just installed UDT2.0 RC and while the install seems to have gone fine the search is now completely broken...
I can literally type in anything (eg jkasdlkasjd) and it will list every single UDT tracked device - seems like the search filter itself isn't working and is just listing everything...
I used config wizard to re-install the UDT service and still seems to be the same. Affects both the seach bar and the Ad-hoc reporting. Any ideas on a fix?
Also - for the AD user tracking - how much load is this expected to generate on my DCs and what rights are required? I'm guessing DA?
actually it was both - however I see that over the weekend this seems to have cleared up and the search seems to be filtering now (guess it just needed to re-poll all the switches?).
Now I have a bunch more issues -
- I have 2 pollers - after the upgrade all the switches that I had on one of the pollers disappeared and I had to re-add them all...
- I'm seeing weirdness in the searches - eg I search for some devices and it finds them fine - others should multiple macs/ips and hostnames - and often in totally different physical locations (countries in my case) - checking the switches/mac/arp of the pcs and switches involved it seems to be a problem with the search identifying additional Macs as belonging to the same PC - but it's obviously wrong... Switch ports and PCs involved all look normal and theres no duplicated MACs or anything that I can see.
- Searches now seem to show Direct connections for a PC on Trunk ports - I removed Trunks from the UDT monitors so I guess that should "fix" that but really I would've thought search would've been smart enough to filter that out?
Separate question - I'm looking for details on how the AD user lookup works - we have a global network of DCs - do I need to check them all for user logins? I tried a discovery and it seemed like it was trying to talk to EVERY DC even though I only configured one.
Thanks for any help
can you please open ticket with support and ask support to forward this to UDT team? I'd like to look at the search issue you describe. Please include diagnostics and detailed information about the search (screenshots what are you searching for and what's wrong/and expected would be best).
If you specify some credentials in the Device Tracker discovery, it tries to find all DCs in the domain and also verifies if it can connect to the DC with those credentials (so yes, it talks to every DC). If you want to add only specific DC or just small number of DCs, use the Add Node wizard (there is an option to poll for AD data).
sure - will open up a ticket. I tried also adding just the AD DC and seeing if it picks up the user logins - but although it seems to polling fine its so far failed to find any user logins at all - even ones on the local DC itself - support ticket?
Can you please connect to the domain controller and check (using Event Viewer) if security log contains events with ID 4768, 4769 (Win2k8) or 672, 673 (Win2k3)? These are the events UDT looks for.
yep - loads of them. I'm monitoring the 2 DCs in my site for about 600 users for about 3 days now - so far nothing is showing up under All User Logins resource or on the ports where the PCs are.
Then please open another ticket with support, I cannot tell what may be wrong. Also please include diagnostics - change logging level for UDT Business Layer to "DEBUG" and UDT Jobs to "VERBOSE", run the RemoteEventLog job (on UDT Job Status page click "Poll now" for the specific job) and collect diagnostics. Then change the logging level back to INFO.
Thanks in advance
I have the same AD User DC problem. We have 2 DC's running Server 2008 R2, and have confirmed the Event ID's 4769 4768 are there in the log. I can confirm and test that the AD user can connect and discover the AD's also, but no results are in UDT for any AD user.
any help would be appreciated.
I'd like to ask you to try following:
1) Run UDT Compatibility Checker (\Program Files\SolarWinds\Orion\UDT\UDTCompatibilityChecker.exe)
2) Click "New", then select "Enter manually" option
3) Enter IP address of the DC and select credential type "REL"
4) Enter username and password to connect to the DC
5) Select "users" option and finish the wizard
When finished, expand the "Session Data" menu (top right corner) and check all options. Please let me know (either here or send me a private message) if it display any data when you select REL_Eventing6, REL_Eventing5 or REL_WMI.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.