Unable to receive SNMPv3 traps in event - org.snmp4j.security.UsmSecurityParameters - CheckTime: received message outside time window (authoritative):76189 > 150


Description

While sending traps from the device (e.g. Data Domain or any other software or device) via SNMP Listener using Security Level as authPriv , AuthProtocol as MD5 and PrivacyProtocol as DES we are receiving an error message as

Error
org.snmp4j.security.UsmSecurityParameters - CheckTime: received message outside time window (authoritative):76189 > 150

Trap.0 WARNING *** WARNING *** (1700)org.snmp4j.security.UsmSecurityParameters - statusInfo=1.3.6.1.6.3.15.1.1.2.0 = 0, status=1411

Release or Environment

Any

Cause

The detailed explanation for this can be found on link

https://tools.ietf.org/html/rfc3414

Resolution

Step 1: First, verify that the following is working correctly: 


1. Create a new MID SNMP listener with the same configuration and use the same mid but the port number should be unique for each SNMP listener
2. After Starting the MID-SNMP Listener, the "Executing On" field should have mid server value
3. Check SNMP Services and SNMP traps service are running on the machine where the mid server is installed
4. Send the trap manually, if trap will arrive on mid server, you will see a debug message "===== NEW SNMP TRAP RECEIVED ====" (Make sure mid.log.level = debug properties is enable)
5. You can use a third-party tool to send SNMP traps, I have attached that in the task or you can download it from google also
6. Run the below command from the same directory where you extracted the SnmpTrapGen and replace all the values accordingly

SnmpTrapGen.exe -r:<Mid server Ip address> -p:<SNMP trap listener Port> -t:10 -v:3 -sn:<attached credential username> -ap:<Authentication Protocol MD5/SHA> -aw:<authentication key>
-pp:<Privacy Protocol AES128/AES256/DES> -pw:<Privacy Key> -ei:<Enigne Id> -to:.1.3.6.1.2.1.1.1.0



Step 2:

If step 1 is working, then the issue is with the sender device itself.
Use some different engine id for sender (Not the same which is configured on SNMP agent side ) and other values(security level and credential) must be the same.