topic Re: Login Attempts in Server Management - Systems Insight Manager

Login Attempts

Lisa Paxton — Mon, 22 Feb 2010 16:32:41 GMT

Hello,

Our SIM server is sending login requests to our gateways and alteons although their IP's are not in the discovery scope, under All Systems nor is the discovery job enabled. I cannot see where the setting is for it to be sending these login attempts, please could someone assist?

Re: Login Attempts

Hobbes_2 — Mon, 22 Feb 2010 17:03:23 GMT

My guess is that some IP that your appliances are hosting is in the list. A NAT maybe or secondary IP. Are you trying to monitor a Web Farm through these appliances? In any case, you can stop the login attempts by clearing out any global sign-in credentials in SIM. Of course this will require that you put host sign-in credentials on any other IP that you want to monitor that happen to be using those global credentials.

Re: Login Attempts

Lisa Paxton — Mon, 22 Feb 2010 17:15:23 GMT

Thank you for your response. Does that mean I have to add thsoe credentials to every System? We have over 300 so that would nto be practical for us

Regards
Lisa

Re: Login Attempts

Hobbes_2 — Mon, 22 Feb 2010 17:22:40 GMT

Yes. But you can create a scheduled task to push them to a specific group of systems based on filters and schedule that job to run at certain intervals. Options->Security->Credentials->System Credentials

Re: Login Attempts

Lisa Paxton — Tue, 23 Feb 2010 11:47:32 GMT

Thank you, when I delete the Global Credentials do I select "Delete the global credentials and any working references to them. To reestablish communications using other credentials, you must re-run discovery or identification on those systems" or "First copy any referenced global credentials so they become the system credentials of any system that uses them, then delete the global credentials. This option will preserve communications with those systems"

Re: Login Attempts

Hobbes_2 — Tue, 23 Feb 2010 15:52:19 GMT

It would be easiest on you to do the copy. But you would still have the login attempts. You would have to find the managed IP that SIM is using to attempt logins and manually remove the credentials there when you were done.

Re: Login Attempts

Lisa Paxton — Thu, 04 Mar 2010 11:29:34 GMT

Hi There,

Please could you provide me with more info re "You would have to find the managed IP that SIM is using to attempt logins and manually remove the credentials there when you were done" I am not sure what you mean by finding the Managed IP that SIM is using

Regards

Re: Login Attempts

Hobbes_2 — Thu, 04 Mar 2010 16:33:03 GMT

Any system that SIM is monitoring is a managed system. In your list of managed systems, one or more of them are associated to your network devices that are getting these logon attempts. They either refer to secondary IP addresses or web farm IPs or load balanced IPs...something. So when SIM tries to manage these IPs, it tries to log into them with the credentials that it has stored, in the global credentials settings. If you remove these global credentials but copy them to the existing managed systems, it won't solve anything. You have to find the managed IP entry in SIM that it is using to contact these appliances and manually remove these credentials.

You could also choose not to copy the credentials and that will solve your problem immediately. It may also create a new problem where previously managed system can no longer be managed because they don't have credentials matched up to them. In that case you would have to manually set up credentials on those systems.

Re: Login Attempts

Lisa Paxton — Thu, 04 Mar 2010 17:02:28 GMT

ok thanks for the update, I will trawl through the systems and try to find it. Over 300 mind so may be a bit of a nightmare..wish me luck!

Re: Login Attempts

Hobbes_2 — Thu, 04 Mar 2010 17:11:31 GMT

You might be able to get more detail about the exact IP being used by looking in the logs of your appliances instead of SIM. Good luck.