Avamar: MCS message "getsockname failed: Bad file descriptor"

Summary: Management Console Server (MCS) message "getsockname failed: Bad file descriptor"

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

The following errors are reported in the Event Management of Avamar UI:

error: getsockname failed: Bad file descriptor
 

The following messages are found in the messages log (/var/log/messages) on the Avamar data node:

Oct  4 19:28:54 AvamarUtilityNode sshd[108141]: Invalid user MCUser from 192.xxx.x.x(Example)
Oct  4 19:28:54 AvamarUtilityNode sshd[108141]: input_userauth_request: invalid user MCUser
Oct  4 19:28:54 AvamarUtilityNode sshd[108141]: Failed keyboard-interactive/xxx for invalid user MCUser from 192.xxx.x.x(Example) port xxxx ssh2
Oct  4 19:28:54 AvamarUtilityNode sshd[108141]: Postponed keyboard-interactive for invalid user MCUser from 192.xxx.x.x(Example) port xxxx ssh2
Oct  4 19:28:54 AvamarUtilityNode sshd[108141]: error: xxx: User not known to the underlying authentication module for illegal user MCUser from 192.xxx.x.x(Example)
Oct  4 19:28:54 AvamarUtilityNode sshd[108141]: Failed keyboard-interactive/xxx for invalid user MCUser from 192.xxx.x.x(Example) port xxxx ssh2
Oct  4 19:28:54 AvamarUtilityNode sshd[108141]: Disconnecting: Too many authentication failures for MCUser
Oct  4 19:28:54 AvamarUtilityNode sshd[108141]: error: getsockname failed: Bad file descriptor

Cause

Possible causes include
  • A network security scan (testing passwords)
  • Storage management software misconfigured to use the MCUser account (Such as "APTARE").

SSH requests are made to the Avamar server using an account and the requests are denied.

The messages do not represent an error. If the cause is known, they can be ignored.

Resolution

1. Locate the source IP or hostname of the SSH requests (from the errors in /var/log/messages):
  1. Determine if a script or process is running.
  2. Verify that the authentication methods being used. (The MCUser account cannot log in to the Avamar Operating System.)
  3. If the host cannot be located, and there are no scripts or programs running, this may be considered malicious. Take the necessary precautions to remove the intrusion.

2. Enable the firewall service (avfirewall) on the Avamar grid to prevent requests from an unknown IP address. See the Avamar Security Guide for more details.

Affected Products

Avamar

Products

Avamar, Avamar Server
Article Properties
Article Number: 000169666
Article Type: Solution
Last Modified: 03 Jun 2026
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.