Possible “Service Account” Password/Account Locations in SolarWinds

I apologize in advance if I’m not using the proper terms. I’m a network guy and just getting experience with servers.

I’m running into an odd issue with authentication and WMI. Authentication was working a few days ago/weeks ago at a remote site but then they had power outages and other issues. SolarWinds boxes have been restarted after the issues were resolved. Everything should be working like it was prior to their issues.

Currently, WMI authentication is failing for all the devices associated with a specific service account hosted at the remote location. In their Active Directory server, they have a “SWService” account. The Solarwinds Orion Server on their site has credentials stored in the “Credential Library” in SAM.  I have access to their AD and SolarWinds servers. Account name and passwords match in AD and the Credential Library, yet the service account immediately locks out in active directory.

Lock Out tool was run on the remote site. Tech that ran the test said that the AD account is getting locked out by “Solar-01”. Solar-01 is the remotes site’s Orion Server. I reconfirmed passwords in the Credential Library and AD match.

I need to troubleshoot/find what is passing wrong credentials from SolarWinds to AD.


My questions:

1) In SolarWinds, where could you locate logs to find out what specifically is passing the bad credentials?

 I’m in the Orion Server and looking at the active Collector.Service log C:\ProgramData\SolarWinds\Collector\Logs.

 The log says authentication failed, and lists multiple “netobjects” but I don’t know how to correlate “netodject” to device name or device IP. Site uses NTP and I can’t match timestamps for resetting AD account and immediate failures in that Solarwinds log either.


 2) We have a lot of SolarWinds add-on products. We have NPM, NTA, NCM, SAM, IPAM, VMAN, and a laundry list of other SolarWinds add-ons. Could any of these SolarWinds add-ons contain credentials that could match/mismatch and lock out the service account in AD? If so, which modules have account/password that could conflict like that?