Submit a ticketCall us

ebook60.pngHow to be a Cisco® ASA ace

Our eBook, Thou Shalt Not Pass…I Think?! can help you overcome the challenges of monitoring and managing Cisco ASA firewalls. This eBook is a great read if you’ve been frustrated with monitoring firewalls, managing ACL configs, and troubleshooting VPN connections.

Get your free eBook.

Home > Success Center > Server & Application Monitor (SAM) > SAM template transmitting and receiving large amounts of SMBv2 or CIFS traffic

SAM template transmitting and receiving large amounts of SMBv2 or CIFS traffic

Updated July 20, 2017

Overview

Large amounts of TCP port 445 (SMB/CIFS) traffic are initiated from the SolarWinds primary polling engine server to a few nodes applied with a SAM template.

Environment

All Orion environments with SAM installed

Cause 

SAM does not handle the authentication but passes the credentials provided by the user for the node or component to the underlying operating system. The protocol handling, authentication, and so on, are handled by SAM the same way as if you were to write the same WMI query using VBScript or PowerShell.

SMBv2 traffic is generated from the nodes that try to connect to pull the performance counters and is not technically caused by SAM, as the method by which the servers communicate is left to the servers themselves. 

Reference: Can you force SAM v6.1.1 to use NTLMv2 or Kerberos for authentication?

Resolution

Observe and remediate any Windows Server authentication issues or security policies that could be causing the issue. SolarWinds uses the authentication protocol version specified by the OS and cannot change the policy from its side.

 

 

Last modified

Tags

Classifications

Public