Possible attack by Discovered Partners: user limit exceeded Monitor

  • ID:  Microsoft.LS.2015.Monitoring.UnitMonitor.PairedEvent.AccessEdge.SIPPROXY_EVENT_OEF_MAXCONTACTS_PEERS
  • Description:  Possible attack by Discovered Partners: user limit exceeded
  • Target:  Access Edge Component
  • Enabled:  Yes

Operational States

Name State Description
Success state for Monitor 'Possible attack by Discovered Partners: user limit exceeded' Success  
Error state for Monitor 'Possible attack by Discovered Partners: user limit exceeded' Error  

Alert Details

Monitor State Message Priority Severity Auto Resolution
Error state for Monitor 'Possible attack by Discovered Partners: user limit exceeded' (Error) [Skype] The following discovered partners exceeded the number of internal users they are allowed to contact. Medium Critical Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

The following discovered partners exceeded the number of internal users they are allowed to contact.

Causes

Federated partners that were discovered through DNS SRV have attempted to contact more usernames within your enterprise than is allowed. Such a partner might be a legitimate peer with extensive connections to your organization, but it is more likely to be an attacker.

Resolutions

It is recommended that connections from these partners be blocked at the firewall. If a given partner is a legitimate peer then add the partner's domains to the allowed list.

External References
This monitor does not contain any external references.

See Also for Lync Server 2015 Monitoring Management Pack


Downloads for Lync Server 2015 Monitoring Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED