Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Server & Application Monitor (SAM) > Windows AD Domain Security Logs Show Machine Logon Attempts from the Orion Server

Windows AD Domain Security Logs Show Machine Logon Attempts from the Orion Server

Updated December 18, 2017

Overview

If an Orion polling engine server has a SAM component monitor for services or counters using the WMI fetching method that is assigned to a Windows domain controller server that is in a different and untrusted Windows domain than the Orion server, you might see failed machine account logon attempts in the domain security logs.

Environment

  • SAM 6.5
  • "Active Directory 2016 Domain Controller Security" and "Active Directory 2016 Services and Counters" templates
  • The node the templates are assigned to is a Windows domain controller that is in a different and untrusted Windows domain than the Orion polling engine server

 

Cause 

This appears to be a Microsoft defect related to the Microsoft link below:
https://social.msdn.microsoft.com/Forums/en-US/b3e546f3-1d7c-4520-92d8-23403b65c0cd/systemmanagement-causes-an-unexpected-failure-audit-events?forum=netfxbcl

(© 2017 Microsoft, available at https://social.msdn.microsoft.com, obtained on December 18, 2017)

Resolution

There is no known resolution at this time. The domain security log entries can be disregarded.

 

 

 

Last modified

Tags

Classifications

Public