sturdyerde · IT Solutions Team Lead / Microsoft PowerShell MVP · ✭✭✭✭✭

Has your SCP cert expired, or did you simply lose the link to the certified report?

I'd love to see the results of this survey, if possible! 

That error would have me checking the TLS versions that are enabled on the client side and the server side. Have you verified TLS 1.2 (or at least 1.1) is enabled on both the server[s] and your client machine? They should be by default, unless they are older builds.

I have not yet had a chance to automate changing of the WMI credentials on nodes, but that can certainly be done. (Thankfully I'm not in a place that I must change them, but am going to do so anyway.) The best starting point would be to create a custom Orion report with the following SQL query and review it. This will show…

Which creds, specifically? Service accounts for Orion nodes, or the WMI creds that you monitor Windows servers with? Happy to help.

Agreed. I would donate more likes if I could! This is a great candidate for featured content.

My short answer to that question, given the context, is simply: no company in this industry is immune from a determined and well-funded nation state hacking operation. Now that SolarWinds has been forced to deal with the effects of such an attack, they have unique motivation to secure their processes and environment.…

Have a look at the flash cards that were created by a THWACK MVP: https://www.brainscape.com/p/3810D-LH-9DRRS

You sure can. Create a new alert for the 'node' object type and trigger it on the 'node created' event. Here's a screen shot of one that I have: Then on the Actions page of the alert wizard, click 'Add' to create a new action, and select the 'Change Custom Property' action type. Set the default value that you want for the…

Check your internal DNS servers to see if logging of queries was enabled. If it is, your DNS admin should be able to show you were those logs get saved to. DNS server logs are can be tedious to parse by hand, but aren't bad if you have a little tooling. 

Have you opened a support request about this yet?

The IPAM Administrators' Guide explains what you need for DHCP management permissions. I believe a domain-based account will work, as long as it has been added to the appropriate security groups. The account specified in the credential must exist on the DHCP server and be a member of one of the three following groups: *…

I would only pursue that assumption if the latency started immediately after the upgrade, although again--it's hard to conceive of how an Orion upgrade would cause latency on your domain controllers. What does your historical CPU, memory, and network interface utilization look like on your DCs? What else has changed in…

The questions from @"Jfrazier" are the best place to start. It's hard to think of any way that an Orion upgrade could have any impact on domain controller performance. How far back does the latency show in your history for those nodes? You could also try installing the agent on those DCs and see if the reported information…

Yes, you can use the Orion SDK to query just about any information contained within. Check out the dedicated THWACK forum at Orion SDK Discussions - THWACK (solarwinds.com). You will also find SDK downloads, documentation, and examples on GitHub at solarwinds/OrionSDK: SDK for the SolarWinds Orion platform, including…

Can you please provide the links to which article and video you were following so SW can update the documents and others can learn from what you found? 

Thanks, @"KMSigma.SWI"! Great resource.

We don't see an increase here after jumping from 2019.4 HF4 to 2020.2.1 HF2.

* Visual Studio Code Extensions that @"mrxinu" listed, plus: * Diff (or similar file diff tool) * REST Client (optional) * EditorConfig - helps keep your team's editor settings consistent within each project * SysInternals Suite * RSAT (Remote Server Admin Tools) * Windows Terminal * 7-Zip * PowerShell Modules:* PSPKI *…

We have had to expand the SQL log volume for our DBAs a couple of times as our environment has aged and grown. It may be that you were close to the threshold already before applying HF2. Of course, it's also possible that HF2 is writing more data to the DB (which would get written to SQL logs, and then committed to the DB…

No significant benefits other than security, really. Assuming that you've already enabled WinRM for that node instead of relying on the legacy WMI over DCOM/RPC transport: in addition to being more secure, this change requires far fewer ports to be opened and is less resource intensive. 

Are you a premiere support customer? Have you already given feedback to SWI about your support experience? (I'm not, so I am curious.) Learn about the breach: SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack - YouTube

At the end of a long week, I have nothing smart or funny to say that you all haven't already. Still, I'm thankful for many things. I wish you all the best for 2021, with special thoughts for those who are still working on mitigations for the attack against SolarWinds and their customers.

I just tested one of my domain controllers with an agent and the following configuration: * Node polling method: Windows Agent (was previously using WMI) * WinRM Settings: EnableWinRM The AppInsight for Active Directory is configured as: * Active Directory Credentials: Inherit credential from node * LDAP Port Number: 636 *…

There are a a couple additional URLs from the Advanced Configuration page in Orion, which is at http[s]://[servername]/Orion/Admin/AdvancedConfiguration/Global.aspx.

Those of you who use OpsGenie should also include https://api.opsgenie.com. Thanks for this helpful resource, @"m_roberts"!

Assuming that you are referring to specifically blocking outbound, this means you will not be able to monitor external resources (such as Azure or AWS instances) and will not be able to send alerts to other platforms like OpsGenie, Pager Duty, Slack, or Teams. I'm sure you've already limited inbound traffic to only allow…

If you're currently monitoring your Orion servers, it is probably with an application template that was originally based on the 2017.3 release. To my knowledge this was the last official update to the Orion monitoring template--until now. If you look in SAM settings, you should see three brand new templates for the primary…

The default log file path for installers is at C:\ProgramData\SolarWinds\Logs\Installer. @"mwb"

Don't be disheartened unless SW executives try to suppress stories and information about this, which we see no indication of them doing at this point. As @"happyfunnorm" pointed out, this was a very sophisticated, targeted, hands-on attack that US intelligence believes to be from a nation-state. The information that you…