cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Entries in /etc/security/failedlogin

former_member84834
Active Participant

on ‎02-09-2015 2:06 PM

0 Kudos

I am running Solution Manager version 7.1 SPS 10. Entries are being written in the the  /etc/security/failedlogin file on my "managed systems". I am putting the words managed systems in quotes because these system were not set up in solution manager. They do exist in the Solution Manager SLD.

The Solution Manager system is attempting to use the database user to log into the "managed system" and it is failing. This is happening for several "managed systems". This was just recently detected by our security team, but I suspect this has been happening for a long time.

Any idea why Solution Manager is attempting to log into a sattelite server using the database account?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

former_member84834
Active Participant
‎02-11-2015 9:28 PM
0 Kudos

The "managed server"  no longer exists in the SLD for Solution Manager.

The "managed server"  no longer exists in the LMDB for Solution Manager.

The "managed server"  no longer exists in the dbacockpit for Solution Manager.

The "managed server"  no longer exists in SMSY for Solution Manager.

And still the Solution Manager system is attempting to log into the "managed system".

Any ideas on how to stop the logins would be appreciated.

Show replies
Show replies
manumohandas82
Active Contributor
‎02-12-2015 12:01 PM
0 Kudos

Hi ,

Try substittuting wrong ip adress  for the managed system in the solution manager /etc/hosts .

This is just to identify whether any solution manager configuration is the real culprit .

If the  message stops

a ) Any RFC,s pointing from the managed system to Solution manager . if yes disable the same

b) SMD in the managed system



All these  suggestion are work arounds and may not be recommended.




Thanks ,

Manu.

former_member84834
Active Participant
‎02-10-2015 3:53 PM
0 Kudos

I went into DBACOCKPIT on the Solution Manager server and deleted the entry for the server that I do not want to monitor. This did not work. The server reappeared this morning and there are more entries in the  /etc/security/failedlogin file on the "managed systems when the I think this happened SLD was refreshed..

Yes - the system reports to the Solution Manager SLD.

I think the solution to my problem requires three steps.

1.) Delete the server from the DBACOCKPIT of the Solution Manager server

2.) Delete the server from LMDB in the Solution Manage system

3.) Remove the server from the Solution Manager SLD

I'm going to try this and will post he results.

Show replies
Show replies
manumohandas82
Active Contributor
‎02-09-2015 3:06 PM
0 Kudos

Hi  ,

Are the systems connected to the SLD  to which Solution manager points to ( TXN RZ70 )

If yes ?

Did you import it into the DBA cockpit   of the solution manager system ?

Thanks ,

Manu

Show replies
Show replies
former_member204080
Active Contributor
‎02-09-2015 4:08 PM
0 Kudos

Hi,

You can go to Db02 of solman system->DB connections ->see if the system which you are seeing errors are present ->You can delete the entry if you don't want

Regards,

Murali

former_member84834
Active Participant
‎02-09-2015 2:56 PM
0 Kudos

You are correct I have not tried to setup these managed systems. I do not want to set up these systems. How can I prevent the Solution Manager system for trying to connect to the system using the dtabase account? 

Show replies
Show replies
Former Member
‎02-09-2015 2:59 PM
0 Kudos

In solman go to dbacockpit and then delete the connection which you dont want to monitor.

Former Member
‎02-09-2015 2:23 PM
0 Kudos

In managed system configuration step 5 'Enter system parameters' you have to perform the DB setup where you to enter database userID. This is to create a connection in dbacockpit.

Show replies
Show replies
Ask a Question