Monitoring servers with applications monitoring. Every 5 minutes the monitored servers
are getting and Security Login failure. Event ID 4625. Null SID pointing back to our Orion Server.
The event log is generic and has nothing special that the 6 pages of Google results have not
shown me already. Logon type is 3 (network). Both servers have been rebooted.
There are nothing blocking between the SolarWinds and the servers.
There is no file/directory share or user between the 2 servers that has been cached
The SolarWinds server and the monitored servers are not in the same domain
I have tried different accounts (all local admin on the monitored server)
I have modified the local security policy of the Orion server to match the policy of
the monitored servers
Security Settings\Local Policies\Security Options set to use NTLMv2
I have looked at a hotifx from Microsoft that resolves the issue when using NetFrameWork2.
Netstat -on does not show any problems, just shows a port in TimeWait status from the SolarWinds server.
currently it shows an established connection to the SQLservr.exe so the connection is being made.
On the SolarWinds server I have disabled NetBios over TCPIP
Both these boxes are 2008r2 STD.
Interesting thing from what I have been able to find out, is that the ones that get the Security Alert
are physical servers, none of the virtual servers seem to get the same issue.
No local firewalls are enabled on any of the monitored servers.
I am collecting statistics about the processes (in this case they are SQL processes)
Any other ideas of where to look or try?
Thanks,
