[ZBX-832] SNMP v3 authentication problems after restart of device (router) Created: 2009 Apr 01 Updated: 2017 May 30 Resolved: 2013 Mar 20 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Server (S) |
| Affects Version/s: | 1.6 |
| Fix Version/s: | None |
| Type: | Incident report | Priority: | Major |
| Reporter: | Michael Mertel | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | snmpv3 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Zabbix 1.6.3 Ubuntu 8.04, snmp 5.4.1~dfsg-4ubuntu4.2, Funkwerk Rxxx series router latest firmware |
||
| Issue Links: |
|
||||||||
| Description |
|
After restarting a monitored SNMP device (Funkwerk R1200/R3000 router) via SNMPv3, the monitoring stopped working. The device complained about authentification problems. A tcpdump showed, that the engineTime differs after the restart, and Zabbix is not syncing again, which produces usmStatsUnknownEngineIDs and usmStatsNotInTimeWindows SNMP messages. Zabbix stops monitoring until restart of zabbix-server and reactivating the affected items. Further information can be found in post #17 of http://www.zabbix.com/forum/showthread.php?t=11855&page=2 |
| Comments |
| Comment by Alexei Vladishev [ 2009 Apr 02 ] |
|
We will look at the problem. |
| Comment by Michael Mertel [ 2009 Apr 09 ] |
|
I figured that in checks_snmp.c I'll get an SNMPERR_TIMEOUT after the snmp_synch_response in function get_snmp(). Don't know why it is a timeout, the snmp device gets the SNMPGet and complains about auth. |
| Comment by Aleksandrs Saveljevs [ 2010 Jul 13 ] |
|
This seems to be the same issue as |
| Comment by Michael Mertel [ 2010 Jul 13 ] |
|
I checked and all SNMPv3 devices have their unique EngineID. Modified environment: Ubuntu 10.04, Zabbix 1.8.2, snmp 5.4.1~dfsg-12ubuntu7 |
| Comment by Aleksandrs Saveljevs [ 2010 Jul 13 ] |
|
So we now know that misconfigured devices is not the problem. Thanks! |
| Comment by Pavel Stros [ 2010 Sep 03 ] |
|
Having similar issue at Debian Linux (Squeeze), Zabbix 1.8.2, snmp 5.4.1~dfsg-12. It seems to me that it is related the "T" flag in the protocol because under normal situation the number after "T=" at the "F=apr" packet is the same as in the reply from the device. In broken state the "T=" numbers differ and multiple "F=apr" packets are sent to the SNMP device: tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes { USM B=0 T=0 U= } { ScopedPDU E= C= [|snmp]} } { USM B=0 T=1723607 U= [|snmp]} { ScopedPDU [|snmp]} } 11:16:14.385521 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 160) 10.2.0.17.53200 > 94.199.42.3.161: { SNMPv3 { F=apr } { USM B=0 T=1905964 U=sn [|snmp]} { ScopedPDU [|snmp]} } { USM B=0 T=1905965 U=sn [|snmp]} { ScopedPDU [|snmp]} } |
| Comment by Michael Schwartzkopff [ 2011 Mar 10 ] |
|
Hi, any news on that bug? I it seems that I am hit by this bug also. Setup: SLES 11 SP1, Zabbix 1.8.3. |
| Comment by Oleksii Zagorskyi [ 2013 Mar 18 ] |
|
That's all about |