Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Orion Platform > Orion - Knowledgebase Articles > Orion is locking me out of active directory

Orion is locking me out of active directory

Updated January 18th, 2019


If you are being locked out of Active Directory while working in Orion products, Orion may be repeatedly trying to log in to Active Directory using expired or mistyped credentials. This issue can also occur if you are trying to access the internet through a proxy server for which you use Active Directory authentication.


All Orion Core products 


Account lockout due to expired or mistyped credentials can occur in several areas. Check, and where needed, correct the following credential issues:

  • Orion Windows Credentials for WMI 
    These credentials may also be used for SAM with "Inherit Credential From Node"
    • Log in to the Web Console
    • Settings > All Settings
    • Manage Windows Credentials
  • Orion Scheduled Tasks
    • Common tasks that can be scheduled in Orion are Unmanaging Elements. These tasks appear in the Task Scheduler Library on the Windows Server. Check the credentials used for these jobs.
  • Orion Discovery Jobs
    • Settings > All Settings > Discovery Central.
    • Check the different jobs if they have specified the credentials for WMI Polling.
  • SAM
    • Log in to the Web Console
    • Settings > All Settings
    • SAM Settings
    • Credentials Library
  • NCM
    • Check Scheduled Tasks in Windows Server 2003 or Task Scheduler in Windows Server 2008/2012/2016 for any jobs running under your credentials.
    • The jobs are set in Schedule > Display Edit / Jobs in NCM.
  • IPAM
    • Log in to the Web Console
    • Settings > All Settings
    • IPAM Settings
    • Manage DHCP Servers
    • Edit the Servers and verify the credentials
  • VIM / IVIM (vCenter Polling)
    • Log in to the Web Console
    • Settings > All Settings
    • Virtualization Settings
    • VMware Credentials Library
  • UDT
    • Log in to the Web Console
    • Settings > All Settings
    • UDT Settings
    • Manage Active Directory Domain Controller
    • Edit the Servers and verify the credentials
  • Orion Services in Service Manager
    • If using Windows Credentials instead of LocalSystem account then ensure the account is exempt from Password Policy to change the password every xx days.
    • This can be verified via Run > Services.msc and checking the "Log On As" column
  • Alerts with Actions
    • Log in to the Web Console
    • Settings > All Settings
    • Manage Alerts
    • Action Manager
    • Group By Action Type
    • Check Actions such as "Execute an External Program" for credentials
  • Mapped network drives
    • Remote Desktop to the Solarwinds Server
    • Open an Administrative Command Prompt
    • Run the command:
      net use
    • Check the mapped shares for the credentials
    • The Credential Manager can also be checked on the server or the command:
      cmdkey /list
  • Remote desktop (RDP) sessions
    • Check the AD credentials that are saved for remote desktop sessions.
    • RDP session timeouts - If the RDP sessions do not have a session timeout set for the SolarWinds Orion server, the AD account can be locked out based on the enforced policy.
  • License Manager proxy settings
    • See below
  • Node Application Poller Lockout


  • Alternative issue with Legacy old License Manager causing locks outs

    • Best solution here is to upgrade to the latest NPM \ Core versions as this now using the new web licensing.
    • Otherwise try overwriting the hiding account that was used in license manager some time ago by:
      • Start -> All programs -> Solarwinds -> License Manager
        • Please run License Manager and click on Upgrade on some of license. 
        • Put there any key (it's not important what), failed update of license is sufficient for now and check proxy settings here. 
        • Our assumption here is there will be that bad account with old password (usernameXYZ). 
        • Update it and it should work fine then (use some account with password with no expiration).


Additionally, extract more information from the Security Event logs of the Domain Controller. Information about the Caller Process ID and the Caller Process Name can help determine the cause of the account lockout.

You can also run the Microsoft Account Lockout Status tool on the Domain Controller to gather more detailed information about the reason why the account gets locked out. To download the tool, search for Account Lockout Status at the Microsoft Download Center.


Setting up an AD account for a proxy server

Create a dedicated AD account to be used exclusively for products and services to access the internet through a proxy server.

The account should meet the following requirements:
  • The account password should never expire. To avoid automatic password change, the account should belong to a different Group Policy Object in AD.
  • Because this account is used for impersonation, it should only have limited rights. For example, it should not have remote desktop access.

For more related information, consult Microsoft TechNet at


Setting up License Manager to use a proxy (where applicable)

After setting up an account that meets the requirements, check and modify the proxy settings of License Manager:

  1. Click Start > All Programs > SolarWinds > SolarWinds License Manager.
  2. Select any product from the list, and then click Upgrade.
  3. Enter any activation key, and check the proxy settings. If the proxy settings contain the old, expired account name and password, update the settings with an account that fulfills the requirements listed above.


Setting up the Java Installer to use a proxy (where applicable)

If the account still gets locked out after fulfilling the requirements above, make sure that the Java installer does not use credentials belonging to a personal AD account.

To check your Java settings:

  1. Go to Control Panel > Java > General.
  2. Click Network Settings.
  3. Select Use proxy server, and then click Advanced.


Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

Last modified