Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

Join our "Ask Me About" community webinar on May 20th at 9 AM CET and 5 PM CET to explore cybersecurity and monitoring for Data Center and edge IT. Learn about market trends, cutting-edge technologies, and best practices from industry experts.
Register and secure your Critical IT infrastructure

Detected an unauthorized user attempting to access the SNMP interface

APC UPS Data Center & Enterprise Solutions Forum

Schneider, APC support forum to share knowledge about installation and configuration for Data Center and Business Power UPSs, Accessories, Software, Services.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • APC UPS, Critical Power, Cooling and Racks
  • APC UPS Data Center & Enterprise Solutions Forum
  • Detected an unauthorized user attempting to access the SNMP interface
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
BillP
Administrator BillP Administrator
5060
voidstar_apc
Janeway voidstar_apc
196
Erasmus_apc
Sisko Erasmus_apc
112
TheNotoriousKMP_apc
Sisko TheNotoriousKMP_apc
108
View All

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Solved Go to Solution
Back to APC UPS Data Center & Enterprise Solutions Forum
Solved
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:40 AM . Last Modified: ‎2024-03-13 12:43 AM

0 Likes
10
4617
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:40 AM . Last Modified: ‎2024-03-13 12:43 AM

Detected an unauthorized user attempting to access the SNMP interface

I have a Smart-UPS 2200 which is sending me email notifications about an unauthorized user attempting to access the SNMP interface.  Over the past 12 hours 6199 such emails.  Now I have SNMP Trap receivers configured, and the IP address in question is NOT one of those.  I have two configured.  I am getting this error from my Domain Controller which does NOT have SNMP installed and configured.  Under the DC service settings SNMP Trap is disabled and set to manual.  Under Roles, it is not installed.  I have tried Reset/Reboot Reboot Management Interface, with no success errors still being sent.  I have currently Disabled the email notifications but the logs continue to grow. Any help would be appreciated Thank you! The settings for the UPS under Admin - General - About:

Hardware Factory

Model Number: AP9630
Serial Number: ZA1227004500
Hardware Revision: 05
Manufacture Date: 06/25/2012
MAC Address: 00 C0 B7 96 17 18
Management Uptime:

0 Days 0 Hours 39 Minutes

Application Module

Name: sumx
Version: v5.1.7
Date: Dec 1 2011
Time: 13:01:45

APC OS (AOS)

Name: aos
Version: v5.1.7
Date: Nov 22 2011
Time: 09:53:57

APC Boot Monitor

Name: bootmon
Version: v1.0.2
Date: Jan 21 2010
Time: 13:35:57
Labels
  • Labels:
  • UPS Management Devices & PowerChute Software
  • Tags:
  • attempting
  • snmp
  • unathorized
  • user
Reply

Link copied. Please paste this link to share this article on your social media post.

  • All forum topics
  • Previous Topic
  • Next Topic

Accepted Solutions
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:42 AM

0 Likes
0
4612
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:42 AM

Just  to  share  what  the  issue  ended  up  being,  to  maybe  help  others.  The  DC  spoolsv.exe  was  the  issue.  The  ip  of  the  UPS  was  in  the  range  of  printers  the  DC  searches  for.  Even  though  no  printer  was  set  up  on  the  IP  the  DC  was  still  trying  to  find  one.  Thank  you  Angela  for  your  assistance!

See Answer In Context

Reply

Link copied. Please paste this link to share this article on your social media post.

Replies 10
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:40 AM . Last Modified: ‎2024-03-13 12:43 AM

0 Likes
1
4612
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:40 AM . Last Modified: ‎2024-03-13 12:43 AM

Hi Adam,

Your firmware is a little old as we are several revisions ahead and on to v6.X.X which is a major upgrade from the 5.1.7 you are running. I do not think it is related to the problem but I did want to mention it in case you weren't aware.

With what I know, I also believe that there is something coming from your domain controller that is triggering this and it is not an issue the card is generating the alarms erroneously. There is likely is something trying to do SNMP polling or SNMP something over ports 161/162 versus anything to do with SNMP traps (alerts) which you already checked. Is there potentially some type of SNMP scanner software installed, as opposed to a service running on Windows? Or perhaps any type of penetration scanner like Nessus, Retina, etc that runs on an entire network or subnet that could be probing the IP address of the NMC?

I can tell you at least with this firmware, we know it is SNMPv1 since in this older firmware, SNMPv3 does not trigger these messages (which we fixed that in newer firmware).

Lastly, SNMPv1 is enabled by default. You could check your SNMP settings under Administration->Network menu and adjust the community names and NMS/IP hostname fields to try and filter out any requests outside of the SNMP systems you do actively use. Do you use SNMP polling or just traps/alerts? You could potentially disable some of the SNMP settings as well to just allow SNMP traps.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:40 AM . Last Modified: ‎2024-03-13 12:43 AM

0 Likes
0
4614
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:40 AM . Last Modified: ‎2024-03-13 12:43 AM

Thank you for trying to help me fix this!  I have done the firmware update, and as soon as I activate SNMPv1 with the two severs which have SNMP .30 and .159 I get the error back from the DC which is .96  not on the list for SNMP at all.  If I change it from SNMPv1 to the v3 I no longer get the error.  I have double checked the DC .96 for any and all SNMP setting all are off.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

0 Likes
0
4614
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

I have even added the .96 address into the allow config as read and am still getting the detection

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

0 Likes
0
4614
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

So I have gone back to the DC the SNMP was set to manual, I have completely set it to disable, still have the error.  Attached is the .tar file.  Any and all help is greatly appreciated.  Other than providing the unit with the IP I have no clue what else would be trying to communicate with it from the DC.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

0 Likes
0
4614
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

As  of  this  morning,  I  added  a  rule  on  the  DC  to  block  port  161,  and  now  I  no  longer  receive  the  unauthorised  attempt  log.   However,  I  still  cannot  figure  out  why  this  worked,  or  what  was  looking  on  port  161.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

0 Likes
0
4614
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

Hi Adam - I see in your config.ini that there are IPs set up in the SNMP polling configuration - some 192.168.X.X IPs - do you know what these are? I ask because what I was suggesting would probably not work if you were actively using those because you have to leave those configs enabled to let those devices do SNMP polling.

Anyway, yes, it seems to prove that there is something on your DC that is sending out the requests. Do you have other NMCs on the same network that did NOT show the alarm? Just curious if you could see if there was a security scanner or tool hitting everything on your network trying to do SNMP requests. We have customers that run tools like I mentioned previously that do penetration or intrusion detection type stuff.

If it were me, I would just comb through all running services/programs and see what is there. If you have done all of that, it just seems like there is something that is not obvious or that maybe could be running under another user or something weird like that?

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

0 Likes
0
4613
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:43 AM

Yes  the  two  192.168.X.X  I  know  what  those  are,  Spiceworks  and  Librenms.   I  ran  a  packet  tracker  on  the  DC  which  is  how  I  found  port  161  was  being  used  to  the  unit.   After  blocking  the  port  the  issue  is  gone.   Now  I  need  to  figure  out  what  was  causing  the  DC  to  look  to  the  unit  through  port  161.  At  this  time  I  believe  the  issue  is   on  the  DC  side  not  the  UPS  side.  A  fun  note  I  was  just  told  about  today,  my  boss  changed  the  UPS  IP  address  before  this  issue  started.  Not  sure  how  or  why  that  would  matter  but  fun  cause.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:42 AM

0 Likes
0
4613
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:42 AM

Just  to  share  what  the  issue  ended  up  being,  to  maybe  help  others.  The  DC  spoolsv.exe  was  the  issue.  The  ip  of  the  UPS  was  in  the  range  of  printers  the  DC  searches  for.  Even  though  no  printer  was  set  up  on  the  IP  the  DC  was  still  trying  to  find  one.  Thank  you  Angela  for  your  assistance!

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:42 AM

0 Likes
0
4613
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-06-29 05:41 AM . Last Modified: ‎2024-03-13 12:42 AM

Hi Adam - thanks for the update and letting me/us know what you found. Have a great weekend!

Reply

Link copied. Please paste this link to share this article on your social media post.

SESA621565
SESA621565 Cadet
Cadet

Posted: ‎2025-04-09 02:38 AM

In response to BillP
0 Likes
0
220
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2025-04-09 02:38 AM

Hello, we face problem like all UPS in Ecostruxureit gateway network found log like "unauthorized user attempting to access the SNMP interface" via unknown IP. 

Screenshot 2025-04-09 163615.jpg

Reply

Link copied. Please paste this link to share this article on your social media post.

Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of