Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Server & Application Monitor (SAM) > SAM template transmitting and receiving large amounts of SMBv2 or CIFS traffic

SAM template transmitting and receiving large amounts of SMBv2 or CIFS traffic

Updated July 20, 2017

Overview

Large amounts of TCP port 445 (SMB/CIFS) traffic are initiated from the SolarWinds primary polling engine server to a few nodes applied with a SAM template.

Environment

All Orion environments with SAM installed

Cause 

SAM does not handle the authentication but passes the credentials provided by the user for the node or component to the underlying operating system. The protocol handling, authentication, and so on, are handled by SAM the same way as if you were to write the same WMI query using VBScript or PowerShell.

SMBv2 traffic is generated from the nodes that try to connect to pull the performance counters and is not technically caused by SAM, as the method by which the servers communicate is left to the servers themselves. 

Reference: Can you force SAM v6.1.1 to use NTLMv2 or Kerberos for authentication?

Resolution

Observe and remediate any Windows Server authentication issues or security policies that could be causing the issue. SolarWinds uses the authentication protocol version specified by the OS and cannot change the policy from its side.

 

 

Last modified
17:07, 19 Jul 2017

Tags

Classifications

Public