MSFT patch breaks SolarWinds Orion?
Kurt Buff
We applied KB5007152 to our Orion box, which talks with SQLServer on
another box. No patches were applied to the SQLServer machine.
It broke communications with the SQLServer, though I did see that
there were connections to port 1433 on the SQLServer.
One of our sysadmins opened a case, and according to our internal
ticketing system the following was done to resolve the problem:
reindex SQL database - SQL server
shutdown all services in Orion service manager - IIS server
reset admin pw - PW was lost - IIS server
reconfigure user setting in the orion interface to allow user access
to the pages again - web interface
confirm settings in IIS - no changes needed - IIS server
open Orion database manager - IIS server
run several custom queries to update SQL tables that were changed due
to MS patching - IIS server
update system resources for the SQL server - IIS server
reboot SQL server - SQL server
all services are now operational - IIS, SQL, web interface
Has anyone else run into this? I'm looking to see of our Orion box was
pre-broken, of if the patch really caused the problem - I reviewed the
KB article for the patch, and noted that MSFT observed no problems
with it.
Thanks,
Kurt
Mike
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce5tTS4zW5%3D7Ap5_OhBjhHRZObQPz8mV7uDDdExjekE%3DiA%40mail.gmail.com.
Kevin Lundy
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CA%2BSdsNEY2kDZY_26NBCOJhvESGumZV9stT3RQ%3Dh7Gt%3Dvbdp09A%40mail.gmail.com.
Kurt Buff
Orion application box.
I was not party to the ticket, and the sysadmin is a bit unhappy that
Orion was broken this morning.
No patches were applied last night to the SQLServer box, but on the
11th KB5007192 was applied to both boxes - and they're both 2016.
What I find very strange is the statement:
to MS patching - IIS server"
change tables on the SQL box. AFAICT.
Kurt
Solodow, Damien
I didn’t see anything on there about it.
Kurt – do you have/can you send me the Solarwinds ticket/support number? I’m one of their Thwack MVPs so I have a few extra strings I can tug to investigate this.
Like several of the other responders, I’m rather concerned about the assertion that the patch changed the SQL tables.
|
||||||||||||||||||||||||||||||||||||||||||||
|
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CAB0geZO%2BZj4YHhdMaHEN5KM2d5pb9PPYsyPgVcEOtEOU2zGHXw%40mail.gmail.com.
Kurt Buff
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CH0PR04MB81294FE8D88B5059DA7D904EBC9B9%40CH0PR04MB8129.namprd04.prod.outlook.com.
Michael B. Smith
Loss of the admin password (expiration?) seems most concerning of those items listed...
Solodow, Damien
Most likely thing there is that their Orion install authenticates people by either Windows Auth or SAML, and the local built-in account wasn’t used anymore, and so no-one had the password and/or it expired.
|
||||||||||||||||||||||||||||||||||||||||||||
|
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce5tTS4zW5=7Ap5_OhBjhHRZObQPz8mV7uDDdExjekE=i...@mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/49267818929741ff...@smithcons.com.
Kurt Buff
an active session, so was still alive, but broke when the application
box rebooted.
Kurt
Kurt Buff
"we worked in a webex
get website error
has error regarding IPAM
doesn't know the admin password
reset the admin password
now web console comes up
changed IPAM for your account admin
now your account works
you closed the case from the customer portal"
Kurt
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CH0PR04MB81298A04B626F71351C42EECBC9B9%40CH0PR04MB8129.namprd04.prod.outlook.com.
Kurt Buff
from the SW support rep - the earlier note was from the sysadmin, and
I don't think his analysis was accurate:
"we worked in a webex
get website error
has error regarding IPAM
doesn't know the admin password
reset the admin password
now web console comes up
changed IPAM for your account admin
now your account works
you closed the case from the customer portal"
Kurt
Philip Elder
Philip Elder MCTS
Microsoft High Availability MVP
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
Web: www.mpecsinc.com
Blog: blog.mpecsinc.com
Twitter: Twitter.com/MPECSInc
Skype: MPECSInc.
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Kurt Buff
Miller, Jon
Not the latest MSFT patches, but the latest Orion patches caused problems for us. Maybe an Orion patch that got applied on restart?
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Kurt Buff
Sent: Thursday, November 18, 2021 1:43 PM
To: ntsys...@googlegroups.com; patchma...@googlegroups.com
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce5tTS4zW5=7Ap5_OhBjhHRZObQPz8mV7uDDdExjekE=i...@mail.gmail.com.
This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee. If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege. All personal messages express views only of the individual sender, and may not be copied or distributed without this statement.
Henry Awad
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/9aada464feb14898a2567c651c49991d%40DT-EX151.boselaw.com.
Kurt Buff
Kurt
Kurt Buff
We recently (late October) upgraded our licensing to their new
Observability licensing - the latest install dates listed for their
products on this machine are on 2021-10-27, and the machine has
rebooted as least twice between then and last night, with the latest
reboot before last night being the 11th.
Kurt.
Dave Lum
One of the recent Orion patches put an expiration on all Orion-specific accounts, so if you were using local Orion accts and not AD-integrated, this might trip up some functions using the local accounts.
I have patched Orion to current Windows patches without issue.
Dave
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Miller, Jon
Sent: Thursday, November 18, 2021 11:23 AM
To: ntsys...@googlegroups.com; patchma...@googlegroups.com
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/9aada464feb14898a2567c651c49991d%40DT-EX151.boselaw.com.
Kurt Buff
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CO1PR17MB5308848F22739CFE4DD3C250DD9F9%40CO1PR17MB5308.namprd17.prod.outlook.com.