cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3863
Views
10
Helpful
29
Replies

Auth Failure Traps

baotran09
Level 1
Level 1

After i changed snmp strings on our network devices , I see a list of devices with Auth Failure Traps on Syslog server.

Ive check the snmp credential strings on CW for each device and they're correct.

This is the error message on my syslog server:

mm-dd-yyyy    11:23:16    Local0.Info    10.1.1.1    10.1.1.2.150 4 0  Authentication failure 10.1.1.254(CiscoWorks) 1 10.1.1.254(CiscoWorks)

This message wasnt there before i re-new the snmp community string. After I chnage the snmp string on my routers and switches, I a lots of traps on my syslog server.

How can I stop this?

Thank you for your help

Thanks

29 Replies 29

I've applied the patch and rebooted the server but the auth failure re-appeared.


C:\Program Files\CSCOpx\bin>perl CSCtb87449-0.pl

The patch is getting installed.....

The CiscoWorks Daemon Manager service is stopping..
The CiscoWorks Daemon Manager service was stopped successfully.

The CiscoWorks Daemon Manager service is starting.
The CiscoWorks Daemon Manager service was started successfully.


Generating the information file for the patch
Patch Installation was successful...

I notice that after rebooting the server, the auth failure went away for a few minutes, so its definitely the CW server that sending out uneccessary polling!

Attached is the server processes.

Is there another patch?

Thanks


If you shutdown Daemon Manager, is the server still polling these devices?

Prior the reboot the CW server, when I shutdown daemon, I can still see the polling.

Now when I shutdown daemon, the polling stopped.

When I re-enable daemon, polling starts again.

Ive atatched the server processes when daemon enabled and disabled.

Thanks Joe,

To be clear, the polling is generating authFail traps still, or are the devices being polled with the correct SNMP credentials, and you just want polling to stop?

Hi Joe,

Yes, the polling is still generating  authFail traps.

Yes, the devices being polled with the  correct SNMP credentials.

Yes I want the polling to  stop.

There are many cwjava.exe and sm_server.exe process when Daemon is enabled. Is this normal?

Can you see any issues with the server processes.

Polling with the correct credentials will not cause authFailures.  If you want the polling to stop altogether, just remove the devices in question from DCR.  Yes, when Daemon Manager is running, there should be four sm_server processes, and quite a few cwjava processes.

How do I verify whether the device has correct credentials apart from running one rme snmp credential checks?

Attached is the authentication error on kiwi syslog (1- kiwisyslog error.JPG)

When i verified the snmp credential check the read., write and ssh are all oK. 2 - snmp credential verified on RME.JPG

I want to stop all polling on ciscoworks, can you give me a list of the polling availbe on CW?

If you remove the devices from DCR, and stop running Common Services Discovery, nothing in LMS will poll the devices.  Periodic polling is available from Common Services (with Discovery and DCR device status polling), RME, DFM, Campus, IPM, and HUM.  But all of those apps feed off of DCR to determine what devices to poll.

Can you direct me to a link so I can download and upgrade the latest software for all of my CW apps?

What versions of the LMS applications do you currently have installed?

I'd like to upgrade all the apps to the latest/stable version, could you

please advise?

Name                                             Version   
CiscoWorks Common Services        3.3.0   
Campus Manager                            5.2.0   
CiscoView                                      6.1.9   
CiscoWorks Assistant                     1.2.0   
Device Fault Manager                      3.2.0   
Internetwork Performance Monitor     4.2.0   
Integration Utility                            1.9.0   
LMS Portal                                    1.2.0   
Resource Manager Essentials        4.3.1

Thanks Joe

Hi Joe,

The root cause of authentication failure messages was due to dfmserver. When I stop it, the message disappeared.

Process:DfmServer
Path:C:\PROGRA~1\CSCOpx\objects\smarts\bin\CS_sm_server.exe
Flags:
Startup:Started automatically at boot.
Dependencies:DfmBroker

Before applying the patch, when I shutdown dfmserver, I could still see the polling. After applying the patch, the polling stop.

There are only 2 patches for DFM. I have also applied fix CSCta56151.

Patches installed

Patch NameVersionInstalled Date
CSCtb87449-0002 Mar 2010, 11:28:07 WST
CSCta56151-0004 Mar 2010, 14:18:46 WST

Any more tips Joe?

Joe Clarke
Cisco Employee
Cisco Employee

No, there is no known issue here.  It could be that when you changed the community strings in DCR, DFM was not updated (because of the bug you were encountering previously).  Remove the devices which are generating the authFail from DFM.  Make sure that DfmServer and DfmServer1 are running when you do this.  Then, re-add them, and that should hopefully sync everything.  DFM will still be polling the devices, but the authFail messages should stop.

Thanks Joe, you're a legend.

The errors have gone. I had to reinitialize the dfm db.

Review Cisco Networking for a $25 gift card