Search This Blog

Saturday, December 27, 2014

ProjectBasedPolicy: This Site Collection feature is not supported

If you get this warning when checking Content Deployment Source State in SharePoint 2013, you may have some  difficulties to actually find what is hidden behind this name.

From my lab experiments - it is Site Policy feature. Try to disable it on source site.

Thursday, December 18, 2014

MSCRM Email router issue

Log Name:      Application
Source:        MSCRMEmail
Date:          17.12.2014 09:15:50
Event ID:      0
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xx
Error accesing SystemState.xml. Restore file with last backup.

Log Name:      Application
Source:        MSCRMEmail
Date:          17.12.2014 09:15:50
Event ID:      16192
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xx
#16192 - The E-mail Router service could not run the service main background thread. The E-mail Router service cannot continue and will now shut down. System.Configuration.ConfigurationErrorsException: System information was not specified in the E-mail Router service configuration file. The E-mail Router service cannot continue and will now shut down. ---> System.Xml.XmlException: Unexpected end of file has occurred. The following elements are not closed: UserId, ProviderConfiguration, Configuration. Line 74, position 42.
   at System.Xml.XmlTextReaderImpl.Throw(String res, String arg)
   at System.Xml.XmlTextReaderImpl.ParseElementContent()
   at System.Xml.XmlLoader.LoadNode(Boolean skipOverWhitespace)
   at System.Xml.XmlLoader.LoadDocSequence(XmlDocument parentDoc)
   at System.Xml.XmlDocument.Load(XmlReader reader)
   at System.Xml.XmlDocument.Load(String filename)
   at Microsoft.Crm.Tools.Email.Providers.ConfigFileReader..ctor(String filePath, ServiceLogger serviceLogger)
   at Microsoft.Crm.Tools.Email.Providers.SystemConfiguration.Initialize(ServiceLogger serviceLogger)
   at Microsoft.Crm.Tools.Email.Agent.ServiceCore.InitializeSystemConfiguration()
   --- End of inner exception stack trace ---
   at Microsoft.Crm.Tools.Email.Agent.ServiceCore.InitializeSystemConfiguration()

   at Microsoft.Crm.Tools.Email.Agent.ServiceCore.ExecuteService()

to restore  

  • Microsoft.Crm.Tools.EmailAgent.Configuration.bin
  • Microsoft.Crm.Tools.EmailAgent.SystemState.Xml

Running Windows Update on a TMG Firewall Fails with Result Code 80072EE2

as explained in the article

the fix is to run

netsh winhttp set proxy localhost:8080

Le format de date de la valeur n'est pas pris en charge

If you get this error in French SharePoint 2010 when you set filter for Today, you should know that the explanation on the left:

"Affichez tous les éléments dans cet affichage ou affichez un sous-ensemble des éléments à l’aide de filtres. Pour filtrer sur une colonne en fonction de la date actuelle ou de l’utilisateur actuel du site, tapez [Aujourd’hui] ou [Moi] comme valeur de colonne. Utilisez des colonnes indexées dans la première clause afin d’accélérer l’affichage. Les filtres sont particulièrement importants pour les listes contenant 5 000 éléments ou plus, car ils permettent de travailler plus efficacement avec de grandes listes. En savoir plus sur le filtrage des éléments"

contains an error in the word  [Aujourd’hui] - the apostrophe is wrong.

Use rather [Aujourd'hui] - see the difference?

Tuesday, December 16, 2014

Monday, December 8, 2014

Did you forget to disable SSLv2 on your Lync edge?

Open and enter your edge sip address.

You can obvioulsy use ssscan

Depending on how you blocked SSLv2 your Lync 2011 on Mac might not work. But if you just lock it by registry   it should work ok.

Issues with Polycom cx600 and wildcard certificate on internal Exchange Autodiscover and EWS HLB: "Connection to Microsoft Exchange is unavailable"

As you can guess from the title, it is not supported. So the solution is to use internal PKI certificate on HLB (Barracuda in my case). You can export Exchange certificates from one of the CAS servers and import it to HLB.

Tuesday, December 2, 2014

EWS not deployed

In addtion to the old article :

EWS and Autodiscovery process of Lync 2013 client does not support Form based authentication (FBA). - it only supports NTLM

Monday, December 1, 2014

Lync documentation

SharePoint 2010 September 2014 cumulative update installation sequence

If you have SP2010 or SP2010 SP1 + language pack the sequence of September 20104 Cumulative update must be the following: 
1) Install SharePoint Server SP2
2) Install Language pack (French as example) SP2
2) Install Office Web Apps SP2
3) Install SharePoint Server September 2014 CU
5) Run config wizard

Verify version in Central Admin or Control Panel  14.0.7132.5000

Wednesday, November 19, 2014

LS Backup error 4073

Getting an error 4073?

Log Name:      Lync Server
Source:        LS Backup Service
Date:          11/19/2014 8:35:00 AM
Event ID:      4073
Task Category: (4000)
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      xxx

Microsoft Lync Server 2013, Backup Service user store backup module detected items having pool ownership conflict during import.

Try to move users mentioned in the error details field from one pool to another and back. If it does not help move them with force enabled.

Tuesday, October 28, 2014

Windows 8.1 Windows explorer does not refresh

There was a long standing issue when my Windows 8.1 Pro did not refresh explorer, as example if I create New Folder visually nothing happens, but if I hit refresh it will show the folder being created.

To fix that you need to change any Explorer's options. You can change it back, it is matter of changing something.

Thursday, October 23, 2014

SharePoint 2013 prerequisites install on Windows 2012 R2

As you may notice the SP 2013 installer is not compatible with Windows 2012 R2 - follow the manual download and install path for this platform.

Also do not forget to assign min 2 vCPU to the VM, otherwise it won't install.

Tuesday, October 21, 2014

DPM error on System State

DPM cannot create a backup because Windows Server Backup (WSB) on the protected computer encountered an error (WSB Event ID: 517, WSB Error Code:  0xABEBE0). (ID 30229 Details: Internal error code: 0x80990ED0)

Get a script from

Try to backup system state with Windows Backup...

In my case it was disk space issue, as System State required 16GB

Thursday, October 9, 2014

MS CRM Outlook add-in is slow

If you find that Outlook MS CRM add-in is slow (very slow) check if you have Folder redirection enabled for the user.

"Folder Redirection with offline files is not supported for CRM for Outlook. If the CRM data is stored with redirected offline files, users may be unable to use CRM for Outlook."

External Office Web apps and Lync error 54031;reason="The WAC presentation failed with a server error.";

There are many sources that tells you how to troubleshoot the issue, but what I found in one installation is that the problem was that Web services External fqdn was not published in internal zone of split DNS. Note that we are talking about WAC in cloud (Amazon), so this architecture is not using Reverse Proxy.

So the solution was to ensure that  from internal frontend we can do


and it points to external IP, and that we can do from internal frontend (U turn)

telnet 443

Once it is ok you should observe in Frontend IIS log something like

GET /DataCollabWeb/wopi/files/5D-1-1CE946B access_token=AAMFEO8PHq4......

to ensure there is a connection to get a PPT file from meeting share

Monday, September 29, 2014

Office Web Apps Get-OfficeWebAppsMachine shows Unhealthy

try to install HTTP activation on the WAC server

Add-WindowsFeature NET-WCF-HTTP-Activation45

retry again after 15 minutes Get-OfficeWebAppsMachine

Monday, September 1, 2014

Lync connectivity analyser loop and dump

We had an issue with certificates on Lync frontend, as a result the Lync connectivity analyser (a program, not the online one) was trying to reach WebTicket and after rejection was doing that in circles until it dums out.

The error:

Cookie  found in autodiscover response: StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
  Connection: Keep-Alive
  X-Ms-diagnostics: 28032;source="xxx";reason="The web ticket is invalid.";faultcode="wsse:InvalidSecurityToken"
  X-MS-WebTicketURL: https://xxxxx/WebTicket/WebTicketService.svc
  X-MS-WebTicketSupported: cwt,saml
  X-MS-Server-Fqdn: xxx
  X-Content-Type-Options: nosniff
  Cache-Control: private
  Date: Mon, 01 Sep 2014 07:17:36 GMT
  Server: Microsoft-IIS/8.5
  X-Powered-By: ASP.NET
  Content-Length: 4966
  Content-Type: text/html; charset=utf-8

It seems that after some test with Bindings in IIS, the certificates were not aligned. 

The soltion is to re- request  Lync frontend default certificate and make sure we get one certificate for all 3 services (except obviously OAuth).

Refer also to:

Sunday, August 31, 2014

Direct Access on Windows 8 error - iphttps interface creation failure 0x34

My PC suddenly stopped connecting to Direct Access.

In the sliding tab was showing connecting.
netsh interface httpstunnel show interface
is giving "iphttps interface creation failure 0x34"

The issue is inside Os who is trying to create tunnel but can not.

The key is to check registry in

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network  we had some orphaned entries. Make backup and try to delete strange ones.
Also delete GUIDs in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\Uninstalled

Friday, August 22, 2014

SharePoint Search error 6482 "An update conflict has occurred, and you must re-try this action"


Log Name:      Application
Source:        Microsoft-SharePoint Products-SharePoint Server
Date:          22.08.2014 19:11:29
Event ID:      6482
Task Category: Shared Services
Level:         Error
User:          xxx\spAdmin
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (5f2ccbee-b99c-4c62-b5e7-e2fc41f9530c).

Reason: An update conflict has occurred, and you must re-try this action. The object SearchDataAccessServiceInstance was updated by xxx\spAdmin, in the OWSTIMER (5236) process, on machine SP.  View the tracing log for more information about the conflict.

Technical Support Details:
Microsoft.SharePoint.Administration.SPUpdatedConcurrencyException: An update conflict has occurred, and you must re-try this action. The object SearchDataAccessServiceInstance was updated by xxx\spAdmin, in the OWSTIMER (5236) process, on machine SP.  View the tracing log for more information about the conflict.
   at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
   at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)


Wednesday, August 13, 2014

msiinstaller error 1035 on Sharepoint 2010

Curious to see what is behind error msiinstaller 1035 on Sharepoint server on around 00:50?


Log Name:      Application
Source:        MsiInstaller
Date:          13.08.2014 00:51:21
Event ID:      1035
Task Category: None
Level:         Information
Keywords:      Classic
User:          xxx
Computer:      xxx
Windows Installer reconfigured the product. Product Name: Microsoft Excel Mobile Viewer Components. Product Version: 14.0.6029.1000. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.

Try to run Get-SPProduct -Local  or start Product Version job.

This info is then used in Central Administration : Manage Patch Status report.


Wednesday, July 16, 2014

Find number of Lync Plus licenses needed in powershell

(Get-CsUser -OnLyncServer -Filter {lineURI -ne $Null}).count

(Get-CsUser -OnLyncServer -Filter {EnterpriseVoiceEnabled -eq $true}).count

(Get-CsUser -OnLyncServer -Filter {lineURI -ne $Null -and RegistrarPool -eq ""}).count

Do not forget about this method:

There also a beta powershell that counts using monitoring db

Tuesday, July 15, 2014

Enable RDP for Windows 2012 server via powershell

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections"

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

Friday, July 4, 2014

Windows and Lync TLS ciphers

In order to understand which ciphers Lync accepts (as example when we create Sonus SBC TLS profile) we will use a tool called SSLScan

we will run

sslscan --tls1 lyncfe13:5067

Testing SSL server lyncfe13 on port 5067

  Supported Server Cipher(s):
    Rejected  TLSv1  256 bits  ADH-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-DSS-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Rejected  TLSv1  128 bits  ADH-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Rejected  TLSv1  168 bits  ADH-DES-CBC3-SHA
    Rejected  TLSv1   56 bits  ADH-DES-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-ADH-DES-CBC-SHA
    Rejected  TLSv1  128 bits  ADH-RC4-MD5
    Rejected  TLSv1   40 bits  EXP-ADH-RC4-MD5
    Rejected  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Rejected  TLSv1   56 bits  EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
    Rejected  TLSv1   56 bits  EDH-DSS-DES-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-EDH-DSS-DES-CBC-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Rejected  TLSv1   56 bits  DES-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-DES-CBC-SHA
    Rejected  TLSv1  128 bits  IDEA-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-RC2-CBC-MD5
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5
    Rejected  TLSv1   40 bits  EXP-RC4-MD5
    Rejected  TLSv1    0 bits  NULL-SHA
    Rejected  TLSv1    0 bits  NULL-MD5

  Prefered Server Cipher(s):
    TLSv1  128 bits  AES128-SHA

Sonus normally suggests to use

You can also use nmap for the same purpose, see details at,_Insufficient_Transport_Layer_Protection_(OWASP-EN-002)

Update: if you want to check wether sslv2 is disabled or not, run

sslscan --no-failed

Tuesday, June 10, 2014

Lync address book debug

1) Normalisation debug

$a = debug-csaddressbookreplication -user -poolfqdn pool.fqdn -OutVerboseVariable TestOutput

2) C:\Program Files\Microsoft Lync Server 2013\Server\Core>abserver.exe -testPhoneNorm "+1 123 456 7890;Ext=1234"
args[1]: +1 123 456 7890;Ext=1234
+1 123 456 7890;Ext=1234 -> tel:+11234567890;ext=1234
    Matching Rule in Company_Phone_Number_Normalization_Rules.txt on line 123

Command execution failed: Not found: Website "34577"

Deleted by mistake IIS website of Lync 2013?

Getting the error Command execution failed: Not found: Website "34577"  in the Deployment wizard?

Deinstall from Control panel Lync web services and try Deployment wizard again...

Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.

Problem: Direct Access server Windows 2012 R2 can not get a certificate: Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.

Symptoms: certutil ping works on IP, but not on server name.

C:\Windows\system32>certutil -ping -config dc1
Connecting to dc1 ...
Server could not be reached: The RPC server is unavailable. 0x800706ba (WIN32: 1

CertUtil: -ping command FAILED: 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE
CertUtil: The RPC server is unavailable.

C:\Windows\system32>certutil -ping -config
Connecting to ...
Server "xxx" ICertRequest2 interface is alive (109ms)
CertUtil: -ping command completed successfully.


Friday, June 6, 2014

Find IP by MAC address in powershell

1..254 | ForEach { Test-Connection 192.168.0.$_ -Count 1 -Quiet }

arp -a | select-string "00-15-5D-FE-9F-41" |% { $_.ToString().Trim().Split(" ")[0] }

Thursday, June 5, 2014

Change windows password in RDP session

To change a password in RDP session use Ctril-Alt-End combination instead of Ctrl-Alt-Del


Tuesday, May 6, 2014

Disk cleanup tool for winsxs

Running out of disk space on drive c:? try:

dism.exe /online /cleanup-image /spsuperseded

Also enable disk clean up 

for w2008r2 

copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe C:\Windows\System32

copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui C:\Windows\System32\en-US

Here are some references:

in order to use cleanmgr.exe you’ll need to copy two files that are already present on the server, cleanmgr.exe and cleanmgr.exe.mui. Use the following table to locate the files for your operating system.


Operating System
File Location
Windows Server 2008 R2
Windows Server 2008 R2
Windows Server 2008
Windows Server 2008
Windows Server 2008
Windows Server 2008
Once you’ve located the files move them to the following locations:
  1. Cleanmgr.exe should go in %systemroot%\System32.
  2. Cleanmgr.exe.mui should go in %systemroot%\System32\en-US.

You can now launch the Disk cleanup tool by running Cleanmgr.exe from the command prompt.

Finally(?) W2k3 support in DPM 2012 R2

to be tested in few minutes...


Oops, it has been recalled....Enjoy testing....

Update: it is back again - link

Quality of the article is not the best so please use ratrher this link for manual installation of agents:

Now I can see 2003 servers!

Monday, May 5, 2014

Ralink RT3290 802.11bgn Wi-Fi Adapter pn HP ProBook 470 G0 does not see channel 13 for Europe

If you are lucky owner of HP Probook 470 with Ralink adapter, you should know that your adapter may be set to USA as a country. It means your adapter will not see a wireless with channel beyond 13 that are allowed in Europe, but restricted in US.

To cha nge country - locate registry with the name of the card.

In my case it is [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0003]

change countryregion from 0 to as example 1.

Reboot ans check if you now able to see wireless on the channel 13...

Wednesday, April 16, 2014

Lync 485 Ambiguous error

Getting an error in Lync 2013:

SIP/2.0 485 Ambiguous
ms-user-logon-data: RemoteUser
Authentication-Info: TLS-DSK qop="auth", opaque="xx", srand="xx", snum="18", rspauth="xx", targetname="xx", realm="SIP Communications Service", version=4
From: ;tag=xx;epid=xx
To: ;tag=xx
Call-ID: xx
Via: SIP/2.0/TLS xxx:xx;received=xxx;ms-received-port=xx;ms-received-cid=xx
ms-diagnostics: 4199;reason="Multiple users associated with the target phone number";HRESULT="0x8004C3CD";processing-cluster="xx";processing-frontend="xx";source="xx"
Server: RTC/5.0
Content-Length: 0

In the enviroment we have a

+1xxxxxxxxx  - number of main non-Lync autoattendant.  This number does not exist in Lync, but there are several (two) non-DID users with


Even after removing the second user, the error persist. It is strange, since there is no other user or contact or else who use +1xxxxxxxxx - checked with 

There is some info that it might be a bug of Lync -

I will post update on this....
UPDATE: selected another DID to be used as base for extension and it works ok. Note that there is no direct DID defined in the system, only ones with extensions.
Lync does not like ext to be mixed with no ext. For the example above you have to add ext=1 or any other ext for the main number.

Friday, April 11, 2014

Lync SBA egde firewall port requirements

Normally we need only to open port 5062 on the egde for SBA. Ref:   - check the right bottom picture

If there are no directors in the topology, then also 5061 two ways.

Note that port 5062 is needed on Edge servrs assigned to SBA/FrontEnd pool. However, I recommend to open it in all other edges pools as well. This way you have a flexibility to change edge pool in needed.

Wednesday, April 2, 2014

Testing Lync edge

When you test firewall rules for Lync edge installation you can use several different tools.

msturnping  (part of reskit) can test AV ports for media transfers.

telnet - can test tcp ports like 443 or 8057.

nmap can be used to test UDP:

nmap -sU -p 3478 
to test internal STUN port
nmap -sU -p 3478 -S  
to test external STUN (we also need to specify AV source IP, because by default it may take Access IP or WebConf IP, etc)

If you want continuos packets to be sent (if you need to see packets passing in firewall monitor) - STUN from internal Pc to edge:

nping  --udp -p 3478 -g 3478 -c 20000

some real tests output - for nmap -sU -p 3478 -  it responds HOST IS UP:

Host is up (0.013s latency).
3478/udp open|filtered unknown

Friday, March 28, 2014

Lync 2013 egde internal certificate

Interesting observation:

You better have SAN of edge pool and of each individual servers in the certificate. By default it is not proposed by wizard.

Then you can use test tool msturnping sucessfully.

Not sure about whether this creates issues for normal use, as I see that it is not really impacting federation and other traffic. Anyway, it costs nothing to add those fields in to certificate and profit from msturnping tool.

Thursday, February 27, 2014

Lync HA poster

Lync Server 2013 On-Premises Architectures Poster

Thursday, February 20, 2014

Skype-Lync video

Microsoft Lync-Skype connectivity v2 – Adds Video and More

Monday, February 17, 2014

Lync SQL mirror troubleshooting

To move all DB back tpo the primary SQL run in the FrontEnd PowerShell 

Invoke-CsDatabaseFailover –PoolFQDN fepoolname.domain.loc –DatabaseType User –NewPrincipal primary -verbose

Invoke-CsDatabaseFailover –PoolFQDN fepoolname.domain.loc –DatabaseType User –NewPrincipal primary

Invoke-CsDatabaseFailover –PoolFQDN fepoolname.domain.loc –DatabaseType App –NewPrincipal primary

Invoke-CsDatabaseFailover –PoolFQDN fepoolname.domain.loc –DatabaseType CentralMgmt –NewPrincipal primary

Invoke-CsDatabaseFailover –PoolFQDN fepoolname.domain.loc –DatabaseType Monitoring –NewPrincipal primary

If Mirror is shown as suspended - log to current holder of primary SQL for this db and pass SQL query


Then try again  Invoke-CsDatabaseFailover 

Thursday, January 23, 2014

Lync 2013 WebConf instability, events 41024, 41026, 41025, 42001, 41999

We observe some errors in Lync 2013 Front End not regularly, but sometimes every 20-30 minutes. There are somewhat more errors during the night or weekend, but it is very difficult to find exact time pattern. Later on you will understand why the error appear during a quiet period, rather than during a full load.

Log Name:      Lync Server
Source:        LS Data MCU
Date:          1/22/2014 8:50:06 AM
Event ID:      41024
Task Category: (1018)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xx
No connectivity with one of the Web Conferencing Edge Servers.

Edge Server Machine FQDN: yy, Port:8057
If the problem persists this event will be logged again after 20 minutes
Cause: Service may be unavailable or Network connectivity may have been compromised.

Log Name:      Lync Server
Source:        LS Data MCU
Date:          1/22/2014 8:50:06 AM
Event ID:      41026
Task Category: (1018)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xx
No connectivity with any of Web Conferencing Edge Servers. External Lync clients cannot use Web Conferencing modality.

Cause: Service may be unavailable or Network connectivity may have been compromised.
Verify all Web Conferencing Edge Services in the topology are running, and network connectivity is available.
Log Name:      Lync Server
Source:        LS Data MCU
Date:          1/22/2014 8:50:06 AM
Event ID:      41025
Task Category: (1018)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      xx
Connection to the Web Conferencing Edge Server has succeeded
Edge Server Machine FQDN: yy, Port:8057

At the same time on the Egde server we see the reflection of the same issue:
Log Name:      Lync Server
Source:        LS Web Conferencing Edge Server
Date:          1/22/2014 5:07:45 PM
Event ID:      42001
Task Category: (1023)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      yy
Web Conferencing Server disconnected

Connection from Web Conferencing Server from xx  disconnected.
This event is reported only once in 30 minutes even if other Web Conferencing Servers will disconnect during said period.
Cause: This can happen if the Web Conferencing Server was unavailable or taken down for maintenance
Make sure that the Web Conferencing Server is up and running

Log Name:      Lync Server
Source:        LS Web Conferencing Edge Server
Date:          1/22/2014 4:44:13 PM
Event ID:      41999
Task Category: (1023)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      yy
Web Conferencing Server connected successfully

Web Conferencing Server with FQDN xx connected successfully

Our initial ideas - backup load, Antivirus, TOE, RSS, TCP offload on Virtual Machine and host - did not succeed. Now it is time to check the network:
In between there is a firewall PaloAlto. Default session timeout 3600 sec.

SSL application timeout is 1800 sec.

We can check in the Monitor tab the session on Edge WebConf port 8057. The session was detected as ssl and therefore the timeout is set to be 1800 seconds. If you keep refreshing you will see TTL value for the session:

Edge sends session keeping heartbeat packets each 300 seconds (5 minutes)

But Palo Alto does not see that session is alive (TTL is ticking down, despite to the fact that there are packets every 5 minutes). And as a result it will drop a session after 1800 seconds. Lync will try to send a keepalive packet, but because the session has been dropped we see several TCP re-transmissions, then Lync will rise the errors and will try to reestablish new session.  
This PA behavior is due to mechanism of offload to gain performance:
In this keepalive session to obtain 16 packets, the length of the session must be (16x300) = 4800 sec.
So the solution is to override application setting in PaloAlto to set the session timeout to be 4800 seconds, refer to