Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Server & Application Monitor (SAM) > SAM template transmitting and receiving large amounts of SMBv2 or CIFS traffic

SAM template transmitting and receiving large amounts of SMBv2 or CIFS traffic

Updated July 20, 2017

Overview

Large amounts of TCP port 445 (SMB/CIFS) traffic are initiated from the SolarWinds primary polling engine server to a few nodes applied with a SAM template.

Environment

All Orion environments with SAM installed

Cause 

SAM does not handle the authentication but passes the credentials provided by the user for the node or component to the underlying operating system. The protocol handling, authentication, and so on, are handled by SAM the same way as if you were to write the same WMI query using VBScript or PowerShell.

SMBv2 traffic is generated from the nodes that try to connect to pull the performance counters and is not technically caused by SAM, as the method by which the servers communicate is left to the servers themselves. 

Reference: Can you force SAM v6.1.1 to use NTLMv2 or Kerberos for authentication?

Resolution

Observe and remediate any Windows Server authentication issues or security policies that could be causing the issue. SolarWinds uses the authentication protocol version specified by the OS and cannot change the policy from its side.

 

 

Last modified
17:07, 19 Jul 2017

Tags

Classifications

Public