Reason for discovery_agent error: Could not discover engine ID for <ip/161>: mostly likely not a SNMPv3 capable device

Document ID : KB000044514
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue: 

If several devices have been configured to use SNMP v3 encryption, it can sometimes trigger alerts in discovery_agent if the devices have been set up incorrectly.    This document shows how to diagnose the following errors in the discovery_agent logs:

"Could not discover remote engine ID for ip/161 : mostly likely not a SNMPv3 capable device" 

Environment:  

UIM 7.x – 8.x

Cause: 

There are several possible reasons why this error is occurring: 

  1. The device is using an encryption that is not supported by discovery_agent.
  2. The device does not support snmpV3. It could be v1 or v2c only. 
  3. The v3 device is not accessible or running on that IP. 
  4. The problematic devices all had the same snmpEngineID and this is causing the snmpv3 authentication to fail. It was recommended to reset the engine ids on these machines to fix the issue. 
  5. These Cisco switches are all connected with stacking cables that attach a group of switches and basically turns them into a single switch. This causes issues with discovery_agent and causes the engine ids to fail. If this is the issue, then it is advised to consult with Cisco support because this may be a bug in IOS. 

Resolution/Workaround:

Use the sapwalk command to help verify and simplify the below troubleshooting steps.  Browse to http://devicesupport.ca.com/Tools.html  and download the version you need based on your OS.  Instructions are included in the download.

1. Step One

Discovery_agent only supports SNMP v3 DES and AES-128 encryption.  If any other encryption is being used, then discovery_agent will display errors in the logs.

2. Step Two

Ensure that the device supports SNMP v3 encryption.  This can be performed by simply trying to use v1 or v2c encryption on these devices to see if this resolves the issue.

3. Step Three

Use nslookup and a ping test to verify that the device is actually using that particular ip.

4.  Step Four

Verify that the devices are not running the same engine IDs for the devices.  If they are, you will need to reset the engine IDs and verify the results.

5.  Step Five

Ensure that the devices have been wired correctly.