517-14497-05

Lync Server 2013: Get-CsHostingProvider
https://technet.microsoft.com/en-us/library/gg413078(v=ocs.15).aspx

event14517-14497-06

To solve this we simply need to remove the Access Edge service (FQDN), which in this case is sipfed.online.lync.com from the Allowed Domain:

Lync Server Control Panel

event14517-14497-07

Lync Server PowerShell

Lync Server 2013: Set-CsAllowedDomain
https://technet.microsoft.com/en-us/library/gg398931(v=ocs.15).aspx

event14517-14497-08

Before continue, we need to check if the replication was successful:

Lync Server 2013: Get-CsManagementStoreReplicationStatus
https://technet.microsoft.com/en-us/library/gg399052(v=ocs.15).aspx

event14517-14497-09

Now we can go to Edge Server and use Start-CsWindowsService to start all Lync Server related services. After that, we can check with Get-CsWindowsService that all services are up and running:

event14517-14497-10

Notice that after Lync Server 2013 Cumulative Update 3 we cannot add a new Allowed Domain with the same Access Edge service (FQDN) as a Hosting Provider:

event14517-14497-11

When using Allowed Domains without specifying the Access Edge service (FQDN), make sure that Lync Server will rely on the DNS SRV Record for that specific SIP domain.

The Nslookup.exe Command Line Tool https://technet.microsoft.com/en-us/library/ee624049(v=ws.10).aspx

nslookup -type=srv _sipfederationtls._tcp.<SIP Domain>
event14517-14497-12