Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SnS Syslog Question (Authentication)

Hello all,

i would like to troubleshoot the SnS authentication for some users which fail to authenticate on our SnS portal.

we are using the ldap authentication and for the majority of our users the authentication is performed succesfully.

I have generated the syslog from the sns appliance but dont know exactly where to look at!

Any advice?

Thanking you                        

Everyone's tags (3)

SnS Syslog Question (Authentication)

I would recommend opening a TAC service request for troubleshooting since the logs are not always very descriptive.

However if you would like to investigate on your own.

Please refer to the following steps :

1) Change the logging level to "DEBUG" , Have the user (who is failing authentication) log in the DMM, Once the authentication fails, Generate the sysreport.

2) Offload the sysreport from the Device.

3) Set the logging level to either ERROR or INFO.

4) Extract the syslog and analyze the following:


Hope this helps.


Sagar Dhanrale

New Member

SnS Syslog Question (Authentication)

Hello Sagar and thanks for your reply.

Indeed i did a research within the catalina.out file and i can confirm that is a mess :-)

Though, i managed to figure out that whenever an authentication fails there is an output simillar to this:

User token is: null , and vice versa  User token is: ST-5039-9J-xxxxxxxxxxxx .

Though, i just cannt figure out the reason why the authentication fails. Is there any other message that indicates the reason? Maybe is in numeric form?

Thanking you


SnS Syslog Question (Authentication)

It is difficult to give a root cause just by looking at the log snippet, I recommend the following checks before opening a TAC case.

1) Find out what is different between the working and non-working USER accounts on the Active directory side.

2) Find out the similarity between the non-working accounts.

3) Do all the non-working user accounts have First Name, Last Name, Email address and valid account login name ?

4) All all the non-working users on the DMM marked active in the DMM ?

5) Are all the non-working users belonging to a particular OU ?

6) Were debugs enabled before collecting syslogs ?

If none of the above help, I would recommend opening a TAC case and investigate this further.


Sagar Dhanrale

CreatePlease to create content