Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Network Performance Monitor (NPM) > SolarWinds attempts to log into a remote server as OrionHostName$

SolarWinds attempts to log into a remote server as OrionHostName$

Created by William Muhle, last modified by Aileen de Lara_ret on Aug 26, 2016

Views: 44 Votes: 1 Revisions: 3

Overview

In the DC Security logs report, SolarWinds has attempted to log in to a server as OrionHostName$.  The credentials do not provides any information.

The Event ID is 4625:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          1/01/2016 12:00:00 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      OrionServerName
Description:
An account failed to log on.

Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
Logon Type:                                       3

Environment

Any SolarWinds product polling a server outside of the domain using WMI.

Cause 

A cosmetic Microsoft bug.

Detail

See the following Microsoft KB:

System Management causes an unexpected Failure Audit events (© 2016 Microsoft, available at www.micorosoft.com, obtained on August 26, 2016.)

 

The only thing that you can attempt to do from the SolarWinds side is to run the Job Engine v2 as a Local Admin instead of under a System account.

 

Warning: This can be undone if you uninstalled/reinstalled the Job Engines or if you upgraded/ran the configuration wizard.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

Last modified
18:56, 25 Aug 2016

Tags

Classifications

Public