question

mksadique avatar image
0 Votes"
mksadique asked CyrAz answered

SCOM 2019 SNMPv3 Network Discovery of Juniper EX Switch returning "No response SNMP"

Dear fellow SCOM Users,

We are evaluating SCOM 2019 to monitor our network/server environment. We started with the deploying SCOM 2019 using .VHD file.

We configured our Juniper EX switch for SNMP v3 (Auth: SHA , Priv: AES) and started a network discovery using discovery wizard. We configured Discovery rule with ICMP and SNMP and Run as account for SNMP v3 explicit discovery.

The discovery finishes with Success but puts the device IP in "Network device pending management".

Running trace on both the Juniper switch and SCOM server reveals that there is communication between the two however, no device is being added to Network Devices.

From the network scan, it turns out that "get-request" is being sent from SCOM and the switch responds with "report" using "generic" OIDs. See attached screenshot of WireShark.

We suspect that we may not have the right "management pack" for Junipers and the discovery does not cross reference the correct OIDs that Juniper Switch is expecting. Since we're new to SCOM, it may be something else that we are missing in our discovery.

Any help with this would be great. Thank you for your time.

115379-scom-juniper-snmpv3-discovery.jpg


msc-operations-manager
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CyrAz avatar image
0 Votes"
CyrAz answered

No specific management pack is required to successfully discover a network device. They come into play afterwards, to define what is monitored and how.

However, 1.3.6.1.6.3.15.1.1.5 stands for usmStatsWrongDigests counter, which represents "The total number of packets received by the SNMP
engine which were dropped because they didn't
contain the expected digest value."

Said otherwise, there is something the juniper device doesn't like in what's scom sending to it. Are you 100% sure of the auth and priv?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mksadique avatar image
0 Votes"
mksadique answered

Hi @CyrAz, We are certain that we're providing the correct passwords for SHA and AES.

We also used a 3rd party SNMPWalk tool which is returning similar message: "%Received a report pdu from remote host: Authentication failure (SNMPv3)" with WireShark seeing two "report" OIDs from the switch: 1.3.6.1.6.3.15.1.1.4.0 and 1.3.6.1.6.3.15.1.1.5.0.

It seems that the issue may not be with SCOM. However, we were hoping that someone in this community have setup SNMPv3 with Juniper devices and may have a clue as to what we're doing wrong.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CyrAz avatar image
0 Votes"
CyrAz answered

Well in that case you'll probably have more luck with juniper support or a juniper-oriented forum, I guess

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.