nv-l
[Top] [All Lists]

RE: [nv-l] Authentication failure traps from Windows clients

To: <nv-l@lists.us.ibm.com>
Subject: RE: [nv-l] Authentication failure traps from Windows clients
From: "Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>
Date: Fri, 2 Sep 2005 07:19:12 -0500
Delivery-date: Fri, 02 Sep 2005 13:21:59 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
Thread-index: AcWtkjSEyYzJrmg1SWWJ3k/I2YKohgACrDaQAAcMrhAAH6zHQAAD690gAFvzU3A=
Thread-topic: [nv-l] Authentication failure traps from Windows clients
For grins have you unchecked the Send Authentication Trap box at each agent? That will stop the agent from sending if NV is causing the trouble during a poll. Otherwise it should just be a matter of matching the trap community string at the agent SNMP config versus trapd.conf on AIX. We tried the CIM for AIX plugin years ago as well. You gotta be pulling your hair out with all the different variations/versions of the same trap. Hope you can get that HP SIM server so you only have to deal with updated MIBs in one place.
-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Glen Warn
Sent: Wednesday, August 31, 2005 11:25 AM
To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] Authentication failure traps from Windows clients

No, we only send them to NV (no CIM server here)  We used to have a ported version of CIM for NV AIX but they abandoned it and only make a Solaris (I think) version now.  If I stop the Insight Agent services - my auth failure traps stop!  I am still looking for a fix to this (nothing obvious appeared in my research yesterday)
 
Glen Warn
PEMCO Corporation Computer Services (PCCS)
206-628-5770
 


From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Van Order, Drew (US - Hermitage)
Sent: Wednesday, August 31, 2005 7:30 AM
To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] Authentication failure traps from Windows clients

Your CIM agents send traps to NV as well as the HP SIM server? If so you have my sincerest condolences! We thought about doing this with our servers but HP changes MIBs more often than most and you never know which trap an agent is going to throw depending on the hardware and SSD version. Have you considered just having the SIM server forward traps? We decided to use NetIQ AppManager to scrape CIM events from the event log, but I'm pretty sure you can forward traps.
-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Glen Warn
Sent: Tuesday, August 30, 2005 6:21 PM
To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] Authentication failure traps from Windows clients

Hi Drew,
 
I will definitely check into this but since I've sent this message I've drawn closer (I think) to solving this issue.  As it turns out, the boxes giving me grief all turned out to be HP/Compaq Proliants - running various versions of Insight Manager Agents.  I am trying to unlock the last missing piece of this puzzle by reading up on Insight Mgr.  In the short term, I can either stop the services (not desirable) or temporarily disable the Auth Failure trap until I can ID the issue (the path I'm taking)  Fortunately, it's less than 50 servers.
 
If anyone else has any ideas along these line, they'd be greatly appreciated.
 
Glen Warn
PEMCO Corporation Computer Services (PCCS)
206-628-5770
 


From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Van Order, Drew (US - Hermitage)
Sent: Tuesday, August 30, 2005 1:04 PM
To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] Authentication failure traps from Windows clients

I just finished cleaning something like this up last week. Your Windows servers are sending traps to the NV box and something's not matching so NV is creating authentication traps. You'll be able to poll fine because that's not the issue. Is the NV server trapping itself? In our case it was internal to the NV box and the NV server was trapping itself every 5 seconds. There was a mismatch between snmpd.conf and snmpd.peers. 
 
 
-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Glen Warn
Sent: Tuesday, August 30, 2005 1:40 PM
To: nv-l@lists.us.ibm.com
Subject: [nv-l] Authentication failure traps from Windows clients

Running 7.1.4 FP3 on Redhat AS2.1
I am being bombarded with auth failure traps from some of my Windows 200x servers  (not even a majority).  Odd part is I can do a demand poll and run a sniffer trace at the same time.  I see the poll run successfully (using the appropriate RO community string) then the same server issue an auth failure trap back to Netview (I have all my servers set to do this so I can detect rogue queries)  None of my traces reveal any other boxes trying to run queries (what I had assumed in the beginning)
 
I think this has been happening for a long time (all along?) but just became aware of a big problem because I accidentally hidden from myself thru event configuration (setting to "Don't display or Log") that I used a long time ago to debug something but never reverted. 
 
Any ideas?  I have tried changing the comm strings to something basic, put in a host specific snmp config, etc.  The devices are scattered across 5 different companies and dozens of subnets.
 
In the mean time, I believe this flood of traps is severely hampering Netviews ability to process other traps (because there are so many coming in non-stop)
 
Glen Warn
PEMCO Corporation Computer Services (PCCS)
206-628-5770
 


This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law.  If you are not the intended recipient, you should delete this message.  Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. [v.E.1]
<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web