Re: CSCvc05190 - Unable to remove or add hosts using a configured SNMPv3 user. - 1

astanovska · ‎05-24-2018

9.8(1) is affected as well. Can't delete SNMP either.

ASA(config)# no snmp-server host inside 1172.16.16.40 version 3 V3ADMIN
ASA(config)# snmp-server host inside 172.16.16.41 poll version 3 ?

configure mode commands/options:
Current available user name(s):
ASA(config)# snmp-server host inside 172.16.16.41 poll version 3 V3ADMIN
^
ERROR: % Invalid input detected at '^' marker.
ASA(config)#
ASA(config)# clear configure snmp-server
ERROR: Configuration request for SNMP user V3ADMIN failed.
Host pollhost.v3.172.16.16.40.2 references user intended for removal.
ERROR: Cannot delete 0000V3ADMIN as it is being used
ERROR: Configuration request for SNMP group V3GROUP failed.
User V3ADMIN references group intended for removal.
ASA(config)# no snmp-server user V3ADMIN V3GROUP v3 engineID 8000000$
ERROR: Configuration request for SNMP user V3ADMIN failed.
Host pollhost.v3.172.16.16.40.2 references user intended for removal.
ERROR: Cannot delete the User V3ADMIN as it is being used by user-list or host command

astanovska · ‎05-24-2018

Quick update: I was able to delete the SNMP config and create new. The "phantom host" was still showing in SNMP config despite being previously deleted.

ASA(config)# show snmp-server host
host ip = 172.16.16.40, interface = inside version 3 V3ADMIN

I created dummy group, associated it with this phantom host, then I was able to successfully remove SNMP configuration and add my desired group.

ASA(config)# snmp-server group DUMMYGROUP v3 priv
ASA(config)# snmp-server user DUMMYUSER DUMMYGROUP v3 auth sha SomeDummyKey pri$
ASA(config)# snmp-server host inside 172.16.16.40 poll version 3 DUMMYUSER
ASA(config)# show snmp-server host
host ip = 172.16.16.40, interface = inside poll version 3 DUMMYUSER
ASA(config)#
ASA(config)# clear configure snmp-server
ASA(config)# show run | in snmp
no snmp-server location
no snmp-server contact
ASA(config)#

Hope it helps somebody.

HW and SW version of my ASA:
ASA(config)# sh ver

Cisco Adaptive Security Appliance Software Version 9.8(1)
Firepower Extensible Operating System Version 2.2(1.47)

Compiled on Wed 10-May-17 15:37 PDT by builders
System image file is "disk0:/asa981-lfbff-k8.SPA"
Config file at boot was "startup-config"

ASA up 74 days 8 hours

Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)

ymoges · ‎06-05-2018

I was able to remove the snmp configuration using the above running 9.9.1

seymourbrown · ‎07-25-2018

Cisco Adaptive Security Appliance Software Version 9.6(3)1 <context>

Hardware: ASA5585-SSP-20

Failover pair.

Did not work for me. It simply changes the name of the group in the failure messages.

Still have pollhosts referenced for original users to be deleted.

Thanks for trying, though.

Kevin Lay · ‎08-19-2019

Worked for me:

Cisco ASA 5506-x with Firepower Services

Version 9.8(1)

Code I used:

snmp-server group testgroup v3 priv
snmp-server user testuser testgroup v3 auth sha testpassword priv aes 256 testpassword
snmp-server host inside 10.10.10.21 poll version 3 testuser
show snmp-server host
clear configur snmp-server
!

the only stumble was "ASA(config)# snmp-server user DUMMYUSER DUMMYGROUP v3 auth sha SomeDummyKey pri$" since the output was cut off just added the "aes 256 testpassword" portion.

seymourbrown · ‎07-25-2018

Did not work for me in failover pair.

Cisco Adaptive Security Appliance Software Version 9.6(3)1 <context>

Hardware: ASA5585-SSP-20

armando.flores · ‎11-30-2018

I entered the following command and it removed the entry:

Switch(config)# no snmp-server host <Source Interface> <IP Address>

example:

no snmp-server host outside 172.16.2.5