Submit a ticketCall us

WebinarUpcoming Webinar: Should I Move My Database to the Cloud?

So you’ve been running an on-premises SQL Server® for a while now. Maybe you’ve moved it from bare metal to a VM, and have seen some positive benefits. But, do you want to see more? If you said “YES!”, then this session is for you, as James Serra will review the many benefits that can be gained by moving your on-prem SQL Server to an Azure® VM (IaaS). He’ll also talk about the many hybrid approaches, so you can gradually move to the cloud. If you are interested in cost savings, additional features, ease of use, quick scaling, improved reliability, and ending the days of upgrading hardware, this is the session for you.

Register now.

Home > Success Center > Network Performance Monitor (NPM) > SolarWinds attempts to log into a remote server as OrionHostName$

SolarWinds attempts to log into a remote server as OrionHostName$

Created by William Muhle, last modified by carolyn.mazenko on Sep 01, 2017

Views: 967 Votes: 1 Revisions: 5


In the DC Security logs report, SolarWinds attempted to log into a server as OrionHostName$.  The credentials do not provide any information.

The Event ID is 4625:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          1/01/2016 12:00:00 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      OrionServerName
An account failed to log on.

                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
Logon Type:                                       3


Any SolarWinds product polling a server outside of the domain using WMI.


A cosmetic Microsoft bug.



See the following Microsoft KB:


System Management causes an unexpected Failure Audit events (© 2016 Microsoft, available at, obtained on August 26, 2016.)


A possible resolution is to run the Job Engine v2 from the SolarWinds side as a Local Admin instead of using a System account. If that doesn't resolve the issue, try monitoring the node via SNMP and use RPC fetching method for applicaiton component monitors instead of WMI.


Warning: This can be undone if you uninstalled/reinstalled the Job Engines or if you upgraded/ran the configuration wizard.


Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.



Last modified