<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
IMS (identity management system) traces in RTMT give some insight but
even those are lacking:<br>
<br>
CSCsj66480&nbsp;&nbsp;&nbsp; Login attempts for CCMAdmin, DRS, and Serv do not display
interface name <br>
<br>
"interface name" basically means if the auth request comes from CTI,
ccmuser, ccmadmin, etc.<br>
<br>
/Wes<br>
<br>
<br>
On Tuesday, September 29, 2009 4:37:21 PM, Tim Reimers
<a class="moz-txt-link-rfc2396E" href="mailto:treimers@ashevillenc.gov">&lt;treimers@ashevillenc.gov&gt;</a> wrote:<br>
<blockquote
 cite="mid:F3B7C0E8920C414E943AFBF3577D95D912A884C7@coa-exchange2k3.asheville.local"
 type="cite">
  <meta http-equiv="Content-Type" content="text/html; ">
  <meta content="MSHTML 6.00.6000.16890" name="GENERATOR">
  <div dir="ltr" align="left">&nbsp;</div>
  <div dir="ltr" align="left">&nbsp;</div>
  <div dir="ltr" align="left">&nbsp;</div>
  <div dir="ltr" align="left">Number of AuthenticationFailed events
exceeds 1 within 1 minutes. The alert is generated on Tue Sep 29
11:11:27 EDT 2009 on cluster CM1-Cluster. </div>
  <div>&nbsp;</div>
  <div align="left">&nbsp;</div>
  <div align="left"><span class="771255318-29092009"><font face="Arial"
 size="2">Does anyone know where a Cisco document is on how to use
traces to find that?</font></span></div>
  <div align="left"><span class="771255318-29092009"></span>&nbsp;</div>
  <div align="left"><span class="771255318-29092009"><font face="Arial"
 size="2">I've looked in various trace lots in RTMT, but I cannot
figure out the right trace (callmanager, system, SDI, etc) to be
looking for.</font></span></div>
  <div align="left"><span class="771255318-29092009"></span>&nbsp;</div>
  <div align="left"><span class="771255318-29092009"><font face="Arial"
 size="2">I can find plenty of references telling me that it's an
authentication failure</font></span></div>
  <div align="left"><font face="Arial" size="2"><span
 class="771255318-29092009">( eg <a moz-do-not-send="true"
 href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/7_0_1/rtmt_master/rtalsys.html">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/7_0_1/rtmt_master/rtalsys.html</a>)</span></font></div>
  <div align="left"><font face="Arial" size="2"><span
 class="771255318-29092009"></span></font>&nbsp;</div>
  <div align="left"><font face="Arial" size="2"><span
 class="771255318-29092009">But that document provides -no- assistance
in learning how to track down more details about what's going on.</span></font></div>
  <div align="left">&nbsp;</div>
  <div align="left"><font face="Arial" size="2"><span
 class="771255318-29092009">This really doesn't tell me what to DO
about it.</span></font></div>
  <div align="left"><font face="Arial" size="2"><span
 class="771255318-29092009">
  <h2 class="p_H_Head1">AuthenticationFailed </h2>
  <a moz-do-not-send="true" name="wp1013664"></a>
  <p class="pB1_Body1">Authentication validates the user ID and
password that are submitted during log in. An alarm gets raised when an
invalid user ID and/or the password gets used. </p>
  <a moz-do-not-send="true" name="wp1013665"></a>
  <p class="pBl_BlockLabel">Default Configuration </p>
  <a moz-do-not-send="true" name="wp1013666"></a>
  <div align="left">
  <table id="wp1014574table1014572" border="1" bordercolor="#808080"
 cellpadding="3" cellspacing="0" width="80%">
    <caption><a moz-do-not-send="true" name="wp1014574"></a>
    <p class="pTC_TableCap">Table&nbsp;D-1 Default Configuration for the
AuthenticationFailed RTMT Alert&nbsp; </p>
    </caption> <tbody>
      <tr align="left" valign="bottom">
        <th scope="col"><a moz-do-not-send="true" name="wp1014578"></a>
        <div class="pCH1_CellHead1">Value </div>
        </th>
        <th scope="col"><a moz-do-not-send="true" name="wp1014580"></a>
        <div class="pCH1_CellHead1">Default Configuration </div>
        </th>
      </tr>
      <tr align="left" valign="top">
        <td><a moz-do-not-send="true" name="wp1014582"></a>
        <p class="pB1_Body1">Enable Alert </p>
        </td>
        <td><a moz-do-not-send="true" name="wp1014584"></a>
        <p class="pB1_Body1">Selected </p>
        </td>
      </tr>
      <tr align="left" valign="top">
        <td><a moz-do-not-send="true" name="wp1014586"></a>
        <p class="pB1_Body1">Severity </p>
        </td>
        <td><a moz-do-not-send="true" name="wp1014588"></a>
        <p class="pB1_Body1">Critical </p>
        </td>
      </tr>
      <tr align="left" valign="top">
        <td><a moz-do-not-send="true" name="wp1024208"></a>
        <p class="pB1_Body1">Enable/Disable this alert on the following
servers </p>
        </td>
        <td><a moz-do-not-send="true" name="wp1024210"></a>
        <p class="pB1_Body1">Enabled on listed servers </p>
        </td>
      </tr>
      <tr align="left" valign="top">
        <td><a moz-do-not-send="true" name="wp1014590"></a>
        <p class="pB1_Body1">Threshold </p>
        </td>
        <td><a moz-do-not-send="true" name="wp1014592"></a>
        <p class="pB1_Body1">Number of AuthenticationFailed events
exceeds: </p>
        <a moz-do-not-send="true" name="wp1014763"></a>
        <p class="pB2_Body2">1 time in the last 1 minute </p>
        </td>
      </tr>
      <tr align="left" valign="top">
        <td><a moz-do-not-send="true" name="wp1014594"></a>
        <p class="pB1_Body1">Duration </p>
        </td>
        <td><a moz-do-not-send="true" name="wp1014596"></a>
        <p class="pB1_Body1">Trigger alert immediately </p>
        </td>
      </tr>
      <tr align="left" valign="top">
        <td><a moz-do-not-send="true" name="wp1014598"></a>
        <p class="pB1_Body1">Frequency </p>
        </td>
        <td><a moz-do-not-send="true" name="wp1014600"></a>
        <p class="pB1_Body1">Trigger alert on every poll </p>
        </td>
      </tr>
      <tr align="left" valign="top">
        <td><a moz-do-not-send="true" name="wp1014602"></a>
        <p class="pB1_Body1">Schedule </p>
        </td>
        <td><a moz-do-not-send="true" name="wp1014604"></a>
        <p class="pB1_Body1">24 hours daily </p>
        </td>
      </tr>
      <tr align="left" valign="top">
        <td><a moz-do-not-send="true" name="wp1014606"></a>
        <p class="pB1_Body1">Enable Email </p>
        </td>
        <td><a moz-do-not-send="true" name="wp1014608"></a>
        <p class="pB1_Body1">Selected </p>
        </td>
      </tr>
      <tr align="left" valign="top">
        <td><a moz-do-not-send="true" name="wp1025267"></a>
        <p class="pB1_Body1">Trigger Alert Action </p>
        </td>
        <td><a moz-do-not-send="true" name="wp1025269"></a>
        <p class="pB1_Body1">Default </p>
        </td>
      </tr>
    </tbody>
  </table>
  </div>
  </span></font></div>
  <div align="left">&nbsp;</div>
  <div align="left"><font face="Arial" size="2">Tim Reimers</font></div>
  <div align="left"><font face="Arial" size="2">Systems Analyst II</font></div>
  <div align="left"><font face="Arial" size="2">Information Technology
Services</font></div>
  <div align="left"><font face="Arial" size="2">City of Asheville</font></div>
  <div align="left"><font face="Arial" size="2">70 Court Plaza</font></div>
  <div align="left"><font face="Arial" size="2">Asheville, NC 28801</font></div>
  <div align="left"><font face="Arial" size="2">phone - 828-259-5512</font></div>
  <div align="left"><font face="Arial" size="2"><a
 moz-do-not-send="true" href="mailto:timreimers@ashevillenc.gov">treimers@ashevillenc.gov</a></font></div>
  <div>&nbsp;</div>
  <pre wrap="">
<hr size="4" width="90%">
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
  </pre>
</blockquote>
<br>
</body>
</html>