Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Server & Application Monitor (SAM) > SAM template transmitting and receiving large amounts of SMBv2 or CIFS traffic

SAM template transmitting and receiving large amounts of SMBv2 or CIFS traffic

Updated July 20, 2017

Overview

Large amounts of TCP port 445 (SMB/CIFS) traffic are initiated from the SolarWinds primary polling engine server to a few nodes applied with a SAM template.

Environment

All Orion environments with SAM installed

Cause 

SAM does not handle the authentication but passes the credentials provided by the user for the node or component to the underlying operating system. The protocol handling, authentication, and so on, are handled by SAM the same way as if you were to write the same WMI query using VBScript or PowerShell.

SMBv2 traffic is generated from the nodes that try to connect to pull the performance counters and is not technically caused by SAM, as the method by which the servers communicate is left to the servers themselves. 

Reference: Can you force SAM v6.1.1 to use NTLMv2 or Kerberos for authentication?

Resolution

Observe and remediate any Windows Server authentication issues or security policies that could be causing the issue. SolarWinds uses the authentication protocol version specified by the OS and cannot change the policy from its side.

 

 

Last modified

Tags

Classifications

Public