Prime infra 2.1 : SNMP Authentication failure polling

Dear all,
I post this message because we have some trouble during SNMP V2 poll on all our switches.
We took care to deploy the good snmp credentials into the "Operate-> discovery settings" and even into the "Administration -> sys settings -> SNMP credentials".
The issue is that during the poll phase the SNMP credential "default" is sent to all switchs that is causing a lot of "authentication failure" traps (a packet capture has been done to confirm this trouble).
The correct credential is sent in parallel of this request that is ok.
The OID requested is the 1.3.6.1.2.1.1.6.0 (which seems to be the "sysLocation" value). We already tried to restart the NCS services but trouble is still present.
thank you in advance for your support,
regards,
SebastienJ

Hello Afrahmad,
we tried but unfortunately no success with RW community.
We also tested before to place bigger timeout and more retries but no more result at all.
 the only thing that is seems to work for the moment is to configure on our switchs the community name "default" but it is not a viable solution for us unfortunately.
Regards,
sebastien

Similar Messages

  • SNMP Authentication Failure

    Hi Folks
    I saw the below in wlc controller ,what this mean,how to fix this issue if any
    Most Recent Traps
    SNMP Authentication Failure: IP Address: 192.168.10.2

    I have same problem in WLC,
    1) are you using snmpv3 ?
         -Using SNMP modes -v2c & v3
    2) What does this ip address relate to ? some specific device ?
          -Its WCS
    With this problem we are unable to add guest users from WCS to WLC.
    Thanks in advance.

  • Wism2 SNMP Authentication Failure

    I cannot seem to communicate with my new Wism2 via SNMP.
    The configuration is the same as on my Wism 1, same version of code, same SNMP settings and strings and subnets.
    Slot  Controller  Service IP       Management IP    SW Version    Controller Type    Status
    ----+-----------+----------------+----------------+------------+------------------+---------------
    1     1           192.168.10.2     10.XX.XX.10      7.0.116.0    WS-SVC-WISM-1-K9   Oper-Up
    1     2           192.168.10.3     10.XX.XX.15      7.0.116.0    WS-SVC-WISM-1-K9   Oper-Up
    3     1           192.168.10.4     10.XX.XX.20      7.0.116.0    WS-SVC-WISM-2-K9   Oper-Up
    SNMPWalk of the Wism1 controllers is fine.  SNMPWalk of the Wism2 just gets me a timeout.
    The snmplog does occasionally register an Authentication failure
    Trying V1 and V2c with the same results.
    Any advice?

    on thew new WiSM2 did you issue the command config network-mgmt-via-dyamic interface enable?
    by default the WLC has issues with responding to requests from the wire, for a subnet that it is configured to use.  The above is the workaround to this situation.
    Per the best practices guide, "It is important to avoid configuring a dynamic  interface in the same sub network as a server that has to be reachable  by the controller CPU, for example a RADIUS server, as it might cause  asymmetric routing issues."
    HTH,
    Steve

  • SNMP authentication failure for User Tracking

    Hi,
    In reference to this thread from a few years back, I have a similar issue on LMS3.2.1 (CM 5.2.2) ...
    https://supportforums.cisco.com/message/641479#641479
    I have hourly spikes in CPU on a lot of devices that I think is related to this. Packet sniffing shows the proper SNMP community string, but I'm getting auth fails. I took a look at the ANIServer.properties but can't make any sense of what I should be changing.
    Looking up the MIBs doesn't seem to get me anywhere.
    Any suggestions (J. Clarke--you know your stuff! or anyone from Cisco?)
    Thanks

    You'll want to set
    UTGetSuspendedVlans=0
    UTGetVlansOnDownPorts=0
    in ANIServer.properties.
    When you poll a switch for its MAC table using the BRIDGE-MIB, the community string that is used is in the format of @. The above prevents Campus from polling for vlans that are suspended or which do not have any active ports on them.
    Also, if you are using SNMP v3, then you need to configure vlan contexts for the valid vlans on the device for the same reason.

  • Cisco Prime Infra 1.2 Web server

    Hello,
    I have installed a version of Cisco Prime Infrastructure 1.2.11 with a kickstart .ova file on my production network.
    Everything goes fine and I follow the instructions for installation ; i can ping my Cisco PI server and ssh into it as admin.
    However, when I try to reach the web server via https, it does not work. I have reviewed my proxy settings and they are not to blame. The nslookup returns the IP address when I poll it. I have read elsewhere that I would need "NCS" service to be started, but I can't find anything called NCS on my Prime Infra server in CLI mode.
    Anyone with a suggestion for this issue ?
    Thanks
    Jeremy

    Actually I know what's happening ; the PnP (plug n play) setup was not configured, and so 443 port was not up.
    I configured PnP using "pnp setup" command, but then I have to supply a list of certificates and keys :
    Enter absolute pathname of PnP Gateway server key file:
    Enter absolute pathname of PnP Gateway server certificate file:
    Enter absolute pathname of Prime Infrastructure server certificate file:
    I tried to do this with the private key I had for my server. I created it on my Certificate Authentication and got a .key and a .csr (certificate server request).
    However when i feed them to my PnP setup I get this error :
    Setup is in progress.......
    Stop PnP Gateway server
    OpenSSL command failed for mycert.csr and mykey.key
    any idea as to why this is happening?
    I read elswhere again that i need to run commands with "ncs" but I don't have "ncs" commands on my prompt...
    Thank you for your time

  • DFM - Authentication Failure Alert

    I am receiving alerts in DFM for "Authentication Failure" on a device that I am monitoring with DFM. The only info I can find about the alert is the name of the alert and the type of alarm. In this case, a "minor alarm". I would like to know what is device is causing the failure as it involves my network core switch. Does anyone have any ideas on how to find out what is causing this alarm?

    Some devices may send the generic SNMPv2 authentication failure trap without any varbinds, but most Cisco devices send a version that includes the address of the host that did the poll.
    If the varbind is missing from the trap, then you would need to move your sniffer closer to the device to find out who is doing the polling (i.e. capture the offending SNMP request packet). Alternatively, if this is an IOS device, you can use "debug snmp packet" to get see who is polling the device.

  • ISE Alarm : Critical : Profiler SNMP Request Failure : Server

    Ok, so this alarm is coming in repeatedly and is now on my projects list.  I get email alerts from the server that list thr NAD IP as the endpoint device and the Endpoint IP address is correct.  I've checked the settings and the endpoint is not listed as a NAD in ISE (ver 1.2).
    Profiler SNMP Request Failure
    Details :
    Profiler SNMP Request Failure : Server=xxx-xxx-xxx; NAD Address=10.253.124.194; Endpoint IP Address=10.253.124.194
    Description :
    SNMP request times out, or SNMP community/user auth data is incorrect.
    Suggested Actions :
    Please ensure if SNMP is running on the NAD and verify that SNMP configuration on ISE matches on NAD
    *** This message is generated by Cisco Identity Services Engine (ISE) ***
    Has anyone seen this come in before?
    PS - Why is the IOS for ISE so cut down?  Looks like something you would get from an Apple product.
    Thanks,
    Clark

    Hello,
    Please follow below CiscoLink:
    http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_mnt.html
    Profiler SNMP Request Failure
    Either the SNMP request timed out or the SNMP community or user authentication data is incorrect.
    Ensure that SNMP is running on the NAD and verify that SNMP configuration on Cisco ISE matches with NAD.
    Also ensure what snmp version device is using.
    Thanks,

  • Authentication failure for zone 1 error

    We did some cleanup of old user accounts in our edir tree and after that I noticed a whole bunch of error messages on our catalina.out file. Problem is the error message does not specify what account it is looking for so I do not know what account I need to restore/recreate. Vibe seems to be working okay so I'm not sure what is broken with this account missing. Error message reads:
    2014-01-18 18:38:02,429 WARN [http-8443-55] [org.kablink.teaming.module.authentication.impl.Aut henticationModuleImpl] - Authentication failure for zone 1: org.springframework.security.userdetails.UsernameN otFoundException: User account disabled or deleted; nested exception is org.kablink.teaming.security.authentication.UserAc countNotActiveException: This account has been disabled or deleted.
    We are running on Vibe 3.4.0. Any help in identifying the account needed would be much appreciated.
    Thank you,
    Ronnie

    This looks okay.  An authFail indicates that someone is polling this device with the wrong community string.  Check x.x.x.x to make sure there aren't any applications polling this device with wrong credentials.
    Something else to note is that you should not be using '@' in your community strings.  While this shouldn't really matter for routers, it's a good rule of thumb not to use '@' on Cisco devices as that character is reserved for community string indexing.

  • Issue with Prime Infra 2.1.1 and Nexus 7K

    We have recently migrated from our NCS to Prime Infra 2.1.1. Since doing this we have started to import or switching gear into PI in addition to our WLC and MSE appliances. Discovery and inventory of the 3750X and 4500-X switches has been without issue. When we point PI 2.1.1 to a Nexus 7K running a VDC, the switch discovers as a Nexus 9500 instead of a 7K. Anyone else seen this happen? Any work arounds or suggestion on what might be going on? My thought was its discovering a VDC on the 7K and its not the admin VDC. That said our Admin VDC is not configured for SNMP and  we wanted to discover the VDC's that we actually use for client traffic. I should note we have loaded the lastest available device pack to PI as well.
    Please advise - any help would be greatly appreciated.
    Thanks,
    Jeff

    We ran a  discovery of all our Nexus switching last night. Once we did that the patter was easy to see. Any 9 or 10 slot Nexus was fine, any 4-slot Nexus appears as a Nexus 9500 instead of a 7K. I checked the compatibility matrix (latest release through DP 6.0) and support for the 9/10/18 slot is listed. No mention of support for the 4 slot. I believe that is our issue.
    Jeff

  • SNMP Authentication Errors

    Hi,
    Ciscoworks (LMS 3.2) is gererating SNMP authentication errors for some of our devices (5 out of 838). The typical trap message is as follows:
    Authentication Failure - "[1] authAddr.0 (IpAddress): X.X.X.X [2] snmpTrapEnterprise.0 (Object ID): 1.3.6.1.4.1.9.1.614 "   Where X.X.X.X is the Ciscoworks server.
    I have confirmed the device credentials are correct in Ciscoworks. I have deleted and re added the devices to the DCR. I have backed up and restored the RME database. I have reinitialised the RME database and I have deleted the devices out of DFM.
    What else can I try?
    Thanks,
    Ian

    Does the timestamp of the authentication errors match with the time of the scheduled discovery?
    Discovery may cause these errors when it tries different community strings to talk to your devices.
    By limiting the community string used to know IP address ranges amount of errors can be reduced
    10.*.*.*
    172.[16-18].*.*
    2001::1234:5:6:*
    192.168.1.1
    For each community string you can set a target IP address range
    Cheers,
    Michel

  • Intermittent AD Authentication failures in ISE 1.2

              Starting today I was getting intermittent authentication failures in ISE. It would say that the user was not found in the selected identity store. The account is there though. At one point I ran a authetication test from the external identity source menu and I got a failure and then the next time a pass. I have no idea why this is happening. I just updated to ISE 1.2 the other day. I'm also seeing what looks like a high level of latency on both of my PSN's. Is this normal?  Any ideas?
    Thanks
    Jef

    Interesting. I have one location that is not having this problem at all. The other is having it somewhat frequently. The PSN's for each location are tied to the local AD servers. I have not had this until we started getting 300-380 PC's connecting. We are a school so we are slowly getting started. It's real random. One user will work then another time they won't. Happens with admin and user. I have notices that with this new version of ISE it is complaining that it is getting accounting updates from the NAS too often, but I have not looked into this because I just installed 1.2 about 3-4 days ago and haven't had time to look into it.
    When you say Multicast to you AD...how did you check that? We do use multicast.

  • HI, Im using Iphone 4 and i recently got my IOS updated to IOS7 and  now im getting the error message as "PDP authentication failure" Im using Aircel carrier.

    HI, Im using Iphone 4 and i recently got my IOS updated to IOS7 and  now im getting the error message as "PDP authentication failure" Im using Aircel carrier.
    Please let me know how to fix this issue

    update...
    I am not one to give up. So I called AT&T today. Now they are telling me they canceled my order because they were unable to fulfill my order. Basically, AT&T told me they sold out so they canceled my order so I can proceed to reorder again. It took them 4 days to realize this. I will be lucky if I get a new phone by Christmas. I am sure they will find a way to cancel my order again.
    Again, I argued, how is this my fault. I placed my order at the store around 11 a.m. Pacific time. My friend ordered his phone online sometime after me. He got his but my order was canceled. AT&T tried to explain to me that they sold over 600,000 phones, almost 500 per minute during there peak. Again, I asked, how this was my fault.
    I can understand over selling the phone. It is a great product. There is no reason to cancel my order. You adjust my order and tell me you will let me know when my phone will be in. I would have been mad that my phone was going to be late but I would have survived. At least I would be getting one.
    At this point, I have no order and AT&T or Apple website will allow me to order one. I just want to get in the QUEUE for one.
    Frustrated.

  • How to solve the error message "Could not activate cellular data network: PDP authentication failure"when using 3g or gPRS on safari with an iphone 4 and latest software updates

    Please can someone help me to solve the error message "Could not activate cellular data network: PDP authentication failure"when using 3G or GPRS on safari with an iphone 4GS and latest software updates. I have tried resetting the network and phone settings. I have restored the factory settings on itunes and still the problem persists.

    All iPhones sold in Japan are sold carrier locked and cannot be officially unlocked by the carrier. If you unlocked it, it was by unauthorized means (hacked), and support cannot be given to you in this forum.
    Hacked iPhones are subject to countermeasures by Apple, particularly when updating the firmware. It is likely permanently re-locked or permanently disabled.
    Message was edited by: modular747

  • The test couldn't sign in to Outlook Web App due to an authentication failure. Extest_ account.

    Hi.
    I'm using SCOM 2012 R2 and have imported the Exchange server 2010 MP.
    I have runned the TestCasConnectivityUser.ps1 script and almost everything is okay except for the OWA test login.
    The OWA rule is working for some time until (I think) SCOM is doing a automatic password reset of the extest_ account. Then I get the OWA error below. The other test connectivity are working. Any suggestions.
    One or more of the Outlook Web App connectivity tests had warnings. Detailed information:
    Target: xxx|xxx
    Error: The test couldn't sign in to Outlook Web App due to an authentication failure.
    URL: https://xxx.com/OWA/
    Mailbox: xxxx
    User: extest_xxx
    Details:
    [22:50:08.936] : The TrustAnySSLCertificate flag was specified, so any certificate will be trusted.
    [22:50:08.936] : Sending the HTTP GET logon request without credentials for authentication type verification.
    [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
    [22:50:09.154] : The sign-in page is from ISA Server, not Outlook Web App.
    [22:50:09.154] : The server reported that it supports authentication method FBA.
    [22:50:09.154] : This virtual directory URL type is External or Unknown, so the authentication type won't be checked.
    [22:50:09.154] : Trying to sign in with method 'Fba'.
    [22:50:09.154] : Sending HTTP request for logon page 'https://xxx.com/CookieAuth.dll?Logon'.
    [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
    [22:50:09.373] : The test couldn't sign in to Outlook Web App due to an authentication failure.
    URL: https://xxx.com/OWA/
    Mailbox: xxx
    User: extest_xxx
    [22:50:09.373] : Test failed for URL 'https://xxx/OWA/'.
    Authentication Method: FBA
    Mailbox Server: xxx
    Client Access Server Name: xxx
    Scenario: Logon
    Scenario Description: Sign in to Outlook Web App and verify the response page.
    User Name: extest_xxx
    Performance Counter Name: Logon Latency
    Result: Skipped
    Site: xxx
    Latency: -00:00:00.0010000
    Secure Access: True
    ConnectionType: Plaintext
    Port: 0
    Latency (ms): -1
    Virtual Directory Name: owa (Default Web Site)
    URL: https://xxx.com/OWA/
    URL Type: External
    Error:
    The test couldn't sign in to Outlook Web App due to an authentication failure.
    URL: https://xxx.com/OWA/
    Mailbox: xxx
    User: extest_xxx
    Diagnostic command: "Test-OwaConnectivity -TestType:External -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true"
    EventSourceName: MSExchange Monitoring OWAConnectivity External
    Knowledge:
    http://go.microsoft.com/fwlink/?LinkID=67336&id=CB86B85A-AF81-43FC-9B07-3C6FC00D3D42
    Computer: xxx
    Impacted Entities (3):
    OWA Service - xxx, xxx - xxx, Exchange
    Knowledge:     View additional knowledge...
    External Knowledge Sources
    For more information, see the respective topic at the Microsoft Exchange Server TechCenter
    Thanks
    MHem

    Hi,
    Based on the error, it looks like an OWA authentication failure.
    Have you tried post this to LYNC forums?
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • ISE internal user authentication failure - user not found

    Hi Forumers'
    I trying to do wireless 802.1x, where identity store using intenral user.
    But i found this error message when i trying to connect
    Authentication failed                                                                                 :
    22056 Subject not found in the applicable identity store(s)
    My authrorization rules is built like this
    identity groups = user identities group / " mygroup"
    condition = no setting
    permissions = standard / PermitAccess
    Question 1
    Any troubleshooting step to do on this?
    Question 2
    For the Authorization rules, what's the condition should set for using Internal User as Identity store?
    Thanks
    Noel

    The error is caused to an authentication failure and is not an issue with authorization
    You need to look at your authentications policy (Policy->Authentications) and see which identity store was authenticated against
    In addition can do the Live Authentications page (Monitor->Authentications) and for the failing record click on the icon under details. This will give you the full details of the requets processing and you can see which rule was matched in the identity policy (Identity Policy Matched Rule) and "Selected Identity Stores".

Maybe you are looking for

  • Photoshop Elements 8 import from Epson Scanner?

    How can I get Photoshop Elements 8 to import from my Epson scanner?  On my previous computer, the scanner just showed up when I selected "Import" under File?  I've spent 2.0 hours with the supposed "tech support" in India and they had no idea.  I've

  • Syncing pictures question

    Since I switched to the iPhone 4, when I do a sync, it does not sync pictures from my camera roll to my PC. It syncs every other folder that I have in "Pictures", but it does not sync Camera Roll to my PC. This may be obvious but not to me. What am I

  • KT4 Ultra Temperature Monitoring

    Why PC Alert 4 shows temperature 3~4 Celcius degrees more than Winbond sensor chip in Motherboard Monitor (MBM) or Bios PC Health? 1. The temperature showed in PC Alert 4 are read from internal Athlon's XP Diode and others are socket temperature? 2.

  • Pictures app

    Problems with pictures app. on Mac. Not possible to copy from pictures to disk. Must drag to disk. The original date and time stamps for the picture changes to the copy date and time. If I do the same from iPhoto, the original date and time stamps wi

  • Pricing for different  material

    Dear sd gurus+                       MY doubt is how can i do configure ,if i have material a,b,c,d+ if customer purchase a material  it is one price,if b along with a price is different price for a  same like others+ can u give idea thanks a lot