I have a network running Windows 2008 R2 and Windows 7 64 Bit. All systems are fully patched. For some reason a few months ago my SNMP Manager started displaying Authentication Error trap messages. I see this trap being generated, randomly, on almost every machine on my network, at least the workstations. Some machines more than others. My SNMP manager is running on a .205 address. Earlier this machine started generating the Trap error so I ran a trace and the communication is between my server running SNMP Manager, .205 and a second server .78 which is running SolarWinds Orion. I double checked the SNMP settings on the two servers and everything is correct. Weird thing is the message will appear for a while, then stop. Move to different machines etc. there appears to be no pattern to it. Can anyone point my in the right direction to look. I could open a ticket with Solarwinds but I prefer to try first on my own. I can post the trace file if that helps. Thanks in advance. Robert Mezzone asked 25 Jun '14, 09:27  rgm34 |
One Answer:
I cannot see any reason for the traps in the capture files. So, it's either something you did not capture or related to a local problem on .205. I suggest to check the logs (event logs) on that system. Try to find something close to the time stamps of the traps. Maybe you'll find something that is related (somehow). Regards answered 25 Jun '14, 11:49  Kurt Knochner ♦ |
I'm sorry but I'm confused. Who exactly is sending the SNMP traps to whom?
If 1.) why did you mention .78?
If 2.) why did you mention 'all' clients?
Furthermore: Are those traps about Windows authentication problems of the clients, or are you talking about SNMP error messages because of SNMPv3 authentication problems?
Is it possible to post a sample capture file somewhere (google drive, dropbox, cloudshark.org)?
That makes two of us :-)
In the trace the source is .205 and the destination is .78.
The trace file reports the following
generic-trap: authenticationFailure (4)
I'm running SNMP v2.
I mentioned all clients because at some point during the course of a day, most but not all clients are reporting the Authentication Failure error in my SNMP Manager. It's very random. For instance, this has been happening for a couple of months. For the first time, my computer reported the Authentication Failure for the first time. It happened for an hour or so and that was it, hasn't happened again.
I will try and post the trace file to cloudshark.org, haven't used the service.
Robert
I posted the capture file to a OneDrive account. Thank you for your help with this.
https://onedrive.live.com/?cid=949862ff5b8a7a62&id=949862FF5B8A7A62!107&Bsrc=Share&Bpub=SDX.SkyDrive&authkey=!AoN8QwkLEE0IvwQ
@rgm32
Your "answers" have been converted to comments as that's how this site works. Please read the FAQ for more information.
If the community name or access permission is incorrect, and the SNMP service has been configured to send an authentication trap, the agent sends an “authentication failure” trap to the specified trap destination.One notable point is that all traps with Authentication Failure error has SNMP Version set as 1.Could not relate this with error messages but you can search.