Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84653members
354001posts

False Positive Alert - "Detected an unauthorized user attempting to access the SNMP interface"

APC UPS Data Center & Enterprise Solutions Forum

Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.

Solved
Brannen_apc
Crewman
Crewman
0 Likes
2
405

False Positive Alert - "Detected an unauthorized user attempting to access the SNMP interface"

This was originally posted on APC forums on 2/23/2016


I have googled for this message, and searched the forum, and have repeatedly found the question - but don't see a resolution.  The system is reporting an unauthorized user attempting to access the SNMP interface from my NMS (SolarWinds) IP - 10.29.161.149.  Any other suggestions besides changing community strings?

I have changed the snmp community string on both sides, and SolarWinds is able to successfully test to the UPS.

SolarWinds NMS successful SNMP test

Yet, every time it self tests, I get deluged with warning messages.

  DateTimeUserEvent
 02/23/2016 09:28:22 System Detected an unauthorized user attempting to access the SNMP interface from 10.29.161.149
 02/23/2016 09:28:19 System Detected an unauthorized user attempting to access the SNMP interface from 10.29.161.149
 02/23/2016 09:28:19 System Detected an unauthorized user attempting to access the SNMP interface from 10.29.161.149
 02/23/2016 09:28:17 System Detected an unauthorized user attempting to access the SNMP interface from 10.29.161.149
 02/23/2016 09:28:17 System Detected an unauthorized user attempting to access the SNMP interface from 10.29.161.149

Despite being configured to be allowed and expected:

Access Control
 Community NameNMS IP/Host NameAccess Type
xxxxxxxxxxxx 10.29.161.149 Read
yyyyyyyyyyyy 10.29.161.149 Write

Model: Smart-UPS SRT 3000
SKU: SRT3000RMXLT
Serial Number: QS1538340125
Firmware Revision: UPS 04.9 (ID1010)
Manufacture Date: 09/14/2015
 
Apparent Power Rating: 3000 VA
Real Power Rating: 2700 W
 
Battery SKU: APCRBC152
Attachments
Tags (2)

Accepted Solutions
jantonelli_apc
Crewman
Crewman
0 Likes
0
407

Re: False Positive Alert - "Detected an unauthorized user attempting to access the SNMP interface"

This was originally posted on APC forums on 3/17/2018


I have the same issue with a number of my APC manager cards. 

I have confirmed the community string and IP address of querying Solarwinds Collector Servers are correct, but i still get alerts each time my Solarwinds server query the APC management cards and is making my alerting less valuable with each barrage of false positives.  If there a known fix?

I would prefer not to remove this alert option from my APC management card.

See Answer In Context

2 Replies 2
BillP
Administrator Administrator
Administrator
0 Likes
0
407

Re: False Positive Alert - "Detected an unauthorized user attempting to access the SNMP interface"

This reply was originally posted by Angela on APC forums on 2/24/2016


Hi Brannen,

Is this the only Network Management Card you have? If not, do others not display this message?

Another thought I had was, would you be able to do a quick packet capture and see if you could see a problem?

How often are the invalid access attempts logged? I can check myself if you could provide the full log files for me to check..instructions here -> http://www.schneider-electric.us/en/faqs/FA156131 (The .tar file would be good.) You can sanitize the files if you want but some of the information I imagine you would sanitize would need to be confirmed because it could cause this issue.

From your screenshot, everything looks OK. I'll have to assume though you have the right IP put into solarwinds and vice versa.

I am not aware of this being a problem without it being legitimate so if you can run a packet capture from the solarwinds machine while the issue is happening, maybe we could see the request and what is going through. I imagine there is no other SNMP polling tool on your solarwinds box?

jantonelli_apc
Crewman
Crewman
0 Likes
0
408

Re: False Positive Alert - "Detected an unauthorized user attempting to access the SNMP interface"

This was originally posted on APC forums on 3/17/2018


I have the same issue with a number of my APC manager cards. 

I have confirmed the community string and IP address of querying Solarwinds Collector Servers are correct, but i still get alerts each time my Solarwinds server query the APC management cards and is making my alerting less valuable with each barrage of false positives.  If there a known fix?

I would prefer not to remove this alert option from my APC management card.