NG SDH equipment network element user name and password are entered incorrectly five times in a row, prompting NSERR_SM_ACCOUNTS_DISABLED,error code 0x9119

Phenomenon Description

A customer performs on-site maintenance on OSN 3500 equipment, logs in to the equipment using the command line, logs in to the network element using the "szhw" user, and cannot log in to the network element, with the command line login error message as follows: "failed! cmd:0x2022 error:0x9119 NSERR_SM_ACCOUNTS_DISABLED", the customer did a hard reset of the main control board, the failure phenomenon remains; the central computer room using the U2000 network management to log on to the network element, the network management login is normal; the operation of the network element operation is normal.

Cause analysis

NGSDH equipment, network element login, if the user name and password are entered five times in a row, it will cause the network element user to be locked, and when logging in, it will prompt "NSERR_SM_ACCOUNTS_DISABLED", the network element can not be logged in.

After 5 consecutive errors, the network element is locked, and the default lockout time is 900 seconds (15 minutes).

After a network element user is locked out, if you hard reset the veneer, then the network element user is unlocked.

Procedure

According to the phenomenon described by the customer, the root cause of not being able to log in to the network element from the command line has been found, and the user "szhw" has been locked out due to five consecutive wrong password inputs. The user "szhw" was locked out of the network element due to five consecutive wrong password inputs, which led to the prompt "NSERR_SM_ACCOUNTS_DISABLED" when logging in from the command line; however, the customer indicated that he had already reset the hard master board, but why the command line still could not log in to the network element;

When a user logs on to a network element, NGSDH products will have a log of the time and operation IP of the network element logged on, so query the log of the network element logged on to confirm;

A large number of szhw user login failure logs are found, indicating that other network administrators or terminals are continuously logging on to the network element and logging on with wrong szhw user passwords.

Querying the logon details, anomalies were found, and a network administrator with IP address 10.34.8.110 was repeatedly logging on to the network element. After confirming the logon details, the reason was found to be: the network administrator had started the DC tool in the background, and the DC tool used the szhw user to log on to the network element, and the user had previously changed the password of the shzw user on the command line, while the DC tool on the network administrator had changed the password of the shzw user on the command line. The user had previously changed the password of the "shzw" user using the command line, and the DC tool on the network administrator used the default "nesoft" password to log in to the network element, thus causing the "szhw" user to be locked;

After changing the password of the szhw user in the DC tool on the T2000V2R7C03 network administrator, the login of the szhw user returns to normal.

Suggestion Summary

Common commands for troubleshooting network element user login:

:sm-get-secucfg //Query the network element user default settings;

:sm-get-seculog //Query the network element user login log;

:sm-get-secrlog-new //Query network element user login detail log;

:sm-edit-lockduration://Set the network element user lock duration;

:log-query:bid, "oplog" //Query the network element operation log.

The related technical information in this chapter and the SDH equipment troubleshooting process are collected and organized by Shenzhen Optical Transmission Network Technology Co.(www.opticaltrans.com), please retain! Our company specializes in the sale of Huawei SDH optical transmission equipment,SDH transmission equipment.