Troubleshooting Tip: SNMP Error 'failed. errno=-26 (unknown user name)'

spoojary · ‎08-04-2023

Description

This article describes the circumstances behind an error that may appear while running SNMP debugs.

Scope

FortiGate, all firmware.

Solution

Occasionally, the error 'Message authentication or checking failed! Errno=-26 ( unknown username )' appears in the SNMP debug logs when SNMP v3 has been configured.

diagnose debug enable
diagnose debug application snmp -1

After capturing the required logs for troubleshooting, the debug can be disabled or reset to stop or reset the SNMP daemon debugging using the following commands:

diagnose debug disable
diagnose debug reset

Debug output:

2023-07-27 12:25:02 snmpd: <msg> 72 bytes 10.0.3.226:35793 -> 12.233.46.2/12.233.46.2:161 (itf 9.9)
2023-07-27 12:25:02 snmpd: v3 recv parse: packet (72 left)
2023-07-27 12:25:02 snmpd: v3 recv parse: version: 3 (67 left)
2023-07-27 12:25:02 snmpd: v3 recv parse: msgGlobalData (50 left)
2023-07-27 12:25:02 snmpd: data [(15) (02 02 49 5c 02 03 00 ff e3 04 01 04 02 01 03 )(..I\...........)]
2023-07-27 12:25:02 snmpd: v3 recv parse: msgFlags: 0x04
2023-07-27 12:25:02 snmpd: usm recv parse: packet (50 left)
2023-07-27 12:25:02 snmpd: usm recv parse: msgSecurityParameters: sz=16 left=32
2023-07-27 12:25:02 snmpd: usm secparams parse: msgSecurityParameters: sz=14 left=0
2023-07-27 12:25:02 snmpd: data [(14) (04 00 02 01 00 02 01 00 04 00 04 00 04 00 )(..............)]
2023-07-27 12:25:02 snmpd: usm secparams parse: msgUserName: (4 left)
2023-07-27 12:25:02 snmpd: usm scopedpdu parse: scoped PDU sz=32
2023-07-27 12:25:02 snmpd: data [(32) (30 1e 04 00 04 0c 49 6e 74 72 65 70 69 64 53 4e 4d 50 a0 0c 02 02 20 2e 02 01 00 02 01 00 30 00 )(0.....IntrepidSNMP.... .......
0.)]
2023-07-27 12:25:02 snmpd: usm scopedpdu parse: msgData (0 left)
2023-07-27 12:25:02 snmpd: usm scopedpdu parse: msgType: 0xa0 (12 left)
2023-07-27 12:25:02 snmpd: usm scopedpdu parse: b_vars: <>(0) (0 left)
2023-07-27 12:25:02 snmpd: usm scopedpdu parse: no varbinds.
2023-07-27 12:25:02 snmpd: </msg> 1

2023-07-27 12:25:02 snmpd: <msg> 180 bytes 10.0.3.226:35793 -> 12.233.46.2/12.233.46.2:161 (itf 9.9)
2023-07-27 12:25:02 snmpd: v3 recv parse: packet (180 left)
2023-07-27 12:25:02 snmpd: v3 recv parse: version: 3 (174 left)
2023-07-27 12:25:02 snmpd: v3 recv parse: msgGlobalData (157 left)
2023-07-27 12:25:02 snmpd: data [(15) (02 02 49 5b 02 03 00 ff e3 04 01 07 02 01 03 )(..I[...........)]
2023-07-27 12:25:02 snmpd: v3 recv parse: msgFlags: 0x07
2023-07-27 12:25:02 snmpd: usm recv parse: packet (157 left)
2023-07-27 12:25:02 snmpd: usm recv parse: msgSecurityParameters: sz=82 left=73
2023-07-27 12:25:02 snmpd: usm secparams parse: msgSecurityParameters: sz=80 left=0
2023-07-27 12:25:02 snmpd: data [(80) (04 15 80 00 30 44 04 46 47 32 30 30 46 54 39 32 31 39 31 38 36 38 32 02 04 64 18 3f 5a 02 04 00 aa 5b 57 04 07 6d 70 61 70 69 63
32 04 18 d9 54 d1 33 ea f6 64 dc ce 32 cd 48 e7 0c 78 17 63 9f b4 5a df bf 63 7b 04 08 47 bf 05 e6 40 cc 1d d6 )(....0D.FG200FT921918682..d.?Z....[W..mpapic2...T.3..d
..2.H..x.c..Z..c{..G...@...)]
2023-07-27 12:25:02 snmpd: usm secparams parse: msgUserName: mpapic2 (36 left)
2023-07-27 12:25:02 snmpd: usm recv parse: Message authentication or checking failed! user=mpapic2 errno=-26
2023-07-27 12:25:02 snmpd: v3 recv: parse failed. errno=-26 (unknown user name)
2023-07-27 12:25:02 snmpd: </msg> 0

This happens when authentication is not working. Since it is all encrypted, debugs are necessary to find the cause. The cause may be either that FortiGate is not parsing credentials correctly or it is not accepting the algorithm used for encryption.

See the supported encryption/authentication methods for PRTG (search for 'Authentication Method'):
Group Settings | PRTG Manual

The FortiGate supports MD5 and SHA for authentication. AES, DES, AES256, and AES256 (Cisco) are supported for encryption.
This should match whatever is configured on PRTG. Here is the configuration in the FortiGate:

config system snmp user

edit <user>

set auth-proto {md5 | sha}
set prive-proto {aes | des | aes256 | aes256cisco}
end

If the error is still being received after ensuring the methods match on each side, try the following:

Restart the SNMP process:

diagnose test application snmpd 99

Delete the SNMP v3 created on the FortiGate. Configure it again with a different name.
Delete the device from the PRTG and add the device again. Refer to Technical Tip: SNMP v3 connecting to PRTG and adding a custom sensor on PRTG SNMP tool using a FortiGate OID.
Once configured on both sides, test the configuration. The error will no longer appear, and all sensors will work on the PRTG.

Troubleshooting Tip: SNMP Error 'failed. errno=-26 (unknown user name)'

You are leaving our website