RE: [nv-l] Authentication failure traps from Windows clients

To:	<nv-l@lists.us.ibm.com>
Subject:	RE: [nv-l] Authentication failure traps from Windows clients
From:	"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>
Date:	Tue, 30 Aug 2005 15:04:07 -0500
Delivery-date:	Tue, 30 Aug 2005 21:06:01 +0100
Envelope-to:	nv-l-archive@lists.skills-1st.co.uk
Importance:	normal
Reply-to:	nv-l@lists.us.ibm.com
Sender:	owner-nv-l@lists.us.ibm.com
Thread-index:	AcWtkjSEyYzJrmg1SWWJ3k/I2YKohgACrDaQ
Thread-topic:	[nv-l] Authentication failure traps from Windows clients

I just finished cleaning something like this up last week. Your Windows servers are sending traps to the NV box and something's not matching so NV is creating authentication traps. You'll be able to poll fine because that's not the issue. Is the NV server trapping itself? In our case it was internal to the NV box and the NV server was trapping itself every 5 seconds. There was a mismatch between snmpd.conf and snmpd.peers.

-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Glen Warn
Sent: Tuesday, August 30, 2005 1:40 PM
To: nv-l@lists.us.ibm.com
Subject: [nv-l] Authentication failure traps from Windows clients

Running 7.1.4 FP3 on Redhat AS2.1

I am being bombarded with auth failure traps from some of my Windows 200x servers (not even a majority). Odd part is I can do a demand poll and run a sniffer trace at the same time. I see the poll run successfully (using the appropriate RO community string) then the same server issue an auth failure trap back to Netview (I have all my servers set to do this so I can detect rogue queries) None of my traces reveal any other boxes trying to run queries (what I had assumed in the beginning)

I think this has been happening for a long time (all along?) but just became aware of a big problem because I accidentally hidden from myself thru event configuration (setting to "Don't display or Log") that I used a long time ago to debug something but never reverted.

Any ideas? I have tried changing the comm strings to something basic, put in a host specific snmp config, etc. The devices are scattered across 5 different companies and dozens of subnets.

In the mean time, I believe this flood of traps is severely hampering Netviews ability to process other traps (because there are so many coming in non-stop)

Glen Warn

PEMCO Corporation Computer Services (PCCS)

glen.warn@pemcocorp.com

206-628-5770

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. [v.E.1]

<Prev in Thread]	Current Thread	[Next in Thread>
[nv-l] Authentication failure traps from Windows clients, Glen Warn RE: [nv-l] Authentication failure traps from Windows clients, Van Order, Drew \(US - Hermitage\) <= RE: [nv-l] Authentication failure traps from Windows clients, Evans, Bill RE: [nv-l] Authentication failure traps from Windows clients, Glen Warn RE: [nv-l] Authentication failure traps from Windows clients, James Shanks RE: [nv-l] Authentication failure traps from Windows clients, Van Order, Drew \(US - Hermitage\) [nv-l]ways to indicate the change in status of object?, Swapna Prasad RE: [nv-l] Authentication failure traps from Windows clients, Glen Warn

Previous by Date:	Re: AW: [nv-l] ICMP only, James Shanks
Next by Date:	Re: AW: [nv-l] ICMP only, reamd
Previous by Thread:	[nv-l] Authentication failure traps from Windows clients, Glen Warn
Next by Thread:	RE: [nv-l] Authentication failure traps from Windows clients, Evans, Bill
Indexes:	[Date] [Thread] [Top] [All Lists]