Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
80811members
346876posts

NMC2 on SmartUPS2200 SNMPv3 "Unauthorized User"

Solved
mdjezierski_apc
Crewman
Crewman
0 Likes
6
263

NMC2 on SmartUPS2200 SNMPv3 "Unauthorized User"

This was originally posted on APC forums on 4/4/2017


Hello APC -

I am having the same issue with a SmartUPS2200SMT with a NMC2 that Adam recently had in his post about a similar issue. However, I am on the latest AOS 6.4.6, sumx 6.4.6 and APC Boot monitor 1.0.8

I use Zabbix as the NMS, and I have 10 other APC devices ranging from SmartUPS 3000 to 8000 with NMC2 on this same AOS, and multiple APC PDU's running the latest firmware without any issues. On the NMC2 with the "unauthorized user" issue, the IP address in the authorized section IS the IP address of Zabbix. In the logs I see multiple lines of "Detected an unauthorized user attempting to access the SNMPv3 interface from w.x.y.z" where w.x.y.z is the IP address of Zabbix. The Zabbix server is single homed, only one IP address assigned to it.

SNMPv1 is DISABLED.

My troubleshooting steps to date:

1. Reset all parameters of the NMC2 to factory default

2. Remove the entry for the SU2200 in Zabbix, clone entry from known working APC device entry and change the target IP to that of the SU2200 NMC

3. Change the SNMPv3 IP range allowed on NMC to 0.0.0.0

4. Used the config.ini to reset the username, authorization password and privacy password, verified in Zabbix and the APC both are using MD5 and DES, which works on all our other APC devices

 


Accepted Solutions
mdjezierski_apc
Crewman
Crewman
0 Likes
0
263

Re: NMC2 on SmartUPS2200 SNMPv3 "Unauthorized User"

This was originally posted on APC forums on 4/17/2017


We performed a background OS update on the Zabbix server and rebooted the NMS. We no longer have the issue with the "unauthorized user" on the NMC2, and we are receiving data in Zabbix.

See Answer In Context

6 Replies 6
BillP
Administrator Administrator
Administrator
0 Likes
0
263

Re: NMC2 on SmartUPS2200 SNMPv3 "Unauthorized User"

This reply was originally posted by Angela on APC forums on 4/5/2017


Hi Michael,

Let me check into this. We recently added support in v6.4.6 for the NMC to be able to report unauthorized attempts for SNMPv3 interface - previously it was only supported for unauthorized v1 attempts. After this was added, I have seen a few issues with SNMPv3 now.

I think you've done all of the proper troubleshooting on it.

Would you be able to get a packet capture of this happening - where? I would like to ask someone else about it and I think they may ask for the packet capture. Let me know if it is feasible.

Also, is Zabbix able to report data successfully from the NMC even with these errors in the log?

Lastly, I will be on vacation until next Tuesday after today but I will try to keep up with this if you can respond back about packet capture. If you're able to get it, I can give you a special email address to send it to so you don't have to post it publicly here.

mdjezierski_apc
Crewman
Crewman
0 Likes
0
263

Re: NMC2 on SmartUPS2200 SNMPv3 "Unauthorized User"

This was originally posted on APC forums on 4/5/2017


I'll set up to do a packet capture this afternoon. If you would pass along that email address I'll send the captures along.

BillP
Administrator Administrator
Administrator
0 Likes
0
263

Re: NMC2 on SmartUPS2200 SNMPv3 "Unauthorized User"

This reply was originally posted by Angela on APC forums on 4/5/2017


OK, thanks. Just let me know what IPs are what and if you have feedback on those other questions. You can include that info in a .txt file that you can also send to the address or here on the forum. SNMPv3_.rg147cvnpf63919e@u.box.com is the email address.. it will go to a Schneider Electric Box folder I've set up.

If the files are too big to go over email, I'll send you an alternative method to upload to this folder via private message.

mdjezierski_apc
Crewman
Crewman
0 Likes
0
263

Re: NMC2 on SmartUPS2200 SNMPv3 "Unauthorized User"

This was originally posted on APC forums on 4/5/2017


I have a packet capture and through additional troubleshooting, I found that unless I turn off MD5/DES or SHA/AES authentication and privacy, I get the "unauthorized user" message. I still have SNMPv3 running and it has a username in place, and I am pulling SNMPv3 data.

Answering the previous question, when I get the "unauthorized user" errors, no SNMP data is passing from the APC and Zabbix NMS.

BillP
Administrator Administrator
Administrator
0 Likes
0
263

Re: NMC2 on SmartUPS2200 SNMPv3 "Unauthorized User"

This reply was originally posted by Angela on APC forums on 4/5/2017


My gut tells me you're experiencing this issue (or another symptom of it): http://www.apc.com/us/en/faqs/FA305661 but instead of seeing it with our SNMP NMS (Data Center Expert), you're seeing it with Zabbix.

With our NMS, we reboot it and the issue goes away but I am not familiar enough with Zabbix to know what the equivalent process would be to reset the SNMPv3 communication parameters and to let communication continue with auth and privacy. I am not aware of anyone else who has seen the issue on something other than Data Center Expert yet, though I figured it was possible.

This issue was caused by a bug in AOS 6.4.6 SNMPv3 discovery so depending on what you're able to do or try, rebooting or resetting Zabbix in some form may fix it. You'd also want to do it after all of your devices have been upgraded to AOS 6.4.6. Another option is that we could try to downgrade the NMC to the previous firmware rev which would fix this also. I don't like suggesting this but it may be easier depending on if you can figure out how to "reboot" Zabbix or reset to allow SNMPv3 communication to be successful again. 

Within our software, even removing and re-adding the device does not work to solve the issue if the device is re-added with the same ID. (I didn't do enough personal testing so I am not 100% sure what ID the SNMPv3 agent ID is identified by in our system or also in Zabbix - IP or maybe SNMPv3 engine ID. I thought maybe if one of those things was changed, deleting and re-adding would work. In Zabbix, not sure if trying this is possible and/or if that means you lose historical data but I imagine so like in our tool.)

mdjezierski_apc
Crewman
Crewman
0 Likes
0
264

Re: NMC2 on SmartUPS2200 SNMPv3 "Unauthorized User"

This was originally posted on APC forums on 4/17/2017


We performed a background OS update on the Zabbix server and rebooted the NMS. We no longer have the issue with the "unauthorized user" on the NMC2, and we are receiving data in Zabbix.