Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Network Performance Monitor (NPM) > SolarWinds attempts to log into a remote server as OrionHostName$

SolarWinds attempts to log into a remote server as OrionHostName$

Created by William Muhle, last modified by carolyn.mazenko on Sep 01, 2017

Views: 117 Votes: 1 Revisions: 5

Overview

In the DC Security logs report, SolarWinds attempted to log into a server as OrionHostName$.  The credentials do not provide any information.

The Event ID is 4625:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          1/01/2016 12:00:00 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      OrionServerName
Description:
An account failed to log on.

Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
Logon Type:                                       3

Environment

Any SolarWinds product polling a server outside of the domain using WMI.

Cause 

A cosmetic Microsoft bug.

Detail

 

See the following Microsoft KB:

 

System Management causes an unexpected Failure Audit events (© 2016 Microsoft, available at www.micorosoft.com, obtained on August 26, 2016.)

 

A possible resolution is to run the Job Engine v2 from the SolarWinds side as a Local Admin instead of using a System account. If that doesn't resolve the issue, try monitoring the node via SNMP and use RPC fetching method for applicaiton component monitors instead of WMI.

 

Warning: This can be undone if you uninstalled/reinstalled the Job Engines or if you upgraded/ran the configuration wizard.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

Last modified

Tags

Classifications

Public