Recieving AuthenticationFailure or Timeout when using SNMP with Digital Sentry

Issue

Authentication is failing

Product Line

Pelco Video Management

Environment

Digital Sentry 

DSSRV

SNMP

Cause

There are 2 ways that Authentication can fail:

  1. The SNMP Agent recieves a request with an incorrect community name.
  2. SNMP request is from a host not on the accepted hosts list.

Resolution

If your SNMP managment software is timing out, you can check to see if there is an authentication failure.

  1. Go to Services, right click the SNMP Service, click on Properties.
  2. Click on the Security tab and ensure that the "Send authentication trap" checkbox is checked. With this checked, a packet will be sent back to the trap destination when authentication fails.
  3. Start a wireshark capture on the client running the SNMP management software and walk the SNMP tree.
  4. Filter for SNMP to only show SNMP packets.
  5. FInd the response from the SNMP agent and open up the trap information. If the issue is an Authentication Failure you will see a message like below:
  6. Once you have confirmed the issue is an authentication failure, you now have 2 things to check.
  7. Ensure that the community name is correct. Capitalization matters.
  8. Ensure that the Host you are sending the SNMP request from is listed in the accepted Hosts in the Security tab for the Properties of the SNMP service. For testing purposes you can set the SNMP service to accept requests from any host.