Showing results for 
Search instead for 
Did you mean: 

Cisco Community Designated VIP Class of 2020


SnS Syslog Question (Authentication)

Hello all,

i would like to troubleshoot the SnS authentication for some users which fail to authenticate on our SnS portal.

we are using the ldap authentication and for the majority of our users the authentication is performed succesfully.

I have generated the syslog from the sns appliance but dont know exactly where to look at!

Any advice?

Thanking you                        

Everyone's tags (3)

SnS Syslog Question (Authentication)

I would recommend opening a TAC service request for troubleshooting since the logs are not always very descriptive.

However if you would like to investigate on your own.

Please refer to the following steps :

1) Change the logging level to "DEBUG" , Have the user (who is failing authentication) log in the DMM, Once the authentication fails, Generate the sysreport.

2) Offload the sysreport from the Device.

3) Set the logging level to either ERROR or INFO.

4) Extract the syslog and analyze the following:


Hope this helps.


Sagar Dhanrale


SnS Syslog Question (Authentication)

Hello Sagar and thanks for your reply.

Indeed i did a research within the catalina.out file and i can confirm that is a mess :-)

Though, i managed to figure out that whenever an authentication fails there is an output simillar to this:

User token is: null , and vice versa  User token is: ST-5039-9J-xxxxxxxxxxxx .

Though, i just cannt figure out the reason why the authentication fails. Is there any other message that indicates the reason? Maybe is in numeric form?

Thanking you


SnS Syslog Question (Authentication)

It is difficult to give a root cause just by looking at the log snippet, I recommend the following checks before opening a TAC case.

1) Find out what is different between the working and non-working USER accounts on the Active directory side.

2) Find out the similarity between the non-working accounts.

3) Do all the non-working user accounts have First Name, Last Name, Email address and valid account login name ?

4) All all the non-working users on the DMM marked active in the DMM ?

5) Are all the non-working users belonging to a particular OU ?

6) Were debugs enabled before collecting syslogs ?

If none of the above help, I would recommend opening a TAC case and investigate this further.


Sagar Dhanrale

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here