"Authentication Failure" Issue on most devices.

Similar Messages

• SNMP Authentication Failure

  Hi Folks
  I saw the below in wlc controller ,what this mean,how to fix this issue if any
  Most Recent Traps
  SNMP Authentication Failure: IP Address: 192.168.10.2

  I have same problem in WLC,
  1) are you using snmpv3 ?
       -Using SNMP modes -v2c & v3
  2) What does this ip address relate to ? some specific device ?
        -Its WCS
  With this problem we are unable to add guest users from WCS to WLC.
  Thanks in advance.

• Authentication Failure (Password Mismatch)

  Hi there.
  I am having a nightmare trying to get my web server working under Snow Leopard. To cut a long story short the server died and I had to restore it using a disk image before I migrate it to a new mavericks server. For obvious reasons I'd like to get everything working before I migrate.
  Whenever a users tries to access a secure page (mainly for svn access) they get rejected. If I try to access the page via safari/chrome I get a pop up window asking for a username and password. If the user enters their correct name and password it is constantly rejected (the name and password work elsewhere for email etc).
  In the logs on the server I get:
  [Wed Feb 05 16:34:33 2014] [error] [client 192.168.0.56] mod_auth_apple: User XXX authentication failure for "/xxx/xxxxxx": Password mismatch according to checkpw
  [Wed Feb 05 16:34:33 2014] [notice] [client 192.168.0.56] mod_auth_apple: Authenticating using lookupd or checkpw failed, and no configured htaccess file (AuthUserFile)
  If in Versions I try to refresh the svn repository I get:
  OPTIONS of 'https://[email protected]/svn/project'://[email protected]/svn/project': authorization failed: Could not authenticate to server: rejected Basic challenge (https://server.name.com)
  I am also having issues with iCal Server and AFP which makes me think there is some authorisation service which is corrupt/broken?
  Any help MOST appreciated as I am tearing my hair out here!
  Yours,
  Nic

  Ok something I have worked out by a bit of trial and error.
  NEVER run a server with two HDDs both with clones/installs of Mac OS.
  My server had the internal (faulty HDD) with the original server install called Macintosh HD. The clone was on a USB drive called SnowLeopardServer_Backup.
  Now for the most part the server worked (because most stuff uses Unix and proper paths). However it looks like all of apples stuff (Web services, iCal server and AFP) use the full path or at least components of them do. So because the server was originally set up on an HDD called Macintosh HD I can only suspect that it was freaking out by 1) now being on an HDD called something else and 2) that there was another HDD there called Macintosh HD.
  I have now renamed my old HDD to something else and renamed all the OS folders in it to something different too. I also renamed the clone drive to Macintosh HD.
  So far I turned on Web services and AFP and they work perfectly I have not turned on iCal yet as I want to ensure each service is working before turning on another.
  Also finally got the holy grail of Kerberos and Open Directory triangle working. I though that the iCal/Web/AFP not working with accounts was Open Directory related so I backed it up (and WGM), change to standalone and then tried to go back to a Master. It complained about the DNS not being set up and I finally found a post saying that you need to have your DNS set to point at 127.0.0.1 in the System Preferences > Network settings. I changed that and boom no more complaints about bad DNS
  Nic.

• Authentication failure when attempting to pair mouse

  For the last couple years I've had my Iogear Bluetooth mouse paired nicely with my Powerbook via a USB Bluetooth dongle (the built-in bluetooth doesn't work). Last week I paired my mouse with a friend's MacBook for several hours. When I tried to resume using the mouse with my own Powerbook, it was no longer paired, so I made a trip to Bluetooth Mouse Setup to initiate a new pairing. Unfortunately this no longer works; it finds the mouse successfully, but shortly after it reaches the "Pairing with your Bluetooth mouse" step, it displays a message in red lettering:
  The pairing attempt was unsuccessful due to authentication failure. When ready, click Continue to try again.
  I've retried the process many times during the last few evenings, but to no avail. Discoverable is turned on. I even reinstalled the Mac OS X 10.5.8 Combo update - still no go. Today I took my Bluetooth USB dongle and mouse to a Windows computer at work, and pairing worked just fine there, so I know it is not a hardware issue. Has anyone encountered this pairing error, and been able to resolve it?

  I've been going crazy with this issue the last two days.
  I had previously been using a Targus Bluetooth Mouse for Mac, but I have had to revert to an old Powerbook G4 as my main computer. I wanted to continue using my bluetooth mouse so after two tries I finally found a bluetooth dongle that the Mac recognizes. It seems to work like a charm, and is only annoying because of its bright green LED that blinks ceaselessly.
  However I was most disappointed to find that when attempting to pair with my mouse, it recognized the mouse, connected, but then stalled out on the pairing process with the same red text message mentioned here.
  I tried pairing with my old Palm m515 and that worked perfectly.
  I booted up to a 10.4.11 install on an external drive and found the mouse to pair up and work perfectly.
  Then I installed 10.5.4 on an external drive and it too connected perfectly. I tried creating a new user on my main drive's 10.5.8 install and that did not solve the problem. At this point I thought my main drive's 10.5.8 install was corrupt for some reason. I backed up my drive via Time Machine and proceeded the 6 hour new system fresh install.
  My Leopard install disc is version 10.5.4. The mouse paired and worked great after the initial install. It was all for nought, however, because upon installing the 10.5.8 update on this untouched fresh system, the mouse was no longer recognized and would stall at the pairing process. I even got a kernel panic this time.
  I don't know what Apple did between 10.5.4 and 10.5.8, but whatever it is made pairing with a bluetooth mouse via a Bluetooth dongle seemingly impossible. I assume there will be no fix for this since they have moved on to Snow Leopard.
  Since people are having this same problem regardless of their dongle brand or mouse brand, I suppose I can be confident that this is not a hardware issue. Especially since the hardware all works perfectly up to at least 10.5.4. I'm not sure when it breaks because I just go straight from 10.5.4 to the 10.5.8 combo update.

• WAP321 Authentication failure log codes

  Devices that have previoulsy connected to the WAP are still able to connect but any new device to the environment is not.  If I delete the network from an existing device that device is no longer able to authenticate and connect to the WAP.  Log entries below show the following errors for a single MAC.  This happened once before and to solve the issue I reentered the key into the SSID setup on the WAP.  All devices had to delete the existing SSID from their list of networks but then they were able to rejoin.  I don't want to ask users to do that again.  Any help on the log entries below is greatly appreciated!
  Jul 19 2013 01:42:34
  info
  hostapd[1078]
  wlan0: IEEE 802.11 STA 90:18:7c:b1:79:ea deauthed from BSSID c4:64:13:0c:e3:00 reason 1
  Jul 19 2013 01:42:34
  info
  hostapd[1078]
  Station 90:18:7c:b1:79:ea had an authentication failure, reason 16
  Jul 19 2013 01:42:32
  warn
  hostapd[1078]
  Received invalid EAPOL-Key MIC (msg 2/4)
  Jul 19 2013 01:42:32
  info
  hostapd[1078]
  Station 90:18:7c:b1:79:ea had an authentication failure, reason 22
  Jul 19 2013 01:42:31
  info
  hostapd[1078]
  Station 90:18:7c:b1:79:ea had an authentication failure, reason 22
  Jul 19 2013 01:42:30
  warn
  hostapd[1078]
  Received invalid EAPOL-Key MIC (msg 2/4)
  Jul 19 2013 01:42:30
  info
  hostapd[1078]
  Station 90:18:7c:b1:79:ea had an authentication failure, reason 22
  Jul 19 2013 01:42:30
  info
  hostapd[1078]
  wlan0: IEEE 802.11 STA 90:18:7c:b1:79:ea associated with BSSID c4:64:13:0c:e3:00
  Jul 19 2013 01:42:30
  info
  hostapd[1078]
  wlan0: IEEE 802.11 Assoc request from 90:18:7c:b1:79:ea BSSID c4:64:13:0c:e3:00 SSID KnightIns1

  Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center. Thank you for using the Cisco Community Post Forums.
  Reason Code 16: Authentication failed due to a user credentials mismatch.
  Reason-Code 22: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
  I am not sure what is causing this. However I would ask that you do two things. While everything is working normally go to Administration/Support Information and download a diagnostic file. Label it with a date WAP321 and the word "good". Save it somewhere. When this happens again, before doing anything go back in and get another diagnostic file label it the same except with the word "bad".
  Call in and open a support case and have the engineer notify me that you have opened one and also give them a reference to this community support thread.
  I will work with your engineer to see what is happening.
  Thanks
  Eric Moyers    .:|:.:|:.
  Cisco Small Business US STAC Advanced Support Engineer
  CCNA, CCNA-Wireless
  866-606-1866
  Mon - Fri 09:00 - 18:00 (UTC - 05:00)
  *Please rate the Post so other will know when an answer has been found.

• DFM - Authentication Failure Alert

  I am receiving alerts in DFM for "Authentication Failure" on a device that I am monitoring with DFM. The only info I can find about the alert is the name of the alert and the type of alarm. In this case, a "minor alarm". I would like to know what is device is causing the failure as it involves my network core switch. Does anyone have any ideas on how to find out what is causing this alarm?

  Some devices may send the generic SNMPv2 authentication failure trap without any varbinds, but most Cisco devices send a version that includes the address of the host that did the poll.
  If the varbind is missing from the trap, then you would need to move your sniffer closer to the device to find out who is doing the polling (i.e. capture the offending SNMP request packet). Alternatively, if this is an IOS device, you can use "debug snmp packet" to get see who is polling the device.

• WAP321 - Station had an authentication failure, reason 19/20

  Clients can authenticate succesful, work for some time, until they get an authentication failure, reason 19, followed by reason 20. WLAN has to be disabled and again enabled on the client and it's working again unti it come's again to the authentication failures. What do these failures mean? And how can these be resolved?
  Thanks, Roland
  May 7 2013 16:22:05     info     hostapd[1086]     Station 10:40:f3:a7:7f:f6 had an authentication failure, reason 20     
  May 7 2013 16:22:04     info     hostapd[1086]     Station 10:40:f3:a7:7f:f6 had an authentication failure, reason 19     
  May 7 2013 15:18:09     info     hostapd[1086]     The wireless client with MAC address 10:40:f3:a7:7f:f6 has been successfully authenticated.     
  May 7 2013 15:18:09     info     hostapd[1086]     wlan0: WPA STA 10:40:f3:a7:7f:f6 pairwise key exchange completed (WPAv2)     
  May 7 2013 15:18:09     info     hostapd[1086]     wlan0: IEEE 802.11 STA 10:40:f3:a7:7f:f6 associated with BSSID a4:93:4c:b1:cf:08     
  May 7 2013 15:18:09     info     hostapd[1086]     wlan0: IEEE 802.11 Assoc request from 10:40:f3:a7:7f:f6 BSSID a4:93:4c:b1:cf:08 SSID WLAN     
  May 7 2013 15:18:09     info     hostapd[1086]     wlan0: IEEE 802.11 STA 10:40:f3:a7:7f:f6 deauthed from BSSID a4:93:4c:b1:cf:08 reason 3: STA is leaving IBSS or ESS     
  May 7 2013 15:18:09     info     hostapd[1086]     wlan0: IEEE 802.11 Assoc request from 10:40:f3:a7:7f:f6 BSSID a4:93:4c:b1:cf:08 SSID WLAN     
  May 7 2013 15:18:09     info     hostapd[1086]     wlan0: IEEE 802.11 STA 10:40:f3:a7:7f:f6 deauthed from BSSID a4:93:4c:b1:cf:08 reason 3: STA is leaving IBSS or ESS     
  May 7 2013 14:28:47     info     hostapd[1086]     Station 10:40:f3:a7:7f:f6 had an authentication failure, reason 20     
  May 7 2013 14:28:46     info     hostapd[1086]     Station 10:40:f3:a7:7f:f6 had an authentication failure, reason 19     
  May 7 2013 14:03:41     info     hostapd[1086]     The wireless client with MAC address 10:40:f3:a7:7f:f6 has been successfully authenticated.     
  May 7 2013 14:03:41     info     hostapd[1086]     wlan0: WPA STA 10:40:f3:a7:7f:f6 pairwise key exchange completed (WPAv2)     
  May 7 2013 14:03:41     info     hostapd[1086]     wlan0: IEEE 802.11 STA 10:40:f3:a7:7f:f6 associated with BSSID a4:93:4c:b1:cf:08     
  May 7 2013 14:03:41     info     hostapd[1086]     wlan0: IEEE 802.11 Assoc request from 10:40:f3:a7:7f:f6 BSSID a4:93:4c:b1:cf:08 SSID WLAN

  I'm experiencing this aswell...
  Jan 5 2000 06:40:44
  info
  hostapd[1098]
  Station 1c:62:b8:ab:04:f4 had an authentication failure, reason 20
  Jan 5 2000 06:40:43
  info
  hostapd[1098]
  Station 1c:62:b8:ab:04:f4 had an authentication failure, reason 19
  Jan 5 2000 06:34:53
  info
  hostapd[1098]
  The wireless client with MAC address 1c:62:b8:ab:04:f4 has been successfully authenticated.
  Jan 5 2000 06:34:53
  info
  hostapd[1098]
  wlan0: WPA STA 1c:62:b8:ab:04:f4 pairwise key exchange completed (WPAv2)
  Jan 5 2000 06:34:53
  info
  hostapd[1098]
  wlan0: IEEE 802.11 STA 1c:62:b8:ab:04:f4 associated with BSSID d8:67:d9:c4:73:48
  Jan 5 2000 06:34:53
  info
  hostapd[1098]
  wlan0: IEEE 802.11 Assoc request from 1c:62:b8:ab:04:f4 BSSID d8:67:d9:c4:73:48 SSID World Domination Inc.
  Jan 5 2000 06:34:53
  info
  hostapd[1098]
  wlan0: IEEE 802.11 STA 1c:62:b8:ab:04:f4 deauthed from BSSID d8:67:d9:c4:73:48 reason 3: STA is leaving IBSS or ESS
  Jan 5 2000 05:52:01
  notice
  sntp[1067]
  Unable to resolve SNTP server host name:time-a.timefreq.bldrdoc.gov
  Jan 5 2000 04:46:59
  notice
  sntp[1067]
  Unable to resolve SNTP server host name:time-a.timefreq.bldrdoc.gov
  Jan 5 2000 04:29:17
  info
  hostapd[1098]
  Station 1c:62:b8:ab:04:f4 had an authentication failure, reason 20
  Jan 5 2000 04:29:16
  info
  hostapd[1098]
  Station 1c:62:b8:ab:04:f4 had an authentication failure, reason 19
  The date is also set wrong on my WAP, but thats not necessarily the issue.
  This problem is new as of Friday Evening (7/19/13) last week when the device was relocated.

• ISE 1.2 Authentication Failures at First time Connection

  Hi,
   I have a trouble with ISE 1.2 when trying to authenticate for first time an end-device, this device might be either a Workstation or IP Phone or Printer,etc. it fails or staying in running mode. The result is the same it can not access the network.  hopefully I'm still in open mode :)
  As i described in the beginning everything has status Running or Authz Failed. and after a time of period usually one day finally succeeds.
  This happens mostly for workstations and printers, but in case of phones does not have the same behavior. I unplug plug the phones or I shut/ no shut the ports in order to trigger it to succeed. For some phones worked but other obstinately declined.
  The phones which are not Cisco phones authenticated with MD5 (a simple username and pass  ) i think the problem should not related with the auth protocol.
  Below are some logs from one phone. For me coming to a short conclusion this must be related with the switches which are 3750e (15.02 SE 4 IOS)
  or with the same the ISE, why because i have almost the same behavior for all end-devices.
  I kindly remain your comments...
  2169669: Apr 16 18:02:20.573 EEST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/35, changed state to up
  2169670: Apr 16 18:02:20.783 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3ddf) on Interface Gi1/0/34 AuditSessionID 0A114D0D0000D5E8855C01DE
  2169671: Apr 16 18:02:20.791 EEST: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (0080.9f7d.3ddf) on Interface Gi1/0/34 AuditSessionID 0A114D0D0000D5E8855C01DE
  S301#
  2169672: Apr 16 18:02:20.992 EEST: %AUTHMGR-5-START: Starting 'dot1x' for client (0080.9f7d.3ddf) on Interface Gi1/0/34 AuditSessionID 0A114D0D0000D5F0855DE0EF
  2169673: Apr 16 18:02:21.580 EEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to up
  S301#
  2169674: Apr 16 18:02:24.289 EEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to down
  S301#
  2169675: Apr 16 18:02:25.288 EEST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/35, changed state to down
  2169676: Apr 16 18:02:26.269 EEST: %AUTHMGR-5-START: Starting 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169677: Apr 16 18:02:26.294 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169678: Apr 16 18:02:26.294 EEST: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169679: Apr 16 18:02:26.303 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169680: Apr 16 18:02:26.303 EEST: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169681: Apr 16 18:02:26.319 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169682: Apr 16 18:02:26.319 EEST: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169683: Apr 16 18:02:26.319 EEST: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169684: Apr 16 18:02:26.319 EEST: %AUTHMGR-5-START: Starting 'mab' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169685: Apr 16 18:02:26.328 EEST: %MAB-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169686: Apr 16 18:02:26.328 EEST: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169687: Apr 16 18:02:26.328 EEST: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  2169688: Apr 16 18:02:26.328 EEST: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  S301#
  2169689: Apr 16 18:02:26.336 EEST: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
  S301#
  2169690: Apr 16 18:02:27.737 EEST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/35, changed state to up
  2169691: Apr 16 18:02:28.744 EEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to up
  Regards
  T.C

  I'm not using authentication method with certificates for none end-devices
  Workstations with the windows default authentication protocol EAP/MSCHAPv2
  In front of them there are non Cisco IP-phones with auth. method EAP/MD5
  Finally I also have some printers again with option EAP/MD5
  For all of these devices I received the same behavior, after many hours finally the authenticated with ISE. But is this the expected behavior?
  What I understand is that if the devices finally authenticated then it means that there isn’t anything wrong with the method.
  The misunderstanding points are 3
  Why there is so much delay for all devices to authenticate?
  Why some devices, mostly IP phones (not all) continuing to fail to the authentication method. All my devices are identical with the same software / patch, same model etc.
  I have noticed randomly some devices one moment to succeed and the next moment to failed
  So for my understanding there is an abnormal behavior and i cannot find the way /pattern to correct it or to understand the reason :)
  Port config
  switchport access vlan xxx
   switchport mode access
   switchport voice vlan yyy
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan xxx
   authentication event server dead action authorize voice
   authentication event server alive action reinitialize
   authentication host-mode multi-domain
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   no cdp enable
   spanning-tree portfast
  result template
  Switch#sh auth sess int g1/0/46
              Interface:  GigabitEthernet1/0/46
            MAC Address:  xxxx.xxxx.xxxx
             IP Address:  xx.xxx.xx.xxx
              User-Name:  xxxxxxxxxxxx
                 Status:  Authz Failed
                 Domain:  DATA
        Security Policy:  Should Secure
        Security Status:  Unsecure
         Oper host mode:  multi-domain
       Oper control dir:  both
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  0A114D0A00001972016208E1
        Acct Session ID:  0x00001BB7
                 Handle:  0x6D0009B6
  Runnable methods list:
         Method   State
         dot1x    Failed over
         mab      Failed over

• ISE internal user authentication failure - user not found

  Hi Forumers'
  I trying to do wireless 802.1x, where identity store using intenral user.
  But i found this error message when i trying to connect
  Authentication failed                                                                                 :
  22056 Subject not found in the applicable identity store(s)
  My authrorization rules is built like this
  identity groups = user identities group / " mygroup"
  condition = no setting
  permissions = standard / PermitAccess
  Question 1
  Any troubleshooting step to do on this?
  Question 2
  For the Authorization rules, what's the condition should set for using Internal User as Identity store?
  Thanks
  Noel

  The error is caused to an authentication failure and is not an issue with authorization
  You need to look at your authentications policy (Policy->Authentications) and see which identity store was authenticated against
  In addition can do the Live Authentications page (Monitor->Authentications) and for the failing record click on the icon under details. This will give you the full details of the requets processing and you can see which rule was matched in the identity policy (Identity Policy Matched Rule) and "Selected Identity Stores".

• Ap authentication/join issue

  i am having issues joining new 1242LAP's to my controller.  i am receiving the follwing error on my controller:
  AAA Authentication Failure for UserName:5475d01144f0 User Type: WLAN USER
  username is the MAC of my new 1242LAP.  older 1242LAP's have no issue.  i have 70 of the newer ones that i have just installed and fail to join the controller with the above error message.  i'm not sure how to resolve.  any help would be appreciated.  thanks.
  Brandon

  Hi Brandon,
  Good question.  Sounds like your WLC may be authorizing LAPs via an Auth-list or AAA.  You can view these settings here:
  Web GUI --> Secuirty --> AAA --> AP Policies
  If you do not wish to authorize the APs via an auth-list or AAA, simply uncheck the following option:
  Authorize MIC APs against auth-list or AAA
  Cheers.
  Drew

• LMS 4.2.3 Continuous Authentication failure alarm in DFM

  Hi All,
  We are getting continuous minor alarm[Authentication Failure] for single router in the DFM.  can we check from which ip we are getting the authentication request??
  possible steps to find the cause for the authentication failure.?
  Regards,
  Channa

  Hi Vinod,
  I tried delete the DFM and DFM1.log files. but after stopping the deamon manager.unable to delete DFM1.log as this file was accessed by the smserver.exe in the backend.
  i have successful moved both RPS files and DFM.log file from the location. but the issue persists.
  I try again to delete DFM1.log file in the MW and update.
  Regards,
  Channa

• Go URL - User Authentication Failure

  Hi,
  I am trying to use a 'Go URL' in web application and I see some issue with authentication mechanism.
  I was able to login and view the dashboard whenever the username used in the 'Go URL' is from the console. But if the user who is from Active directory is used in the 'Go URL' link, then I get the login page saying 'Invalid username or password'. When I check the log file, it says ' [53012] User Authentication Failure'.
  Also the AD user can login from the login page, but not thru 'Go-URL' link.
  Can anyone let me know whether I am missing any step?
  Thanks

  969211 wrote:
  I was able to login and view the dashboard whenever the username used in the 'Go URL' is from the console. But if the user who is from Active directory is used in the 'Go URL' link, then I get the login page saying 'Invalid username or password'. When I check the log file, it says ' [53012] User Authentication Failure'.
  Also the AD user can login from the login page, but not thru 'Go-URL' link.
  Can anyone let me know whether I am missing any step?Check the usage of Go URL first : http://docs.oracle.com/cd/E21043_01/bi.1111/e16364/apiwebintegrate.htm
  If you dont user NQUser and NQPassword then they will be prompted for a password. you need to http://<hostname.domain>:9704/analytics/saw.dll?Dashboard&PortalPath=<your GO URLpath>*&NQuser=USERNAME&NQPassword=PASSWORD*
  You should not access if URL without logging in.
  Also on different note:
  Rupesh Shelar wrote:
  Make sure your BISYSTEM password
  Go to weblogic console, http://IP address:7001/console
  Home >Summary of Security Realms > myrealm > Users and Groups > BISystemUser
  And then go to your EM (http://IP address:7001/em)
  expand weblogic domain > bifoundation_domain > Security > Credentials > oracle.bi.system ? system.user
  Just retype a new password then Restart BI All Services then test it.How is BISystemUser even related to Go URL .or this issue .?
  Hope this helps.
  Let me know the updates. Mark if it answers!
  Thanks,
  SVS

• Authentication failure for zone 1 error

  We did some cleanup of old user accounts in our edir tree and after that I noticed a whole bunch of error messages on our catalina.out file. Problem is the error message does not specify what account it is looking for so I do not know what account I need to restore/recreate. Vibe seems to be working okay so I'm not sure what is broken with this account missing. Error message reads:
  2014-01-18 18:38:02,429 WARN [http-8443-55] [org.kablink.teaming.module.authentication.impl.Aut henticationModuleImpl] - Authentication failure for zone 1: org.springframework.security.userdetails.UsernameN otFoundException: User account disabled or deleted; nested exception is org.kablink.teaming.security.authentication.UserAc countNotActiveException: This account has been disabled or deleted.
  We are running on Vibe 3.4.0. Any help in identifying the account needed would be much appreciated.
  Thank you,
  Ronnie

  This looks okay.  An authFail indicates that someone is polling this device with the wrong community string.  Check x.x.x.x to make sure there aren't any applications polling this device with wrong credentials.
  Something else to note is that you should not be using '@' in your community strings.  While this shouldn't really matter for routers, it's a good rule of thumb not to use '@' on Cisco devices as that character is reserved for community string indexing.

• jservException Connection from /172.16.1.2 refused due to authentication failure

  We recently encountered an issue with our iStore server where the CPU spiked taking the website offline. The server was still up and running however we were forced to restart Apache to get the server back up and running. The logs were very undescriptive outside of the following error: <jservException> Connection from /172.16.1.2 refused due to authentication failure. Everything has worked fine before/since this incident.
  We are running iStore/EBS version 11.5.10 and our overall architecture is one iStore server in the DMZ with an application server and a DB server on our server VLAN all running Oracle Enterprise Linux. What steps can we take to track down this issue to find the root cause? Any help would be appreciated, thanks.

  Sharuk wrote:
  what Db version
  11g r2
  What is OS version
  OEL 5.9
  did you installed cluster
  Yes
  where the Installation Was when Power goes down ?
  This I posted in my question, power went down when it was creating OEM Files (CONFIG: Starting execution: /u01/app/oracle/product/11.2.0/dbhome_1/bin/emctl secure dbconsole -host racnode1 -sid racdb)Simply recreate OEM

• Prime infra 2.1 : SNMP Authentication failure polling

  Dear all,
  I post this message because we have some trouble during SNMP V2 poll on all our switches.
  We took care to deploy the good snmp credentials into the "Operate-> discovery settings" and even into the "Administration -> sys settings -> SNMP credentials".
  The issue is that during the poll phase the SNMP credential "default" is sent to all switchs that is causing a lot of "authentication failure" traps (a packet capture has been done to confirm this trouble).
  The correct credential is sent in parallel of this request that is ok.
  The OID requested is the 1.3.6.1.2.1.1.6.0 (which seems to be the "sysLocation" value). We already tried to restart the NCS services but trouble is still present.
  thank you in advance for your support,
  regards,
  SebastienJ

  Hello Afrahmad,
  we tried but unfortunately no success with RW community.
  We also tested before to place bigger timeout and more retries but no more result at all.
   the only thing that is seems to work for the moment is to configure on our switchs the community name "default" but it is not a viable solution for us unfortunately.
  Regards,
  sebastien