So the following has been happening after installing the hotfix and then rolling back:
- Installed the hotfix with no issues.
- Rebooted the server and then allowed services to come back up.
- Opened solarwinds and used is at per and found a few issues with the editing and the adding of nodes. Specifically:
- If you open a node to test it and then open another window to add a node, you can no longer test the node you want to add (I can't remember if it was always like this.)
- After reverting the snapshot it then decided to add an SSL to IIS - which I found a little weird. (I have a diagnostics that needs to be uploaded that I will do at home tonight.)
- Some SAM monitoring and some node monitoring failed (specifically one's that used WMI)
- Finally, after installing (KB4012213) which is the patch for Windows 2012R2 for runaway ransomware, it appears to now have broken my box and can not longer connect to solarwinds.
- Symptoms include:
- There was no endpoint listening at net.tcp://xxxxxx:17777/orion/core/businesslayer that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
- Services would randomly turn off.
I have been speaking to Solarwinds about this and through the marvel of and Internet-based search, can't find that much that points to that MS hotfix. So my only guess is that SOMEHOW (I don't know how yet) there much have been a change when the hotfix was applied maybe.
I am not sure. But looking at logic dictates that if something is fine before a fix and then it's not quite right after a fix, then x must be the smoking gun.
So these are my initial findings on said patch.
as an update - it has murdered the resources of the front-end facing server.
I have performed the following to resolve the incident:
- rebooted/repaired the Orion services.
- Cleared the temp file.
- Run a config.
- Reboot the server.
- Remove some dynamic queries.