Submit a ticketCall us
Home > Success Center > Server & Application Monitor (SAM) > Windows AD Domain Security Logs Show Machine Logon Attempts from the Orion Server

Windows AD Domain Security Logs Show Machine Logon Attempts from the Orion Server

Updated December 18, 2017

Overview

If an Orion polling engine server has a SAM component monitor for services or counters using the WMI fetching method that is assigned to a Windows domain controller server that is in a different and untrusted Windows domain than the Orion server, you might see failed machine account logon attempts in the domain security logs.

Environment

  • SAM 6.5
  • "Active Directory 2016 Domain Controller Security" and "Active Directory 2016 Services and Counters" templates
  • The node the templates are assigned to is a Windows domain controller that is in a different and untrusted Windows domain than the Orion polling engine server

 

Cause 

This appears to be a Microsoft defect related to the Microsoft link below:
https://social.msdn.microsoft.com/Forums/en-US/b3e546f3-1d7c-4520-92d8-23403b65c0cd/systemmanagement-causes-an-unexpected-failure-audit-events?forum=netfxbcl

(© 2017 Microsoft, available at https://social.msdn.microsoft.com, obtained on December 18, 2017)

Resolution

There is no known resolution at this time. The domain security log entries can be disregarded.

 

 

 

Last modified

Tags

Classifications

Public