Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1447
Views
0
Helpful
3
Replies

TMS Rogue System Found message

Anthony Thomson
Level 3
Level 3

‎08-03-2011 08:41 AM - edited ‎03-17-2019 10:24 PM

What does it mean if TMS reports a Rogue System Found, but that systems is actually a Windows-based PC?  What software would be running on that PC to make it respond as if it's an endpoint to TMS's SNMP broadcast?  I don't see anything running on it that appears obvious to me--Polycom PVX, or perhaps Skype or something of that nature.

Also, why do certain OCS servers get discovered as a Radvision Gatekeeper?

Labels:
0 Helpful
3 Replies 3

Martin Koch
VIP Alumni
VIP Alumni

‎08-03-2011 02:25 PM

Hi Anthony!

In most scenarios I saw more trouble with the snmp boradcast detection then it helped me.

Often multicast is not enabled and braodcast requests are not routed to prevent

smurf attacks, so the only thing which is often detected wrongly discovered servers within the

same network then the TMS, ...

I prefer to set the DHCP option 242 so endpoints can discover the TMS or just manualy

set the TMS address on the endpoint, so that they show up as a auto discovered endpoint.

Is there anything which prevents you from disabling this option?

It seems that some systems answer in the same way then a Radvision GK is doing, so either

its to generic or whatever. I think it were mainly HP Server ELO cards, ...

You can also use a different community string then your other systems, or tell the other admins

on changing it from public/private to something different.

An other point can be that the system is sending traps to the TMS (which I could guess could also

be via broadcast). There is a KB article about that:

http://www.tandberg.com/support/video-conferencing-knowledge-base/faq-products/cisco-telepresence-management-suite-12/automatic-system-discovery-disabled-cisco-telepresence-management-suite-cisco-tms-notification-email-rogue-systems-why-233.jsp?searc...

Martin

Please vote answers and set them to answered if they are.

Please remember to rate helpful responses and identify

0 Helpful

Anthony Thomson
Level 3
Level 3
In response to Martin Koch

‎08-04-2011 08:06 AM

The only thing that prevents me from disabling the option is curiousity.  I'd really like to know why a desktop PC is being detected as an endpoint, and an OCS server as a Radvision GK.  :-)

Thanks for the link; I'd already looked at that KB article, and didn't really find it terribly informative.

0 Helpful

Martin Koch
VIP Alumni
VIP Alumni
In response to Anthony Thomson

‎08-04-2011 04:36 PM

So if this is the only thing what stops you, fire up wirehark, take a look at the dump, it will most likely

show you something like what was written before, a mix of direct or broadcasted traps from systems which

will show up on tms, and then vice versa broadcast snmp requests from TMS which will trigger systems to

answer with a quite generic response.

You might want to open a TAC case for this which does not lead to anything.

At least this is what I did and what underlined my thought of not seeing a benefit in our deployments and

better disable it :-)

Please remember to rate helpful responses and identify

0 Helpful
Customers Also Viewed These Support Documents