SNMP EngineTime is out of sync with router

Document ID : KB000005898
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Cannot successfully connect to a new router via SNMPv3.

Seeing error msg on the router,   "not in lifetime failure".

However, another snmp host can successfully connect. after debugging the headers,
the snmpengineTime is vastly different from that of the successful host.

Environment:
NFA 9xWindows 2k8 or 2012
Cause:

EngineTimes need to be in sync for snmp v3 to work correctly.

Deleted the router from my NFA Administration section multiple times.
Also rebooted the router, but still no success.

NFA can successfully connect to an identically configured router elsewhere in the network.
It can also successfully connect to this router via snmp v2.

Resolution:

If you did this, configure the following:  no snmp-server

Then reload.
When the device reboots, reconfigure your SNMPv3 parameters WITHOUT changing the engine ID.
This should give you a unique value.

Verify with the following link.

SNMPv3 authpriv problem - Not in Time Windows


Changed the EngineID, deleted the user, reloaded the router, recreated the user under the new EngineID, restarted services, and now everything is working.

Additional Information:

Reference Case #00672963