DCE appliance attempting to login to SNMP interfaces on APC UPS & PDUs

DCIM_Support · ‎2020-07-03

This question was originally posted on DCIM Support by John Wieczorek on 2017-08-17

The logs on our APC UPS' & PDUs are showing failed login attempts every hour originating from our DCE appliance.
The devices are all providing correct sensor data and there are no scheduled device discoveries - I 'm really curious what process on the DCE appliance is attempting to connect. any ideas?

08/17/2017	08:36:57	System: Detected an unauthorized user attempting to access the SNMP interface from < IP of DCE server>
08/17/2017	08:36:57	System: Detected an unauthorized user attempting to access the SNMP interface from < IP of DCE server>
08/17/2017	08:36:55	System: Detected an unauthorized user attempting to access the SNMP interface from < IP of DCE server>
08/17/2017	08:36:55	System: Detected an unauthorized user attempting to access the SNMP interface from < IP of DCE server>
08/17/2017	08:36:53	System: Detected an unauthorized user attempting to access the SNMP interface from < IP of DCE server>
08/17/2017	08:36:53	System: Detected an unauthorized user attempting to access the SNMP interface from < IP of DCE server>
08/17/2017	08:36:51	System: Detected an unauthorized user attempting to access the SNMP interface from < IP of DCE server>
08/17/2017	08:36:51	System: Detected an unauthorized user attempting to access the SNMP interface from < IP of DCE server>

08/17/2017

07:36:54

System: Detected an unauthorized user attempting to access the SNMP interface from < IP of DCE server>

etc.....

DCIM_Support · ‎2020-07-03

This answer was originally posted on DCIM Support by Cory McDonald on 2017-08-17

John,

Thank you for providing a log of the events. Since this is occurring every hour, this would be priority scanning trying to take place. Priority scanning needs WRITE snmp access to be able to set the Data Center Expert server as the priority scanning trap receiver (not visible via NMC GUI) on the NMC.

Please check the following:

Ensure that priority scanning is causing this: Data Center Expert Desktop Client > Device > SNMP Device Communication Settings > Device Scan Settings > Check the box for the device > Edit Device Scan Settings. The priority scanning checkbox should be checked.

On this same screen you can see the write community string that is defined. Ensure that this is matching a write community string that is defined on the device.

Additional information on priority scanning can be found in the knowledge base: http://www.apc.com/us/en/faqs/FA271584/

Best Regards,

Cory

See Answer In Context

DCIM_Support · ‎2020-07-03

This answer was originally posted on DCIM Support by Steven Marchetti on 2017-08-17

Hi John,

DCE should only use incorrect community names if it was provided with them. Working on just this device to start, take a look at the SNMPdevice communications settings and make sure both read and write community names are correct and match that of the card:

Assuming your normal scans are 5 minutes or so and if this is only happening once an hour, it is possible that the priority scanning option which may try to re-write itself every hour is unable to do so. On the device itself, make sure the community name is not specifically associated with an IP. Perhaps test here as well by unchecking the priority scanning option for a period of an hour or 2 to see if the issue remains.

What version of DCE are you using?

What firmware revision is on this device?

What is this particular device?

How many community names are in use?

Is this SNMP V1 or V3?

Thanks,

Steve

DCIM_Support · ‎2020-07-03

This comment was originally posted on DCIM Support by Steven Marchetti on 2017-08-17

P.S., turning off priority scanning will only allow DCE to alert when it scans the device and not immediately when an issue on the device occurs. That's why it should only be for a test period.

DCIM_Support · ‎2020-07-03