• Locked Locked
  • Replies 4 replies
  • Subscribers 13 subscribers
  • Views 1454 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

November 2022 Security Patches and network atlas and SWQL Studio Authentication

marcrobinson

If anyone has patched their domain controllers with KB 5019964, you may notice RDP authentication issues. MORE importantly, I have noticed issues with SWQL Studio and Network Atlas authenticating with my orion servers. Orion 2020.2.6 HF5 and SWQL Studio 3.1.343 are affected. There is a fix coming from Microsoft. Please post if you have run into this and have a workaround besides uninstall the MS Hotfix - which remains an option. 

Two links with relevant information

KB link: KB501994

Bleeping Computer post

Parents

  • , you can add this key to your DC's as a workaround without removing the update. Unfortunately once a fix is released im not sure if you'll need to clean this key out. This was provided by Microsoft Support

    reg add HKLM\System\currentcontrolset\services\kdc /t REG_DWORD /v ApplyDefaultDomainPolicy /d 0 /f

    ApplyDefaultDomainPolicy

    REG_DWORD

    Value: 0

  • in reply to christopher.t.jones123

    Thank you for the information - and I will pass it along to my teammates. We did the audit reg key (kb5020805) to collect more information and permit authentication, but it still did not help. FYI - this patch can cause SolarWinds services to fail. I suspect many of the back-end API calls. Similar to what I noticed with Atlas and SWQL Studio. We are still evaluating - and considering whether this patch is worth it. In other words - waiting for the "fixed" patch. 

    EDIT: I just looked at several KB articles related to this patch. First reaction 'Ewwww.'  I see the trend coming, and hope its something that does not cause more grief. KB5020805, KB5021130, KB5021131 all show methods to handle the change and give us the roadmap. 

  • in reply to marcrobinson

    , i know exactly how you feel, i think in our environment we are waiting for the fix to come out instead of deploying this registry key. When we were trying to figure out what was going on, we saw no entries of the advertised event ID's, so that was less than helpful. At least Microsoft has acknowledged that it is a bug and the patch is not behaving as intended. 

Reply
  • in reply to marcrobinson

    , i know exactly how you feel, i think in our environment we are waiting for the fix to come out instead of deploying this registry key. When we were trying to figure out what was going on, we saw no entries of the advertised event ID's, so that was less than helpful. At least Microsoft has acknowledged that it is a bug and the patch is not behaving as intended. 

Children

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.