ADMINISTRATOR GUIDE

Server & Application

Monitor
Version 2020.2.1

Last Updated: Tuesday, November 10, 2020

© 2020 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled,
published or distributed, in whole or in part, or translated to any electronic medium or other means
without the prior written consent of SolarWinds. All right, title, and interest in and to the software,
services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates,
and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS

OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING
WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS
OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS
SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN
TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of
SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office,
and may be registered or pending registration in other countries. All other SolarWinds trademarks,
service marks, and logos may be common law marks or are registered or pending registration. All
other trademarks mentioned herein are used for identification purposes only and are trademarks of
(and may be registered trademarks) of their respective companies.

page 2
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Table of Contents
Introduction to SolarWinds SAM 5

SAM licensing model 7

About Orion Platform features in SAM 15

Log into the Orion Web Console to use SAM 19

Discover servers in your SAM environment 20

Discover applications in your SAM environment 21

Use the Application Discovery wizard to add multiple nodes in SAM 21

Add application monitors to individual nodes in SAM 23

Customize Application Details views in SAM 24

Customize Application Summary views in SAM 25

View node and application data in SAM tooltips 25

Add SAM data to the Node Details view 27

Monitor your environment with SAM 29

Monitor with Orion agents in SAM 30

Monitor your virtual infrastructure in SAM 42

Monitor your environment using AppStack 44

Use API pollers to monitor metrics via remote APIs in SAM 64

Monitor application dependencies in SAM 120

Monitor hardware health in SAM 146

Use alerts to monitor your SAM environment 151

Monitor processes, services, tasks, and events in real time 152

Use SAM templates, application monitors, and component monitors 167

The template and application monitor relationship 172

Manage SAM templates and application monitors 173

Use WinRM for application monitor polling in SAM 209

page 3
 Work with SAM component monitors 223

Manage thresholds in SAM 234

Use PowerShell in SAM 246

Use properties and macros in alerts for SAM application monitors and component monitors 251

Example tasks for SAM application monitors 262

Monitor with AppInsight applications 274

Monitor with AppInsight for Active Directory 276

Monitor with AppInsight for Exchange 292

Monitor with AppInsight for IIS 315

Integrate SolarWinds AppOptics with IIS nodes in SAM 330

Monitor with AppInsight for SQL 341

Manage Asset Inventory in SAM 360

Asset Inventory polling requirements 361

Enable Asset Inventory polling for multiple nodes in bulk 363

Enable Asset Inventory polling for individual nodes 363

Display Asset Inventory data in SAM or SCM 364

Display the warranty status for physical servers in SAM 366

Adjust the Asset Inventory polling frequency in SAM 367

Configure SSL certificate validation for target systems during Asset Inventory polling 368

Troubleshoot Asset Inventory polling issues in SAM 369

page 4
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Introduction to SolarWinds SAM

SolarWinds SAM gives you the tools to monitor your servers and applications through a single web
console. It provides custom collections of templates, application monitors, and alerts to intelligently
monitor application status and issues. Monitor over 200 application types including application
servers, authentication servers, database servers, and more.

With SAM, you can monitor public, private, or hybrid environments in a variety of ways, including:

l AppStack: Use interactive visual mapping to gain an in-depth perspective through the entire
environment to help identify the root cause of performance and availability issues.
l Performance Analysis (PerfStack) dashboards: Correlate historical and real-time data from
multiple SolarWinds products and entity types in a single view for in-depth troubleshooting
l Cloud monitoring: Monitor IaaS, PaaS, and SaaS applications and servers on-premises, with
optional agents for cloud services like AWS, Microsoft Azure, Rackspace, and more. Hybrid
cloud monitoring allows you to keep track of your applications, even when they move from on-
premises to the cloud.
l Container monitoring: View, track, and correlate key performance metrics, including CPU,
memory, and uptime, for Docker, Docker Swarm, Kubernetes, and Apache Mesos containers.
l AppInsight applications: Monitor Microsoft Active Directory, Exchange, IIS, and SQL servers and
display metrics, status, and issues to manage and maintain applications and servers.

page 5
 l Application monitor templates: Combine process monitors, port availability, and performance
counters to assess every aspect of an application, including status and overall health.
l Application dependencies: Detect how applications and nodes interact to ensure important data
for key applications is monitored.
l Server infrastructure monitoring: Discover and store IT Asset Inventory data on your servers,
while monitoring hardware health to ensure server and application uptime.

Expand SAM's monitoring capabilities by integrating with other Orion Platform products:

l The Systems Management Bundle includes SAM and the following modules:
o Virtualization Manager (VMAN): Gain insight into performance, capacity, and usage of your

virtual infrastructure, including hosts, VMs, clusters, containers, vSANs, and other data
stores.
o Storage Resource Monitor (SRM): Provide performance monitoring and alerting across all

your storage arrays.

o Web Performance Monitor (WPM): Find and fix both web and SaaS application

performance issues before users are affected. When used with SAM, WPM can map the
relationship between web transactions and the supporting infrastructure, allowing you to
see overall status details in one place. For example, SAM may show that Microsoft IIS is
running, but WPM can notify you if sites take too long to load. After you remedy the
situation, WPM can validate that the user transactions are operating successfully.
l The Server Performance & Configuration Bundle combines SAM with Server Configuration
Monitor (SCM) to offer performance monitoring and change detection in a unified solution.
l The Log and Systems Performance Pack pairs SAM with Log Analyzer so you can aggregate,
search, and chart log data while tracking system performance.
l The Application Performance Optimization Pack includes SAM and Database Performance
Analyzer (DPA).
o Add response-time analysis to see the root cause of application issues.

o Use historic analysis and dynamic baselines to spot SQL tuning problems.

l IT Operations Manager combines SAM with VMAN and SRM.

Ready to get started with SAM? Click here to download a free trial. After installing SAM, see
the SAM Getting Started Guide. If you're already using SAM, you can add other products easily
from the My Orion Deployment page in the Orion Web Console.

page 6
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

SAM licensing model

This section describes the two types of licensing available for SAM:

l Node-based licensing, and

l Component-based licensing.

Additional topics provided here include:

l Determine your SAM license type

l Manage your SAM license
l How your SAM license relates to other Orion Platform product licenses
l Add polling engines to scale your SAM environment

You can also visit the SolarWinds Success Center to review SAM Licensing FAQs.

The Orion Platform now offers subscription-based licenses.

Node-based licensing in SAM

Introduced in SAM 6.9.1, node-based SAM licensing governs how many managed nodes can be
monitored within your SAM environment, while allowing for an unlimited number of component
monitors per node. This scheme provides an alternative to component-based licensing, which controls
how many component monitors can be assigned.

The term "managed node" can be interpreted differently, depending on if you're using other Orion
Platform modules with SAM:

l In a SAM-only environment, a managed node is any entity from which SAM extracts data
directly via supported polling methods (for example, WMI), Orion agents, or API pollers. Nodes
monitored by Asset Inventory and/or Hardware Health are also considered managed nodes in a
SAM-only environment.
l If your environment includes SAM and other Orion Platform modules, the SAM node count has
the potential to be additive to other modules that use node licensing, such as SolarWinds NPM.
In a multi-module scenario, only nodes being monitored by SAM application monitors or API
pollers are classified as managed nodes for SAM. Nodes monitored by Asset Inventory and/or
Hardware Health do not impact licensing.

In either case, a managed node can represent a traditional server, VM, hypervisor, or Nutanix cluster,
as well as an external node, remote API, or service.

page 7
 A VM being monitored directly counts as a single managed node. However, individual VMs on
a hypervisor do not count as multiple managed nodes when performance metrics are gathered
from the parent hypervisor. In that case, the parent hypervisor is the managed node.

Available license tiers

Count the number of managed nodes in your environment to determine the most suitable license tier.

SAM license tiers Number of

(node-based licensing) managed nodes
SAM10 10

SAM25 25

SAM50 50

SAM75 75

SAM100 100

SAM200 200

SAM300 300

SAM400 400

SAM500 500

SAM600 600

SAM700 700

SAM800 800

SAM900 900

SAM1000 1000

SAM1250 1250

SAM1500 1500

SAM2000 2000

SAM2500 2500

SAM3000 3000

SAM4000 4000

page 8
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

SAM license tiers Number of

(node-based licensing) managed nodes
SAM5000* 5000

*Additional tiers are available. Contact SolarWinds Sales for details.

Component-based licensing in SAM

A component-based SAM license determines how many assigned component monitors you are
allowed. Each component monitor consumes one license; a typical application monitor (also called an
application) consumes 15 — 25 component monitors, while AppInsight applications consume a flat rate
of either 30 or 50 licenses each.

SAM features such as API Pollers also consume licenses. For example, the Windows
Scheduled Task Monitor consumes 5 licenses for each monitored Windows server. Asset
Inventory data collection does not consume SAM licenses.

You can use as many component monitors as needed, as long as the number of assigned component
monitors doesn't exceed the license count. If you exceed a license limit, component monitors beyond
the limit are not activated and their statuses change to Not Licensed. Either disable assigned
component monitors to reduce license consumption, or upgrade your license. This also applies to API
Poller metrics.

The following table lists available component-based license levels:

SAM license tiers Number of

(component-based licensing) monitored components
AL150 150

AL300 300

AL700 700

AL1100 1100

AL1500 1500

AL2500 2500

ALX Unlimited number of items to

monitor standard polling
throughput.

page 9
To verify the number of consumed and available component monitors, navigate to the SAM License
Summary:

1. Click Settings > All Settings.

2. Under Product Specific Settings, click SAM Settings.
3. Click SAM License Summary.

Note the following details about component-based licensing:

l To maximize polling capacity, see SAM polling recommendations.

l Two Additional Polling Engines can be installed on a single server, and license stacking is
supported. See Scalability Engine Guidelines for details.

Verify the component monitors consumed per template

As described here, each predefined SAM template includes one or more component monitors
designed to monitor the availability or a statistic of a specific element, such as a server, application,
process, service, port, or URL. You can assign templates to nodes to create application monitors that
are specific to that node. For most SAM application monitors, you can add or remove component
monitors, or disable component monitors, as necessary. Each active component monitor in an
application monitor counts against your license.

​Example: The Apache template includes 9 component monitors that retrieve server statistics from the
built-in Apache server-status web page on Linux systems. If you have an AL150 license and assign all
8 component monitors in this template to a node, the balance of remaining licenses is 142 (150-8 =
142). If you assign only 5 of the 8 component monitors to a node, the balance of remaining licenses is
145 (150-5=145).

page 10
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To view the number of licensed component monitors consumed per template in SAM:

1. Click Settings > All Settings > SAM Settings.

2. Under Product Specific Settings, click SAM Settings
3. Under Application Monitor Templates, click Manage Templates.
4. Review the Licensed Components column amount per template.

To determine how many component licenses are currently active, see Run a report about licensed
component monitors in SAM. To check the number of component monitors assigned to each polling
engine, see How to display all components polled for each polling engine.

AppInsight applications consume licenses at flat rates

Note that AppInsight applications consume a fixed number of component monitor licenses; you cannot
add component monitors and many component monitors cannot be disabled. Due to the complexity of
AppInsight templates that application monitors are based on, they cannot be partially unlicensed
because the way they collect data differs significantly from traditional SAM templates.

Although you can disable some component monitors within AppInsight applications, that won't reclaim
component monitor licenses because AppInsight applications typically monitor far more components
than cited in their flat rates, as listed here:

l AppInsight for Active Directory: 50 component monitors per monitored domain controller
l AppInsight for Exchange: 50 component monitors per monitored mailbox role server
l AppInsight for IIS: 30 component monitors per monitored IIS server
l AppInsight for SQL: 50 component monitors per database instance

If you choose not to use AppInsight applications, you are not penalized any number of
component monitors.

page 11
Determine your SAM license type
To check which type of license you have:

1. Click Settings > All Settings > License Details.

2. Examine the SAM section of the License Details page:

l If license data refers to nodes, SAM uses a node-based license.

l If license data refers to component monitors, SAM uses a component-based license.

You can also check your license type in the SolarWinds Customer Portal.

1. Log into the SolarWinds Customer Portal.

2. Click Licenses > Manage Licenses.
3. Scroll down to the Server & Application Monitor row.

If a license starts with SAM (for example, SAM200), SAM uses a node-based license.

If a license starts with AL (AL2500), SAM uses a component-based license.

To switch to node-based licensing, contact SolarWinds Sales. Note that, after updating
licensing, it may take one or two polling cycles for polling rate details to refresh in the Orion
Web Console.

page 12
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Manage your SAM license

Like other Orion Platform products, SAM uses the web-based License Manager to license the Orion
server, Additional Polling Engines, Additional Web Servers, and High Availability (HA) pools.

To manage SAM and other licenses after you install SAM:

1. Click Settings > All Settings.

2. Click License Details in the Details section.
3. Click License Manager.

You can sort licenses by product name, version, license type, or expiration date. You can also add a
license, upgrade a license, and activate licenses on new servers. The License Manager on the Orion
server controls all licenses for your SAM environment, including licensing for scalability engines.

If prompted to activate your SAM license, use your individual Customer ID (also called a
"SWID") to log into the Customer Portal. If you do not know your ID, enter a Support ticket.

How your SAM license relates to other Orion Platform product licenses
In an environment that includes multiple Orion Platform modules, your SAM license interacts
additively with other product licenses. For example, if you have NPM SL500 (500 nodes and 500
volumes) installed with SAM AL150 (a component-based license), you can monitor:

l 650 nodes (500 NPM nodes + 150 SAM nodes)

l 650 volumes (the number of volumes matches the node count)
l 500 interfaces monitored with SNMP
l 150 component monitor
l An unlimited number of interfaces polled using WMI

To learn about licensing for other products, see the Guide to SolarWinds Product Licenses.

page 13
Add polling engines to scale your SAM environment
In the Orion Platform, an Additional Polling Engine (APE) is a type of scalability engine that you can
add to any SAM environment, regardless of license type, to:

l Distribute polling away from the Main Polling Engine,

l Boost Orion Web Console performance, and
l Help ensure high availability.

If using node-based licensing in SAM 6.9.1 or later, you can add APEs at no extra licensing cost. Note
the following details about "included" APEs:

l They collect SAM and basic Orion Platform data only. For example, APEs can return application
metrics, plus basic node status and volume metrics, but not NPM interface data.
l If using a unified SAM license key (SAM 2020.2 and later), polling engine licenses are stacked
automatically, with built-in scalability. You can monitor up to 40,000 component monitors per
server at standard polling frequencies. If you exceed that limit, polling intervals are automatically
extended.
l APE port requirements match Main Polling Engine port requirements.

To learn more about APEs, see:

l Install an additional polling engine, additional web server, or high availability server
l Scalability Engine Guidelines for SolarWinds products

To maximize polling capacity, see SAM polling recommendations.

Still have questions? See SAM Licensing FAQs in the SolarWinds Success Center.

page 14
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

About Orion Platform features in SAM

The Orion Platform is at the core of the SolarWinds IT Management Portfolio. It provides a stable and
scalable architecture that includes data collection, processing, storage, and presentation. It also offers
common features such as user accounts, views, dashboards, and alerting that you can use across all
Orion Platform products, as summarized here.

After you install and configure SAM to specify what you want to monitor, you need to wait a few
minutes for the Orion Platform to collect data from the servers and applications via Discovery. In the
meantime, review this section for details that may be helpful as you explore your SAM environment.

Orion Platform basics

Log into SAM in a web browser to display the Orion Web Console where you'll configure and
manage your environment. Accessible from any computer connected to the Internet, the Orion
Web Console includes views (individual pages) and widgets (informational blocks that make up
views). To learn more, watch Navigating the Web Console (4:41).

Review Events to find out what is going on in your environment.

Use the Log Viewer to see an overview of syslogs or SNMP traps. The Log Viewer replaces
Syslog Viewer, or SNMP Trap Viewer in the Orion Web Console and as a stand-alone
application.

Get alerts about issues in your environment and generate reports. See Explore alerts and
reports.

Manage Orion Web Console user accounts to set user rights, reset passwords, limit access to
network segments, and enable authentication with Active Directory.

View monitored objects on maps in the Orion Web Console.

Add nodes that you want to monitor

Specify what you want to monitor and the data you need, and then get the information. See
Discover and add devices.

Add single nodes, use Active Directory domain controllers to add nodes, or discover devices on
your network automatically. Available polling methods include WMI, SNMP, ICMP, or agents
deployed on Windows, Linux, and AIX devices.

Manage monitored nodes by editing properties, setting polling methods, toggling monitoring on
and off, or muting alerts.

page 15
Customize your SAM environment

Customize dashboards, colors, logo, views, widgets, and charts in the Orion Web Console.
Specify what other users can see on modern dashboards and views, as well as what type of
data appears for different objects.

Set up widgets to show the data you want in the way most useful to you.

Create custom properties for nodes and applications. For example, add a custom property to
identify IIS nodes.

Create groups and dependencies to organize how monitored data is presented in the Orion Web
Console. Set up dependencies to better represent the relationships between network objects
and account for constraints on the network.

Set thresholds for monitored metrics. Customize general thresholds or use baselines.

Monitor additional metrics and nodes

Monitor your virtual infrastructure in supported environments, including Amazon Web Services
(AWS), Azure, ESXI, ESX, Microsoft Hyper-V , Nutanix, and VMware.

Monitor cloud instances and VMs for AWS and Azure.

Monitor container services for Docker, Docker Swarm, Kubernetes, and Apache Mesos.

Monitor hardware health for insight into hardware issues on Dell, HP, HPE ProLiant, IBM, and
Cisco UCS devices. You can also monitor hardware health for Nutanix clusters with Hyper-V
and VMware hosts.

Use the Quality of Experience (QoE) dashboard to monitor traffic on your network with Packet
Analysis Sensors.

Expand Orion Platform functionality or scale your deployment

Do you need to scale your deployment? See Scalability Engine Guidelines and review tips to
optimize your deployment.

Expand monitoring across low-bandwidth or high-latency network connections with Orion

Remote Collectors.

Balance the load on polling engines by specifying nodes to be polled by individual polling
engines. See also Manage Additional Polling Engines.

Use SolarWinds High Availability to provide failover protection for your Orion server and
Additional Polling Engines (APEs).

page 16
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Troubleshoot your environment

Investigate issues in Performance Analysis (PerfStack™) dashboards.

Use alerts to monitor your environment. See also Reduce alerting noise and learn about
generating Service Desk incidents from alerts.

Maintain the SolarWinds Orion database and use the Active Diagnostics tool.

For quick reference, here are additional links to Orion Platform Administrator Guide content:

l Administrative functions
l Alerts
l Cisco UCS hardware health monitoring
l Cloud monitoring
l Container monitoring
l Custom monitors, including Device Studio and Universal Device Pollers (UnDPs)
l Custom properties
l Discovery
l Hardware health monitoring
l High Availability (HA)
l Maps, including Network Atlas, Orion Maps, and Worldwide Map
l Nutanix hardware health monitoring
l Orion agents for Windows, Linux, and AIX
l Orion database
l Orion Log Viewer
l Performance Analysis (PerfStack) dashboards
l Polling engines
l Quality of Experience (QoE) dashboard
l Reports
l ServiceNow
l Thresholds
l User accounts
l Virtualization

page 17
Use Orion Remote Collectors with SAM
In node-based licensed deployments of SAM 2020.2.1 or later, you can deploy Orion Remote
Collectors (ORCs) to distribute monitoring loads. These lightweight polling engines:

l Use Orion agent technology to communicate with the Orion Platform.

l Do not require a direct connection to the Orion database.
l Are easy to deploy in remote locations, thanks to their simplified architecture.
l Can poll and store data up to 24 hours with no connection to the polling engine, making them
useful for unreliable networks, DMZs, and devices that don’t support agents.

Polling jobs run independently of the Main Polling Engine and any Additional Polling Engines (APEs).
Results are stored locally, and then forwarded to the Orion server via agents.

Note the following details about using Orion Remote Collectors with SAM:

l You cannot add ORCs to nodes already being monitored by Orion agents (for example, via
AppInsight for IIS).
l In Network Automation Manager (NAM) deployments that combine NPM and SAM, ORCs are
used for supported SAM features only.
l The following SAM features do not currently support ORC polling:
o API Poller monitoring

o AppOptics integrations on AppInsight for IIS nodes

o Container monitoring

o Hardware Health monitoring for UCS or Nutanix devices

o JMX monitoring

l The following SAM component monitors do not currently support ORC polling:
o JMX Monitor

o MAPI User Experience Monitor

o Nagios Script Monitor

o NNTP Monitor

o Oracle User Experience Monitor

o RADIUS User Experience Monitor

o TACACS+ User Experience Monitor

page 18
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To display ORCs currently deployed in your environment:

1. Click Settings > All Settings > Manage Agents.

2. On the Manage Agents page, click the Remote Collectors tab.

To learn more about Orion Remote Collectors, see the Scalability Engine Guidelines.

Log into the Orion Web Console to use SAM

As with all Orion Platform products, you can access SAM by logging into the Orion Web Console to do
everything from adding nodes to discovering applications for monitoring, and setting up alerts.

In a web browser, navigate to http://hostnameOrIPAddress:port where:

l hostnameOrIPAddress is the hostname or IP address of the main Orion server.

l port is the Orion Web Console port defined during installation. The default port is 8787.

On the Orion Web Console login page, provide a User name and Password, and then click Login.

If you're an administrator logging into a new installation of SAM for the first time, you'll be
prompted to add a password to the main Admin account.

page 19
Discover servers in your SAM environment
After you install SAM, identify the servers you want to monitor and add them to the SolarWinds Orion
database as nodes. There are several ways to add nodes, including

l Use the Discovery Wizard (also called the Network Sonar Wizard) to detect a large number of
devices across your enterprise, and then add discovered devices with the Network Sonar
Results Wizard.
l Add nodes by querying your Active Directory domain controller
l Add individual nodes in the Manage Nodes view.

See the SAM Getting Started Guide for details about adding servers. The Orion Platform Administrator
Guide also provides details about Discovery, as well as how to configure polling methods, schedule
future Discoveries, and group objects.

To configure specific types of servers for SAM monitoring, see the following topics in the
SAM Template Reference:

l Configure Linux/Unix systems for monitoring by the Orion agent in SAM

l Configure Java applications servers and JVMs for SAM monitoring
l Configure Oracle database servers for SAM monitoring

When finished adding and configuring servers, you can start discovering applications in your
environment.

page 20
Discover applications in your SAM environment
SolarWinds SAM can scan nodes and automatically assign application monitor templates to them, or
you can add application monitors to nodes manually. After polling begins, customize the data that
appears in the Orion Web Console and drill down to display more in-depth data, as described in the
following topics:

l Use the Application Discovery wizard to add multiple nodes in SAM: Discover applications in
your environment and assign templates automatically.
l Add application monitors to individual nodes in SAM: Add application monitors to monitored
nodes individually.
l Customize Application Details views in SAM: Tailor the data displayed for applications hosted
on specific nodes.
l Customize Application Summary views in SAM: Use filters to adjust widgets that appear in
Application Summary views.
l Add SAM data to the Node Details view: Modify Node Details views to display SAM widgets.
l View node and application data in SAM tooltips: Hover over nodes and application data to
display more data.

Use the Application Discovery wizard to add multiple nodes

in SAM
You can use the Application Discovery wizard to scan nodes and automatically assign the application
monitor templates it deems suitable for each scanned node. You control the nodes to be scanned, the
templates that can be assigned, and the scanning parameters that determine a match.

Before proceeding, note the following details:

l In larger environments, adding many applications at once can take a great deal of time. Consider
limiting parameters.
l Some application monitor templates require credentials either to access restricted resources, or
to run within the context of a specific user. If your domains share user names with different
passwords, SolarWinds recommends running this wizard separately for each domain.

For a quick overview, watch this video (4:21).

page 21
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To use the Application Discovery wizard:

1. Click Settings > All Settings > Discovery Central.

2. On the Discovery Central page, scroll down and click Discover Applications.
3. On the Select Nodes tab, select a Group By value, expand the node groups, select the nodes
you want to scan, and then click Next.
4. Select the applications to locate in the scan. You can use the Show only drop-down list to filter
the application monitor template list.
To adjust the template assignment criteria, expand Advanced Scan Settings and move the slider
to the desired setting:
l Minimal Match - At least one component must match to assign the template.
l Partial Match - Some of the components must match to assign the template.
l Strong Match - Most of the components must match to assign the template.
l Exact Match - All components must match to assign the template.
5. Click Next to advance to the Enter Credentials tab.
6. Some application monitor templates require credentials either to access restricted resources, or
to run within the context of a specific user. To scan for these templates, add the necessary
credentials to the list. If a template you are scanning for requires credentials, the credentials in
this list are tried in the order in which they appear.
7. If your domains share user names with different passwords, SolarWinds recommends that you
run separate application discoveries for each domain. After entering credentials, click Next.

Credentials are tried several times during a scan, so an incorrect password may lock out
an account. To avoid potential account lockouts that affect actual users, SolarWinds
recommends that you create and use service accounts for monitoring purposes. That way,
no actual user will be affected by an account lockout if a password is entered incorrectly.

8. Review the summary for the scan. If the wizard finds templates that are already assigned to the
node, by default the template is not assigned a second time. If you want to assign duplicate
templates, select "Yes, Assign Anyway" from the duplicates list.
9. Click Start Scan to begin the scan, which runs in the background. To check the progress, click
the Bell icon at the top of the page.

A message appears when scanning is complete. Click More Details to see the results of the scan.
Click Application Summary to display the summary page.

page 22
Add application monitors to individual nodes in SAM
As described in the SAM Administrator Guide, there are several ways to add an application monitor to
a node, including using the Add Node Wizard. After the Orion Platform discovers available resources
on a new node and you select what to monitor, you'll be prompted to add application monitors for
application(s) on the new node. Later, you can modify the assigned application monitors for a node, as
necessary.

Click here for short video about adding individual nodes. To learn about SAM templates and
application monitors, click here.

To use the Add Node wizard to add an application monitor to a node:

1. To add a node, click Settings > All Settings > Add Node.

2. When the Add Node Wizard appears, provide details on the Define Node tab, and then click
Next.
3. On the Choose Resources tab, select what you want to monitor.
4. On the Add Application Monitors tab, use the Show Only drop-down list to select a category of
application monitors and display a list of Component Types.

5. Select the application monitor(s) you want to assign.

6. Select or enter the appropriate credentials, and then click Next.
7. On the Change Properties page, modify information as needed.
8. Click OK to finish adding the node.

page 23
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Customize Application Details views in SAM

Applications inherit the custom view setting from SAM templates in the same way as other template
settings. You can customize the templates through overrides or by creating a copy of the template and
editing that content.

1. Click Settings > All Settings > SAM Settings > Manage Application Monitors.
2. Find an assigned Application Monitor without a Custom View.
3. Return to Applications > SAM Summary then click the Application Monitor to view its Application
Details view.
4. Click Customize Page, then proceed with your customizations.

Create a custom Application Details view

You can select and create a custom Application Details view for different applications. This custom
view is applied at the template level. Applications inherit the custom view setting from their templates
in the same way as other template settings.

1. Click Settings > All Settings > SAM Settings > Manage Application Monitors.
2. Select an Application Monitor and then click Edit Properties.
3. Click Modify Template Settings in the field Custom Application Details View.
4. Select "Yes, use < TemplateName > Details View in the field Custom Application Details View".
5. Click Submit, then click the name of the assigned Application Monitor to view its Application
Details view.
6. Click Customize Page and proceed with your customizations.

After creating a customized application details view for a template, you can change the Custom
Application Details View setting in the template properties to switch between the default view and the
custom view.

Select a view for a template

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Select a template and then click Edit.
3. If you want applications based on this template to use the default view, set Custom Application
Details View to "No, use Default Application Details View".

page 24
 4. If you want applications based on this template to use the custom view, set Custom Application
Details View to "Yes, use <TemplateName> Details View" where <TemplateName> is the name
of the selected template.
5. Click Submit.

Select a view for an application

1. Click Settings > All Settings > SAM Settings > Manage Application Monitors.
2. Select an Application Monitor and then click Edit Properties.
3. Click Modify Template Settings in the field Custom Application Details View.
4. If you want this application to use the default view, set Custom Application Details View to "No,
use Default Application Details View."

5. If you want this application to use the custom view, set Custom Application Details View to "Yes,
use <TemplateName> Details View" where <TemplateName> is the name of the selected
template.
6. Click Submit.

Customize Application Summary views in SAM

Orion Web Console views are configurable presentations of network information that can include
maps, charts, summary lists, reports, events, and links to other resources.

In SAM, the Application Summary view provides additional details about your applications and
servers, such as related alerts, potential warranty issues on servers, and Top 10 lists to keep you up-
to-date on your busiest servers. The page includes various default widgets (formerly called
"resources") that you can customize as necessary.

You can edit the current SAM Application Summary view, or create a custom view. For details, see
How custom views work in the Orion Platform.

Watch a video about the customizing SAM views and widgets.

View node and application data in SAM tooltips

You can hover over objects such as nodes and groups to view additional details in overlays called
tooltips. These tooltips also include SAM-specific data, providing at-a-glance updates for quick
responses. Click an object to open its Details page that shows more data, along with alert and
management options.

page 25
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Node tooltips
Tooltip data Details
Node Status Current status of the node (for example, Up, Down, Unknown, or Warning).

You can adjust node status settings. See Calculate node status in the
Orion Platform.

Polling IP Address The IP address currently assigned to the node.

Machine Type The vendor icon and vendor description of the node.

Average Response The measured average response time of selected node, as of the last node
Time poll.

Packet Loss The percent of all transmitted packets lost by the node, as of the last node
poll.

CPU Load The percent of available processing capacity that is currently used, as of the
last node poll.

Memory Used The percent of available memory that is currently used, as of the last node
poll.

# of Running VMs Number of running VMs and total VMs.

ESX Host Status Status of the ESX Host.

Application tooltips
Tooltip data Details

App Name The name of the application

App Status The status of the application: up, down, unknown, warning, or critical

Server Status Operational status of the server: up, down, warning, unplugged, or
unmanaged

Components with List of the components with problems and their statuses
problems

page 26
Add SAM data to the Node Details view
Starting in SAM 2020.2, a new dashboard framework provides greater flexibility for displaying
data. To learn more, see Customize dashboards in the Orion Platform Administrator Guide.

To view SAM data, including application and component monitor information, you can edit the Node
Details - Summary view to include relevant views and widgets.

1. Click Settings > Manage Dashboards.

2. Select the Node Details - Summary and click Edit.
3. On the Customize Node Details view, click [+] in the column where you want to add widgets.
To list SAM-specific widgets on the Add Resource page, select the Group By Classic Category
and select SAM Application Summary Resources.

page 27
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

4. Click Add Selected Resources to save all selections to the column.

5. Click Done.

To learn about customizing views and widgets, see the Orion Platform Administrator Guide.

page 28
Monitor your environment with SAM
SAM offers immediate insight into the performance of your servers and applications. As you view data,
you can investigate further to examine alerts, forecast usage, and modify configurations. Summary
pages display high-level events and alerts, along with performance data for monitored nodes that
represent traditional servers, VMs, applications, Nutanix clusters, and more.

Use links in widgets to drill down further and see details such as server resources, allocated virtual
resources, application performance, and OS metrics. To monitor immediate needs in your
environment, you can:

l Click the bell icon at the top of the Orion Web Console to view notifications.
l Click Alerts & Activity > Message Center to display events and alerts.

This section includes the following topics:

l Monitor with Orion agents in SAM

l Monitor your virtual infrastructure in SAM
l Monitor your environment using AppStack
l Use API pollers to monitor metrics via remote APIs in SAM
l Monitor application dependencies in SAM
l Monitor hardware health in SAM

page 29
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Use alerts to monitor your SAM environment

l Monitor processes, services, tasks, and events in real time

For more SAM monitoring details, see Monitor with AppInsight applications and Use SAM templates,
application monitors, and component monitors.

The Orion Platform Administrator Guide describes functionality available in many products, such as
how to:

l Monitor cloud instances and VMs

l Monitor container services
l Monitor Cisco UCS devices
l Group monitored objects
l View events, alerts, traps, and Syslogs in the Orion Web Console Message Center
l Use Performance Analysis (PerfStack™) dashboards
l Monitor SNMP traps
l Use Orion Log Viewer.
l Monitor Quality of Experience (QOE) metrics
l Integrate SAM with ServiceNow® to generate tickets based on critical events and alerts

Monitor with Orion agents in SAM

An Orion agent is software that provides a communication channel between the Orion server and
Windows, Linux/Unix, or AIX systems, as an alternative to WMI or SNMP to gather status and metrics
about your key devices and applications. Orion agents can be useful in environments where
conventional agentless monitoring techniques are either impractical or impossible to leverage, such
as in these scenarios:

l Monitoring Windows hosts within a DMZ over a single fixed port,

l Monitoring servers in remote branch offices over high latency, low bandwidth connections, or
l Monitoring servers hosted in cloud-based services, such as Amazon EC2, Azure, or Rackspace.

Some benefits of using Orion agents for SAM polling include:

l Encryption: Neither standard SNMP nor WMI include encryption, as mandated by security
standards of many environments.
l Speed: Agentless protocols such as WMI and RPC were originally created for LANs, not the
Internet. Orion agents use HTTPS, which is bandwidth-efficient and latency-friendly.
l Reliability: Agents run independently of the Orion server, continuing to monitor hosts even if a
network outage occurs. For up to 24 hours, an agent can continue running and all polled data
remains cached on the agent. When connectivity is restored, the agent uploads collected
statistics to the Orion server, filling in gaps in charts.

page 30
 l Flexibility: With agents, you can run Perl, VBScript, and any other Windows script language
remotely using the Windows Script Monitor. Otherwise, all Windows Script Monitors execute
locally on the Orion server itself; the agent allows you to execute those scripts on the machine
where the agent is installed.
l Fewer ports: WMI requires several open ports to function properly but Orion agents can use
"Server Initiated" mode to operate over a single port. TCP port 17790 listens on the host where
the agent is installed while the Orion server polls information in a similar fashion to SNMP or
RPC. No ports need to be opened inbound to the internal network from the DMZ, and all
communication occurs across a single NAT-friendly port.
l Cloud-friendly: Monitoring cloud-based applications and servers using traditional agentless
protocols presents many issues. In addition to the encryption and port issues mentioned above,
WMI cannot traverse NAT boundaries and its frequent communication doesn't tolerate
bandwidth congestion or high latency conditions well. Also, many ISPs block RPC traffic to
guard against hackers.

To effectively monitor Linux/Unix systems with the Orion agent for Linux, additional
configuration may be required. See Configure SNMP for Orion agents on Linux/Unix systems
and Configure Linux/Unix systems for the Orion agent for Linux.

Additional resources about agents include:

l Poll devices with SolarWinds Orion agents (Orion Platform Administrator Guide)
l SolarWinds Orion agent requirements (Orion Platform Administrator Guide)
l 2014 THWACK post introducing agents
l Orion AIX Agent (THWACK)

Deploying a large quantity of agents? Learn about mass deployment using MST files and a
Group Policy.

page 31
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Override agent and agentless monitoring

You can override data collection behavior in specific instances to collect data through a preferred
polling method as agent or agentless, , depending on the template, application monitor, or component
monitor. For example, in a User Experience Monitor template, you may not want to measure response
time locally from the server where the application is installed. If so, switch the template to agentless
polling.

Generally, agents provide richer data streams while adding load to an application, while agentless
polling pulls limited data (based on the API and security access permissions) but can isolate the load
to an external resource and does not impact applications as much.

Agentless monitoring also has benefits — no additional software to deploy, manage, or maintain; less
resource contention on target servers; faster setup; fewer security concerns. Regarding agent vs.
agentless monitoring for templates, application monitors, and component monitors, pick the best
option for your environment.

Different features are available based on monitoring methods, as described in these articles:

l Decide between agent vs. agentless polling methods

l Comparison of Windows agent versus agentless, using SNMP or WMI
l Comparison of Linux agent versus agentless
l Comparison of AIX agent versus agentless

Use Orion agents to run scripts on remote systems

When working with SAM application monitor templates and individual application monitors assigned
to nodes, agentless polling executes locally on the Orion server or Additional Polling Engines (APEs),
by default.

If you deploy an Orion agent to a node and use Agent as the Preferred Polling method for an
application monitor, you can use a Windows Script Monitor to run scripts in Perl, VBScript, or any
other supported script language directly on the target node. For Powershell scripts, you can use a
PowerShell Script Monitor to execute scripts on the target node without the need to configure WinRM
to support remote PowerShell execution.

page 32
To summarize:

l With agentless polling, scripts run on the Orion server or an APE. Target nodes must be set up to
accept remote commands.
l With Orion agent polling, scripts can run directly on target nodes.

Many templates and application monitors include a Preferred Polling Method option in Advanced
settings, as shown in this example from the File Count Script template:

Templates that support Orion agents

As described in Manage SAM templates and component monitors, each SAM template is a collection
of component monitors designed to monitor servers or applications. Templates include a variety of
options based on OS, applications, and services that you can configure to collect and monitor data for
managed nodes.

The following templates support the Orion Agent for Windows:

l Active Directory templates (all)

l Apache (Windows)
l APC PowerChute Agent (Windows)
l AppInsight for Active Directory
l AppInsight for Exchange

page 33
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l AppInsight for IIS

l AppInsight for SQL
l BlackBerry Enterprise Server 10 Services (Windows)
l BlackBerry Enterprise Server 12 Services (Windows)
l Citrix XenApp and XenDesktop 7.x (Advanced)
l Citrix XenApp and XenDesktop 7.x (Events)
l Citrix XenApp and XenDesktop 7.x (Performance Counters)
l Citrix XenApp and XenDesktop 7.x (Services)
l Errors in Application Event Log
l Exchange templates (all)
l GoodLink Server for Microsoft Exchange
l Helix Universal Media Server (Windows)
l Internet Information Service (IIS) 6
l Microsoft templates (all)

The following templates support the Orion Agent for Linux:

l Apache
l CUPS
l GlassFish (JMX)
l IBM DB2
l IBM WebSphere (JMX)
l JBoss (JMX)
l Linux CPU Monitoring Perl
l Linux Disk Monitoring Perl
l Linux Memory Monitoring Perl
l MySQL (5.7.9 or later) for Linux/Unix
l MySQL (5.7.8 or earlier) for Linux/Unix
l MySQL 8.0 Metrics for Linux/Unix
l MySQL 8.0 Service Availability on Linux/Unix
l Nagios Linux File & Directory Count Script
l Oracle Database
l Oracle WebLogic (JMX)
l PostgreSQL
l Squid (Linux and Unix)
l Tomcat Server

Make sure target systems are configured to support the Orion agent for Linux.

page 34
The following templates support the Orion Agent for AIX:

l AIX template
l AIX LPD template
l Nagios Linux File & Directory Count Script

Component monitors that support Orion agents

The following component monitors support the Orion Agent for Windows:

l DNS Monitor - TCP

l DNS Monitor - UDP
l DNS User Experience Monitor
l Download Speed Monitor
l Exchange Web Services User Experience Monitor
l File Age Monitor
l File Change Monitor
l File Count Monitor
l File Existence Monitor
l File Size Monitor
l FTP Monitor
l FTP User Experience Monitor
l HTTP Monitor
l HTTP Form Login Monitor
l HTTPS Monitor
l IMAP4 Monitor
l IMAP4 User Experience Monitor
l JMX Monitor
l LDAP User Experience Monitor
l MAPI User Experience Monitor
l NNTP
l ODBC User Experience Monitor
l Oracle User Experience Monitor
l Performance Counter Monitor
l POP3 Monitor
l POP3 User Experience Monitor
l Process Monitor
l Process Monitor - Windows
l RADIUS User Experience Monitor

page 35
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l SMTP Monitor
l SOAP Monitor
l SQL Server User Experience Monitor
l SSL Certificate Expiration Date Monitor
l TACACS+ User Experience Monitor
l TCP Port Monitor
l VMware Performance Counter Monitor
l Web Link Monitor
l Windows Event Log Monitor
l Windows PowerShell Monitor
l Windows Script Monitor
l Windows Service Monitor
l WMI Monitor

See also Comparison of Windows agent versus agentless, using SNMP or WMI.

The following component monitors support the Orion Agent for Linux:

l Directory Size Monitor

l DNS User Experience Monitor
l File Age Monitor
l File Change Monitor
l File Count Monitor
l File Existence Monitor
l File Size Monitor
l HTTP User Experience Monitor
l HTTPS User Experience Monitor
l JMX Monitor
l Linux/Unix Script Monitor
l Nagios Script Monitor
l ODBC User Experience Monitor
l Oracle User Experience Monitor
l Process Monitor
l SNMP Monitor
l SOAP Monitor
l TCP Port Monitor
l Tomcat Server Monitor

Make sure target systems are configured to support the Orion agent for Linux.

page 36
 See also Comparison of Linux agent versus agentless.

The following component monitors support the Orion Agent for AIX:

l Directory Size Monitor

l DNS User Experience Monitor
l File Age Monitor
l File Change Monitor
l File Count Monitor
l File Existence Monitor
l File Size Monitor
l HTTP Monitor
l HTTPS Monitor
l JMX Monitor
l Linux/Unix Script Monitor
l Nagios Script Monitor
l ODBC User Experience Monitor
l Oracle User Experience Monitor
l Process Monitor
l SOAP Monitor
l SNMP Monitor

o SNMPv3 with encrypted mode is not supported.

o To poll SNMP details correctly, manually enable the SNMP daemon.

l TCP Port Monitor

l Tomcat Server Monitor

See also Comparison of AIX agent versus agentless.

Configure SNMP for Orion agents on Linux/Unix systems

As described in Poll devices with SolarWinds Orion agents, the Orion Platform uses agents to provide
a communication channel between the Orion server and Linux/Unix systems for many purposes, such
as:

l Polling interface data for Node Details view widgets

l Hardware health monitoring in NPM, SAM, and VMAN
l Polling by the SNMP component monitor
l Asset Inventory monitoring in SAM

page 37
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Click here for a list of Linux/Unix systems that support the Orion agents for Linux and AIX.
Additional details for specific environments such as Apache, Tomcat, and JMX is provided in
Configure Linux/Unix systems for the Orion agent for Linux in the SAM Template Reference.

The Orion Platform automatically configures SNMP on Linux/Unix systems when Discovery detects
new or updated nodes, depending on your Network Discovery settings. You can also click List
Resources in the Management widget on the Node Details view to trigger auto-configuration.

During auto-configuration, the Orion Platform performs the following tasks:

l Checks for an SNMP daemon on the target system.

l Configures the snmpd service to start automatically after the system reboots.
l Checks the snmpd.conf file for an agent-owned community string. If no string exists, a randomly
generated SNMP v2 community string is added and SNMP restarts.

For example:

### BEGIN SolarWinds Agent SNMP auto config

rocommunity 36343901-D61F-4C72-B860-A8E18DD892E4 localhost
### END SolarWinds Agent SNMP auto config

To support agent configuration, you may need to install SNMP daemons on Linux/Unix systems (as
described next) or enable SNMP daemons on AIX systems. If an agent detects existing SNMP
community strings for SNMP v3, it won't modify the configuration automatically. Instead, you'll need to
provide SNMP credentials manually at the node level to allow access. See Configure SNMP v3 on
Linux/Unix systems.

Install SNMP daemons on Linux/Unix systems

As mentioned earlier, Orion agents configure SNMP automatically for Linux/Unix systems that host
SNMP daemons. If you need to install the SNMP daemon, use one of the following commands based
on the Linux/Unix distribution type.

l For Ubuntu: sudo apt-get -y install snmpd

l For Red Hat/CentOS: yum -y install net-snmp
l For SUSE: zypper -y install net-snmp

If a SNMP daemon is not installed, SNMP cannot be configured.

Enable SNMP daemons on AIX systems

Orion Agent auto-configuration is not currently supported on AIX systems, so you'll need to update the
configuration manually.

AIX does not support polling SNMP v3 in encrypted mode.

page 38
To enable the SNMP daemon, update the configuration file in /etc/snmpdv3.conf which configures
snmpv1, v2c, and v3 access, as shown in the following example:

# Two snmpv1 community strings: public commstr1

VACM_GROUP group1 SNMPv1 public -

VACM_GROUP group1 SNMPv1 commstr1 -

VACM_VIEW group1view internet - included -

VACM_ACCESS group1 - - noAuthNoPriv SNMPv1 group1view - - -

COMMUNITY public public noAuthNoPriv 0.0.0.0 0.0.0.0 -

COMMUNITY commstr1 commstr1 noAuthNoPriv 0.0.0.0 0.0.0.0 -

# snmpv2c community string: swiagent

VACM_GROUP group2 SNMPv2c swiagent -

VACM_VIEW group2view internet - included -

VACM_ACCESS group2 - - noAuthNoPriv SNMPv2c group2view - - -

COMMUNITY swiagent swiagent - 0.0.0.0 0.0.0.0 -

COMMUNITY public public - 0.0.0.0 0.0.0.0 -

# snmpv3 user with no authorization: user1

USM_USER user1 - none - - - - -

VACM_GROUP group4 USM user1 -

VACM_VIEW group4view internet - included -

VACM_ACCESS group4 - - noAuthNoPriv USM group4view - - -

DEFAULT_SECURITY no-access - -

logging file=/usr/tmp/snmpdv3.log enabled

logging size=100000 level=3

Test the SNMP configuration

To test the configuration for SNMP v1 requests, use snmpdinfo.

page 39
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To test v2c and v3 requests, use clsnmp for v2c and v3 requests and configure /etc/clsnmp.conf,
as shown in this example that matches the previous example.

v2cstring localhost snmpv2c

v3user_noauth localhost snmpv3 user1 - - - - - - -

Configure SNMP v3 on Linux/Unix systems

Orion agents support both SNMP v2 and v3. However, if an agent detects that SNMP v3 is already
configured, it won't modify the existing configuration automatically. Instead, you'll need to provide
SNMP credentials manually at the node level to allow access.

Wait until agents are deployed to test credentials. To check agent status, click Settings > All
Settings > Manage Agents.

Add SNMP credentials

To add SNMP credentials to a new node being added to the Orion Platform:

1. Click Settings > Manage Nodes > Add Node.

2. Select Windows & Unix/Linux Servers: Agent as the Polling Method.
3. Provide node credentials and enable the Include SNMP Credentials option.
4. Follow on-screen instructions to complete the Add Node wizard.

To add SNMP credentials to an existing node, click Edit Node on the Node Details view.

Test credentials

After the agent is deployed, click Edit Node on the Node Details view to test credentials. Make sure
the Include SNMP Credentials option is enabled, review credentials, and click Test.

page 40
Encrypt credentials

To encrypt SNMP credentials, install a common Python extension, pycrypto, on the target machine,
as shown in this example:

PyCrypto installation on ubuntu

apt-get install python-pip
pip install pycrypto

The Orion agent for AIX does not support polling SNMP v3 in encrypted mode.

page 41
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Monitor your virtual infrastructure in SAM

You can use SAM to monitor hosts and virtual machines (VMs) directly in the Orion Web Console for
supported environments, including Amazon Web Services (AWS), Azure, ESXI, ESX, Microsoft
Hyper-V, Nutanix, and VMware vSphere.

Virtual monitoring capabilities in SAM include:

l Displaying Up/Down status, Top 10 counters, and performance metrics such as CPU, memory,
average response time, and packet loss.
l Monitoring hardware health for Nutanix clusters, along with child Hyper-V and VMware nodes.
l Monitoring cloud instances and VMs for AWS and Azure.
l Monitoring container services for Docker, Kubernetes, and Apache Mesos.

Prerequisites include:

l ICMP is enabled on virtual servers (recommended).

l Credentials for the Orion server exist on ESX servers.
l Your virtual infrastructure was already discovered.

To learn more, see Monitor your virtual infrastructure in the Orion Platform Administrator Guide.

Hardware health monitoring for VMware in SAM

You can poll VMware for hardware health data in two ways:

l Through vCenter, using the VMware native API interface.

l Directly by using the Computer Information Model (CIM) protocol.

When a scheduled Discovery of existing servers runs, SAM automatically collects data for any servers
that support Hardware health monitoring, including VMware ESX and ESXi servers that were added to
the Orion Platform using CIM protocol via port 5989. If SAM detects hardware monitoring agent
software on a VMware host, the option to monitor hardware health appears when you click the List
Resources link in the Management widget on the Node Details view, even if hardware data is already
being collected via vCenter using the VMware API. When this option appears for a VMware host,
enabling it does not change the hardware polling method when Poll for VMware is also selected.

Open port 5989 when polling VMware servers using the Common Information Model (CIM)
protocol.

page 42
If polling hosts though vCenter, you may not see the Hardware Health option listed when you click List
Resources, as these nodes tend to be ICMP. This data is automatically collected by SAM, when
available, through the VMware API. Make sure the vCenter Hardware Status plug-in is enabled in
vCenter so data is accessible through the VMware API, as shown below:

See also Troubleshoot hardware health monitoring for ESX host servers.

page 43
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Monitor your environment using AppStack

The Application Stack, or AppStack, refers to the various layers that make up a complex application
delivery infrastructure. The AppStack Environment view is an interactive visual mapping within the
Orion Platform that provides an in-depth perspective through an entire environment to help identify the
root cause of performance and availability issues.

AppStack automatically gathers information about objects in your environment, as well as their
respective relationships, and displays them in a customizable view. Some relationships, such as
groups and dependencies, can be customized.

To access AppStack, click My Dashboards > Home Environment. Adjust the view with filter options
and filter properties that you can save and reuse as layouts to display specific views of the AppStack.
Hover over an item to display related data and status in a tooltip. Click an item to drill down and
determine how it relates to other items in your environment. See AppStack data overview to
understand icons for at-a-glance monitoring.

The next section describes how to use AppStack as a troubleshooting tool. To further understand and
customize the AppStack Environment, see:

l AppStack Environment categories and data

l Customize the AppStack view in SAM
l Use filters for AppStack
l Create an AppStack layout in SAM
l AppStack data overview

page 44
Additional learning resources about AppStack include:

l A Geek's Guide to AppStack (THWACK)

l Introduction to AppStack (video)
l Find the Needle in the "AppStack": Troubleshooting Application Performance (video)

Use AppStack to troubleshoot issues in your environment

Using AppStack as a troubleshooting tool is fairly straightforward. Simply navigate to the AppStack
Environment view, and click an object to see related objects. To investigate further, navigate to the
Details page of the object or any related object.

For example, the illustration below displays all objects in the current environment. The application,
MSSQLSERVER, is in a Critical state, as indicated by its icon. To see what this application is related
to, click the MSSQLSERVER icon.

page 45
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

As you select objects in AppStack, the system automatically updates the view to highlight related
objects. In the following figure, MSSQLSERVER is selected so related objects are highlighted and
unrelated objects are dimmed:

To hide unrelated objects in the view, click Spotlight in the menu bar. You can also select an
individual object and click Spotlight to hide it.

To navigate to the Details page for a selected object, click the icon of the selected object next to the
chart at top or double-click the larger icon in the main view. You can review and managed the critical
and warning issues per node.

page 46
Introduction to the AppStack Environment view
The AppStack Environment view (also called "AppStack") provides you with a powerful layer of
troubleshooting visibility by exposing all participating objects in your environment, as well as their
relationships to one another. This view is useful in assessing the overall health of your environment,
as well as troubleshooting specific and related problems.

To help you better understand how this visualization of your environment can be used for
troubleshooting, the following analogy was designed to provide you with a simple, high-level overview
of how AppStack processes and displays information.

The AppStack Environment view analogy

Imagine you work for a company comprised of many employees that work in various departments. In
this example, you work in the Engineering department as an engineer:

page 47
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Now imagine you're sick and cannot work for two weeks. Certain employees in various departments
are affected by your absence. Others are not be affected. The illustration below highlights the
employees who are affected by your absence by fading those who are not affected.

Focusing on only the people who are affected by your absence can be beneficial from a task
management perspective. Therefore, completely hiding those not affected by your absence gives a
clean and concise view, displaying only the necessary information.

page 48
Now, instead of employees, imagine this is about your entire IT environment. The goal of the
AppStack Environment view is to help you quickly assess the impact a given object has on its related
objects. This relational view is the AppStack Environment view found in the Orion Web Console.

The AppStack Environment view

The AppStack Environment view, shown below, displays the status of individual objects in your IT
environment through the Orion web console. Objects are categorized and ordered from left to right,
with the worst status being shown on the left side of the view.

page 49
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Clicking an object shows everything related to that object by fading unrelated objects, as shown:

page 50
Clicking Spotlight removes the faded, unrelated objects from the view entirely.

Click the selected object at the top, or double-click it in the view to open the Details view for that object
for further investigation.

If your environment includes both SAM and SolarWinds Data Performance Analyzer (DPA), you
can use the DPA Integration Module (DPAIM) to visualize DPA data in AppStack. To learn
more, see Use the DPA Integration Module with SAM.

AppStack Environment categories and data

By default, the following categories appear in the AppStack Environment that you can access by
clicking My Dashboards > Home > Environment categories in the Orion Platform:

l Groups
l Containers
l Chassis
l Applications
l Database Instances
l Servers
l Hosts
l Virtual Clusters
l Virtual Data Centers

page 51
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Virtual Centers
l Volumes

Other Orion Platform products offer additional categories. Click Default Layout to adjust settings.

Category Status Summary indicators along the right side of page parse, enumerate, and display the
number of objects in each category, emphasizing the status as indicated by the colors.

Supported categories and data

The following matrix outlines categories associated with the AppStack Environment view, which vary
by SolarWinds product.

Category SRM SAM VMAN WPM DPA NPM Definition

Groups Manage your environment by

organizing monitored objects
logically into groups, regardless of
device type or location.

Containers Lightweight, executable packages of

software that include everything
needed to run an application: code,
system tools, system libraries, and
settings. Containers isolate
applications and their dependencies
into self-contained units that can run
anywhere without interfering with
each other.

Chassis A physical structure that houses one

or more servers.

Applications A collection of SAM component

monitors grouped together to collect
specific metrics concerning the
application as a whole.

page 52
Category SRM SAM VMAN WPM DPA NPM Definition

Database Database instances including

Instances Microsoft SQL, MySQL, and Oracle
appear if the SolarWinds DPA
Integration Module (DPAIM) is
configured in your environment.

Transactions A recording of web browser steps

assigned to a specific location in
SolarWinds WPM.

Steps A collection of actions in a

transaction created in WPM. For
example, the actions required to
navigate to a specific URL make up
one step. See How WPM works.

Servers A computer capable of accepting

requests from the client and giving
responses accordingly. The server
makes services, as access to data
files, programs, and peripheral
devices, available to workstations on
a network.

Hosts A server running a hypervisor for

virtualization that can host multiple
VMs.

Virtual A group of VMs installed at

Clusters distributed servers from one or more
physical clusters. VMs in a virtual
cluster are logically connected by a
virtual network across several
physical networks. Each virtual
cluster is formed with physical
machines or a VM hosted by multiple
physical clusters. See Monitor your
virtual infrastructure in SAM.

page 53
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Category SRM SAM VMAN WPM DPA NPM Definition

Virtual Data A centralized virtual repository to

Centers store, manage, and disseminate data
related to a particular body of
knowledge or pertaining to a
particular business.

Virtual A server that acts as a centralized

Centers management application to manage
VMs and ESXi.

Data Stores A repository is a set of data object

sets modeled using classes defined
in a database schema. A data store
may also store simpler types such as
flat files. Some data stores represent
data in only one schema, while
others use several schemas for this
task.

Volumes A volume, or logical drive, is a single

accessible storage area with a single
file system, typically resident on a
single partition of a hard disk.

LUNS A Logical Unit Number (LUN) is

used to identify a logical unit, which
is a device addressed by the SCSI or
SAN protocols that encapsulate
SCSI, such as Fibre Channel or
iSCSI. A LUN may be used with any
device which supports read/write
operations, such as a tape drive, but
usually refers to a logical disk
created on a SAN.

NAS Volumes Network-attached storage (NAS) is a

type of dedicated file storage device
that provides LAN users with
centralized, consolidated disk
storage through a standard Ethernet
connection.

page 54
Category SRM SAM VMAN WPM DPA NPM Definition

Pools A storage pool (also called a RAID

array) is a collection of disk drives
that become a logical entity. When
you create a storage pool, you select
the desired capacity (number of disk
drives) and assign a RAID level to it
which provides a redundancy level.

VServers A virtual storage server (VServer)

contains data volumes and one or
more logical interfaces (LIFs)
through which it serves data to
clients. A VServer can contain
multiple FlexVol volumes, or a single
Infinite Volume.

A VServer securely isolates the

shared virtualized data storage and
network, and appears as a single
dedicated server to its clients. Each
VServer has a separate
administrator authentication domain
and can be managed independently
by a VServer administrator.

Storage Consisting of two or more disk drives

Arrays built into a stand-alone unit, storage
arrays provide increased availability,
resiliency, and maintainability by
using existing components (such as
controllers and power supplies) to
the point where all single points of
failure are eliminated from the
design.

API Pollers Monitor metrics via external REST

APIs by sending automated API
requests to poll data from remote
APIs.

page 55
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

This AppStack example provides a sample of categories and multiple nodes in various health states:

AppStack data overview

There are several ways you can quickly determine object status in the AppStack Environment,
including:

l Object status and colors

l Quick links
l Overview bar

Object status and colors

The color of objects in AppStack indicate their current status, providing a quick summary of your
environment. Objects will be in one of the following states, indicated by icon color and shape.

Status Color Example

Down Red

Critical Pink

Warning Yellow

page 56
Status Color Example

Unknown Gray

Unreachable Black

Up Green

Other Blue -

External Purple -

You can only filter against statuses actively monitored in the AppStack. For example, if no
objects have a status of Down, the Down status is not available for filtering.

Servers can only provide an Up or Down status. To check CPU, memory, or hardware health status,
hover over the server icon to view the detailed tooltip. The reported status for applications and LUNs is
based on performance thresholds.

The AppStack Environment view offers a parent/child relationship. (Parents can be either servers or
hosts.) This relationship is represented as a mixed icon. The parent is the larger of the two icons that
is hosting the child. For example, the following illustration graphically shows that an application (child)
is Down on a node (parent) that is Up.

page 57
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Quick links
Use the Quick Links bar at the top of the AppStack to quickly open and close object categories. You
can also show or hide the names of objects with a distressed status.

Expand All

Open all categories to reveal objects in each category. Each category can be individually
expanded and collapsed by clicking [+] and [-] next to the category name.

Collapse All

Close all categories, hiding the objects within each category. Each category can be individually
expanded and collapsed by clicking [+] and [-] next to the category name.

page 58
Show/Hide Names

Toggle between showing and hiding the names for each object in a distressed state. If more
objects exist than can be displayed, the category name displays the number of displayed objects
followed by the total number of objects. For example, (87 of 111), meaning only 87 objects of
111 total objects in this category are being displayed. This provides a numerical summary of
your environment.

Click More (located after the last visible object in the category) to display the next 50 objects.

To change the default number of objects shown in each category, click Default Layout >
Change Layout Settings.

Overview bar
The Overview bar summarizes your environment in a compact space. If your view is currently filtered,
the filtered objects display above the Overview bar, as shown.

The doughnut chart in the Overview bar displays the ratio of objects to one another in all possible
states using indicative colored slices. The total number of objects in your environment is also
displayed.

Objects under the Issues header are parsed and enumerated according to status. Objects shown here
are in one of the following distressed states: Down, Critical, Warning, Unknown and Unreachable. An
icon and count only appear if one or more objects is currently in that state.

page 59
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Customize the AppStack view in SAM

To customize the AppStack view, click Default Layout > Change Layout Settings in the top right of the
page. Modifying settings can boost performance, such as limiting the amount of objects displayed,
hiding empty categories, and adjusting the update interval.

You may need to log in with an administrator account to perform this action.

You can modify the following settings:

l Limit on Up Objects Shown per Category: Objects in the AppStack Environment view are
ordered from left to right, with the worst status being shown on the left side of the view. Limit the
number of Up objects to provide more room for objects needing attention.
l Object Names: Displays distressed objects.
l Align Objects: By default, all objects are left-aligned.
l Show Category Status Summary: The Category Status Summary are the colored numbers to the
right of each category, indicating the number of objects in a particular state. This can visible at all
times, or only when categories are collapsed.
l Empty Categories: Select this option to hide categories with no objects, giving the view a
cleaner look.
l Update Interval: Change the time between AppStack refreshes.

page 60
Use filters for AppStack
You can filter AppStack data by status, display name, and applications to create different layouts for
data to speed troubleshooting for servers and virtual servers.

You may need to log in with an administrator account to perform this action.

Filter options
By default, every object displays in the AppStack Environment view. To display only objects with a
certain status, filter the view by selecting one or more statuses and then applying the filter. You can
also filter objects based on various properties, as well as keywords.

The filtering sidebar includes the following options:

Statuses only become available for filtering when an object in your environment is in that state.
For example, if no objects have a status of Down, the Down status will not be available when
filtering.

page 61
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Creating filters
Creating filters using the AppStack filter properties provides more options to refine the content
displayed in the AppStack.

1. Click My Dashboards > Environment, and then click [+] Add Filter Properties.
2. In the pop-up menu, select one or more objects from the Orion Object drop down list.

3. Click Add column to display the new filters.

Create an AppStack layout in SAM

A Layout is a user-defined filter with configured settings you can save and use when viewing the
AppStack. You can tailor layouts with filters to view specific objects of interest. A default layout is
provided that contains all currently monitored objects visible in the AppStack Environment. You
cannot modify the default layout. As you create and save layouts, load them via the Layout menu.

page 62
To create a layout:

1. Create a filter by selecting filter options in the sidebar or selecting filter properties.
2. Apply the filter to update the AppStack.
3. Under the Layout menu, click Save As New Layout. Enter a name and save.

You can modify the layout by making changes to the filter and clicking Save. If you want to save as a
new layout, click Save as New Layout. To remove a layout, select the layout as currently used and
select Delete this Layout.

For example, to create a Layout where only IIS objects in the AppStack Environment view are shown,
add the IIS filter property. Apply the filter and save it as a new layout.

The layout is added to the Layout menu, where you can easily navigate to it. The dot next to a layout
in the menu indicates the layout currently used.

page 63
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Use API pollers to monitor metrics via remote APIs in SAM

You can use the API Poller feature to monitor metrics via external REST APIs, providing an easier
way to collect data from a modern application stack. Define your API endpoints, pick the metrics you
want to monitor, provide credentials, and begin monitoring without the need for custom scripts.

Send and received automated API requests to quickly exchange data with APIs offered by cloud
services like Azure and Amazon Web Services (AWS), hardware vendors like Cisco and Nutanix, or
any entity that make its data available via API, including SolarWinds.

Some examples of how you could use this functionality include:

l Use SolarWinds AppOptics and Loggly APIs to tighten connections between SolarWinds
products in your environment.
l Use the Microsoft Graph API to increase visibility into the performance of apps being monitored
by Office 365 application templates in SAM.
l Use the Cisco UCS API to bolster blade server monitoring by adding metrics to what you already
collect for hardware health monitoring.
l Use the Nutanix API to check data resiliency by setting alert thresholds for the number of nodes
in monitored Nutanix clusters, or drill down into data endpoints to find metrics such as cluster
Read IOPs.
l Use the Orion SDK API to provide Orion Platform data to external teams, produce custom
dashboards for executives, or automate maps.

If you can access a remote API, you can send requests to it. Similar to tools like Postman, the
API Poller feature guides you through building an API poller that can include one or more
API requests. You need to know what each API provider requires in requests (for example, tokens),
but little coding knowledge is needed. The API Poller feature builds request URLs for you.

When SAM receives an API response, it parses the JSON payload to glean relevant data, assigns that
data to the monitored node, and displays metrics in several places throughout the Orion Web Console,
including:

l Node Details views: The API Poller widget displays the latest metrics being monitored for the
node with their status, as well as the name of the API poller monitoring the metric.
l PerfStack: Navigate directly to Performance Analysis dashboards from the API Poller widget on
the Node Details view to see historic API metric data.
l Orion Maps: Click a node with an assigned API poller to display monitored metrics.

page 64
Besides being easy to use, the API Poller feature provides the following benefits over standard
API tools:

l Select only the metrics you care about, such as those needed for troubleshooting purposes.
l Set warning and critical thresholds that trigger alerts in the Orion Web Console.
l Get started monitoring quickly with API Poller templates designed for popular APIs, such as
Microsoft 365 and Azure.

Note the following details about this feature:

l You can use macros and node-based custom properties in API requests.
l API pollers are child contributors for enhanced node status calculations.
l Allow time for API responses — the larger the data set, the longer the response time.
l This feature does not currently support Orion agent polling or Orion Remote Collectors.

Get started

To begin API monitoring:

1. Review requirements.

2. Navigate to the Manage API Poller page (Settings > All Settings > Manage API Pollers).
3. Add your first API poller. Alternatively, use an out-of-the-box API poller template.

More SolarWinds API poller templates are available in the SAM section of THWACK, as posted
by solarwinds_worldwide_llc and tagged with an API Poller label. For an example, see
the GitHub health status API Poller Template. After you download a template from THWACK,
you can import it into SAM on the Manage API Pollers page.

page 65
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

How the API Poller feature in SAM works

If you're new to API requests, review this section before creating your first API poller. This is only an
overview; for step-by-step details, see Add API pollers in SAM. For a real-world example, see API
poller use case: Monitor a Nutanix cluster.

SAM includes predefined API poller templates that you can use to monitor Azure, other
SolarWinds products, and more. See the SAM API Poller Template Guide for details.

You can use the API Poller feature to monitor metrics via external REST APIs. Define your API
endpoints, pick the metrics you want to monitor, set up any necessary authentication, and start
monitoring. Send and received automated API requests to quickly exchange data with APIs offered by
cloud services like Azure or any entity that make its data available via API, including SolarWinds.

Check API documentation and get credentials

After deciding which API you want to monitor, review the API documentation to learn about types of
data provided, endpoints where data is stored, and what you need to include in API requests, such as
tokens or specific headers.

Some cloud services limit the amount of free API requests per calendar month and charge for
extra requests in the remaining time frame. Check with your provider for details.

Add a managed external node

Use the Add Node wizard to add an external node where API pollers and received data can be stored.

Navigate to the API Poller page

To access the page where you can add an API poller:

1. Click Settings > All Settings > Manage API Pollers.

2. When the Manage API Poller page appears:

a. Click New.
b. Click the row for the node where you're adding the API poller.
c. Click Create API Poller.

page 66
Add a Request URL

When the API Poller page appears:

1. Select a Method for the request. The default is GET, which retrieves data from an external API.
2. Enter a Request URL.

The URL specifies the location on the remote API server where you want to access data, called an
endpoint. For example, the Orion SDK endpoint is
//##.###.##.###:17778/SolarWinds/InformationService/v3/, which includes these
elements:

l ##.###.##.###: The IP address of your Orion server.

l 17778: The HTTPS port for the Orion server.
l /SolarWinds/InformationService/v3/: The path for the SolarWinds Information Service
(SWIS) that provides API data for the Orion Platform.

Another API URL is https://api.appoptics.com/v1/metrics, for the SolarWinds AppOptics API.

API URLs are similar to browser URLs that you use every day. For example, if you're an Orion
Administrator logged into the main Orion server, you can type
https://localhost:17778/Orion/Login.aspx to access the Orion Web Console Login page.
The URL indicates that you have a secure HTTP connection to reach a server over a specific port and
that you're opening a specific form -- the Login page. API requests include much of the same
information.

page 67
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Configure API poller settings

Next, click Configure to add a name and description for the poller. In the API Poller settings dialog
box, you can also:

l Toggle SSL certification for the API host server on or off.

l Enable Orion proxy server settings in the request.
l Change the polling interval from the default value, 2 minutes.
l Specify the type of authorization used by the API.
l Add credentials.

Click Save when finished.

Send an initial request

Click Send request and wait for a response from the API.

This initial API request is sent from the web. Afterward, API polling occurs via the Main Polling
Engine (usually the Orion server) or an Additional Polling Engine, depending on the node
configuration.

page 68
Data appears in the Response area of the page, which may include Expand ( ) icons you can click to
display more data. A Monitor ( ) icon appears next to values that can be monitored.

A Response status code other than 200 indicates a failed request. Check the URL and settings
to correct them, if necessary, and then try again. Review API documentation again for
requirements. See also Troubleshoot API monitoring in SAM.

Starting in SAM 2020.2.1, you can monitor response headers, in addition to responses. For example,
the SolarWinds Service Desk API includes the latest count of active tickets in response headers.
Examine the SolarWinds Service Desk Incidents and Problems template to see how it leverages
response headers.

page 69
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Configure monitoring for the values retrieved from the API

Click the Monitor ( ) icon next to each value you want to monitor, and then define attributes for the
value in the dialog box that appears, including how you want to store the value, if a numeric or string
value is expected, and threshold levels. To learn more, see Configure monitored values in API pollers.

When finished, click Save to close the dialog box and return to the API Poller page, where you can
select more values to monitor, if necessary.

page 70
Save the API poller and wait for polling to finish

When you're finished setting up the API poller, click Save. After the next polling cycle is complete,
monitored values appear in the API Pollers widget on the Node Details view.

Within the API Poller widget, you can:

l Click the title of a metric to display only data for that specific metric in PerfStack.
l Click an API poller name to display related metrics in PerfStack.

page 71
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The status of a value appears as Unknown until the first successful poll occurs. It's also
possible that the monitored value is not licensed (for example, if your SAM license expired or no
SAM licenses are available).

See the following topics to learn more about API pollers:

l API poller requirements

l API poller licensing
l API methods
l API poller authorization and authentication
l SSL certificate validation for API pollers
l Configure monitored values in API pollers
l How monitored API metrics in SAM impact Node status
l API poller alerts

For some real-world examples, see Work with API pollers.

API poller requirements

Before creating your first API poller, review this section about what's required.

l Use an Orion account with Admin privileges.

l Make sure SAM licenses are available — each monitored metric consumes a license.
l Identify an existing managed SAM node to host the connection to the remote API.
o Alternatively, create an external node to serve as an application endpoint for a service

such as Azure. External nodes have fewer requirements; for example, no credentials are
required at the node level.
o If using the 30-day trial of SAM, you can use the node included in the evaluation version.

However, note that API pollers are child contributors for enhanced node status
calculations, so missing metrics will impact the status of that single node, which also
serves as the Orion server and Main Polling Engine.

HP ProLiant servers with an HP Integrated Lights-Out (iLO) REST API are not
supported due to a known HP issue, even if this workaround is applied (©
HP Enterprise Development LP, available at support.hpe.com, obtained on March 4,
2020).

In addition, most remote APIs have their own requirements. Review API provider documentation (see
these Useful APIs for SAM) to learn about types of data provided, where data is stored, and what you
need to include in API requests, such as tokens.

page 72
Specifically, you'll need to determine:

l Authentication and authorization requirements, including credentials

l The URL of the API
l Defined endpoints where API data is available
l Supported request URL formats

Some cloud services limit the amount of free API requests per calendar month and charge for
extra requests in the remaining time frame. Check with your provider for details.

API poller licensing

Each monitored metric returned by the API Poller feature counts against your SAM license. The way
licenses are consumed depends on your SAM license model, as described here.

If you have a node-based SAM license:

l Each node with at least one API-monitored metric counts as a managed SAM node.
l Each SAM node can host multiple API pollers that monitor at least one metric.
l The number of allowed monitored metrics matches the number of managed nodes allowed by
the license. For example, with a SAM100 license, you can monitor up to 100 API metrics.

You can monitor an unlimited number of component monitors with node-based SAM
licensing, regardless of what is being monitored with an API poller.

For example, with a node-based SAM10 license, you can either:

l Monitor 10 values with 1 API poller on 1 node, or

l Monitor 5 values with 2 API pollers on 1 node, or
l Diversify license consumption, as follows:
o Monitor 1 value with 1 API poller on 3 nodes,

o Monitor 2 values with 1 API poller on 1 node, and

o Monitor 1 value with 5 API pollers on 1 node.

In this example, 3 + 2 +5 = 10 consumed SAM licenses.

If you have a component-based SAM license:

l The number of monitored metrics does not impact the available number of application monitors
and component monitors.
l The number of allowed monitored metrics depends on how your component-based license maps
to an equivalent node-based license, as detailed next. For example, you can monitor up to 50
API metrics with an AL700 license.

page 73
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Node-based license tier Maximum number

Component-based license tier
equivalent of monitored metrics
AL150 SAM10 10

AL300 SAM25 25

AL700 SAM50 50

AL1100 SAM75 75

AL1500 SAM100 100

AL2500 SAM200 200

ALX SAM300 300

SAM400...* 400

* Additional node-based SAM license tiers are available, up to SAM5000 and beyond.

For both license types:

l The initial request to contact an API (often referred to as an "API call") is sent from the web, not a
polling engine. Until you select at least one metric to monitor, no license is consumed.
l API pollers stop updating metrics in the Orion Web Console if your SAM license expires. The
status of monitored metrics, as displayed in the API Poller widget, changes to Unknown.

What happens if you exceed license limits

If you exceed the license limit when adding monitored metrics to a new or existing API poller, a
message similar to the following appears. Any metrics above the limit are not monitored and the status
appears for metrics appears as Unknown in related widgets.

Review the API licensing details in this topic and adjust monitored metrics, as necessary.

page 74
 You can also use SolarWinds AppOptics to collect metrics via REST API calls. >> Learn more

API methods
When creating an API poller, your first step is selecting one of the following methods for the request.

l GET sends a request for data from a URL.

l POST creates a new record.

The method you use for an API request depends on:

l What you want to do, and

l What rights you have.

Similar to how you need different rights to perform various tasks in most applications, you need rights
to use different methods against a remote API and get a successful response. For example, to use a
GET request to retrieve data from the Orion SDK, no extra rights are required other than the Orion
account credentials included in the parent request. However, to send a POST request that creates a
new record, you typically require extra rights. For example, to use a POST request that adds a node to
the Orion database, your Orion account must have Node Management rights.

GET retrieves data from an API

The most common method for API requests, GET, retrieves data from a specific endpoint within an
API. If the request is successful, data is returned in a response payload. Most GET requests include
some form of authorization in their headers; check the API documentation for details.

Here is an example of a GET request sent to the Orion API, asking for the names of three polling
engines from a specific database table:

GET
https://localhost:17778/SolarWinds/InformationService/v3/Json/Query?query=SEL
ECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS

When this query is packaged with the rest of the data provided on the API Poller page, including
authorization and headers, the entire request looks like the following:

GET
https://localhost:17778/SolarWinds/InformationService/v3/Json/Query?query=SEL
ECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS
HTTP/1.1
Authorization: Basic YWRtaW46
User-Agent: curl/7.20.0 (i386-pc-win32) libcurl/7.20.0 OpenSSL/0.9.8l
zlib/1.2.3

page 75
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Host: localhost:17778
Accept: */*

For additional query examples, see REST in the Orion SDK wiki.

POST sends data to an API to create or update a resource

Unlike the GET method that requests data from a remote API, the POST method is used to send
changes to an API endpoint. These requests typically include additional data in the message body, as
opposed to GET request that may include all necessary details in the request URL.

POST requests usually require authentication by the remote API. For example, you can use standard
Orion account credentials to send GET requests that retrieve data from the Orion API (for example, to
retrieve a list of available nodes), but you need Node Management rights for the Orion Platform to
send a POST request (for example, to add a node), as defined on the Manage Accounts page.

POST requests supply additional data to the target in the message body, not the URL.
Credentials, if configured for an API poller, are sent in a separate Header file.

Note the following details about API poller requests:

l Allow time for responses. The larger the data set, the longer the response time.
l Dedicated headers are required for pages that require logins.

API poller authorization and authentication

Most REST APIs use forms of authorization and authentication to check the validity of requests and
securing available data.

l Authentication proves the identity of a requestor. Many APIs require you to register as a user
and include credentials in API requests to verify your identity. For example, to send requests to
Azure APIs, you need to provide a Client ID and Client Secret to authenticate access.
Authentication proves that you are who you say you are.
l Authorization allows certain actions against data stored in the API. For example, you can use
standard Orion account credentials to send GET requests that retrieve data from the Orion API,
but if you send a POST request to change data with a CREATE, READ, UPDATE, or DELETE
database command, you need extra rights. To add a node with a CREATE command, your Orion
account requires Node Management rights. Authorization verifies an authenticated requestor
has permission to perform certain actions.

page 76
Supported authorization types include:

l No Authorization: No user names, passwords, or credentials are required for free, public APIs,
also known as open APIs. For example, iTunes Search is an open API (© 2020 Apple Inc.,
available at affiliate.itunes.apple.com, obtained on September 1, 2020).
l Basic Authorization: Also called "Basic Auth," this method passes the username and password
in request headers, sent via HTTPS and encoded with Base64 for security. Passwords are
required with Basic Authorization.
l OAuth 2.0: Uses access tokens that the API server passes to an authentication server to grant
access via public and private keys. To learn about Grant Type, Tenant ID, and other OAuth
terms, see the next section, API credentials.
l Bearer Token: Also called "token authentication," this scheme uses access tokens to
authenticate requests, in the form of text strings added to request headers (for example,
Authorization: Bearer <Your API Key>).
l API Key: The API key is a long string included in either the request URL or request header (for
example, Authorization: <Key> <Value>). Some APIs require both a public and private key
-- the public key is usually included in the request, and the private key is treated like a password.

Starting in SAM 2020.2.1, you can chain multiple API requests to save a value from one request
for use in subsequent requests, including authorization and authentication data. This can be
useful for APIs that involve tokens, sessions, or endpoint discovery.

Review API documentation to determine what's required in requests. For example, requests sent to
the SolarWinds Loggly API require an access token before a response is returned; the API uses the
token to authenticate your identity. Additional tokens are then required to reach specific segments of
data in subsequent requests; the API uses those details to verify what you can do to data.

The SolarWinds Pingdom API uses Bearer Token authorization so an API token must be included in
each request, as shown in this example:

GET /checks HTTP/1.1

Host: api.pingdom.com
Authorization: Bearer ofOhK18Ca6w4S_XmInGv0QPkqly-rbRBBoHsp_
2FEH5QnIbH0VZhRPO3tlvrjMIKQ36Vap

page 77
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

API credentials

Depending on the type of authorization used by an API, you may only need to provide simple
credentials: a username and password. Some free APIs don't require any credentials. Sophisticated
APIs, such as the Azure API, require a client ID, client secret, access token URL, and other details.

Some terms you may encounter include:

l Grant type: The method used by an application to get an access token that authenticates a
request to an API endpoint.
l Tenant ID: A unique ID that represents the Azure AD directory where a registered application is
stored.
l Client ID: A unique ID that is assigned to an application and service principal during initial
provisioning.
l Client Secret: A unique set of characters known only to the application and authorization server.
l Access token URL: The web address of the API provider's authentication server, which
exchange an authorization code for an access token.to confirm access to API data.
l Scope: The endpoints of data within an API for which an application can request access. The
access token issued to the application will be limited to the scopes granted, including read or
write access permissions. For example, to monitor https://manage.office.com endpoints
with the Microsoft 365 Admin Center API poller template, use the following scope:
https://manage.office.com/default.

For tips on locating Azure credentials such as Tenant IDs, see Find Microsoft Azure
credentials.

Note the following details about API credentials:

l To configure credentials for an API poller, select an existing set of credentials or add credentials
manually.
l Credentials sent to an API via an HTTP are not encrypted. They're sent in headers as plain text.
l For OAuth 2.0:
o SAM currently only supports the Client Credentials grant type.

o The Scope value may include multiple space-separated values.

l Many access tokens expire after a certain amount of time but some APIs offer "refresh tokens"
with long lifespans. For example, SolarWinds DPA API tokens expire after 900 seconds but can
be extended the API_ACCESS_TOKEN_EXPIRATION option.

Refer to API provider documentation to learn more about credentials and required formats.

API permissions

In addition to appropriate credentials, API requests require permissions to access data within a
specified scope. See API provider documentation for details.

page 78
 Excerpts and figures herein are attributed to © 2020 Microsoft Corp., available at
docs.microsoft.com, obtained on November 9, 2020.

For example, Microsoft Graph permissions are granted via a consent process that uses a
resource.operation.constraint pattern, as shown here:

l ServiceHealth.Read grants permission to read service health information for your

organization.
l Reports.Read.All grants permission to read all usage reports.

The following figure shows Microsoft Graph Reports.Read.All permissions for the Microsoft 365
Teams API poller template:

SSL certificate validation for API pollers

This option is enabled, by default, when you add an API poller. Whenever an API request is sent,
SAM checks for a valid SSL certificate on the external node specified by the URL.

If the SSL certificate validation option is disabled for an API poller, the following default response
appears after each API request: "The underlying connection was closed: Could not establish trust
relationship for the SSL/TLS secure channel.

The API Poller feature does not support monitoring of HP ProLiant servers via the HP Integrated
Lights-Out (iLO) REST API due to a HP known issue, even if this workaround is applied.

Configure monitored values in API pollers

For each value monitored by an API poller, you can define:

l How the value is stored, which controls whether or not a SAM license is consumed.
l The name used for the value when displayed in the Orion Web Console.
l Warning and critical thresholds used for Orion Platform alerting.

page 79
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To configure a value for an API poller, you can either:

l Click the Monitor ( ) icon next to a new value you're adding to an API poller, or

l Click the Edit ( ) icon for an existing value in an API poller.

The following dialog box appears:

Options include:

l How should we store this value?

o Keep the default setting, "New monitored value," to save the value as historical, time series

data that consumes a SAM license.

o Select "Use as a variable in subsequent request" to save the value for use in later

API requests without consuming a license. This is useful for APIs that require
authentication tokens in headers; the first request retrieves a token that is then passed to
subsequent requests as a variable in headers. See Chain multiple API requests in a single
API poller in SAM for details.

page 80
 l Orion display name
l Type
o Adjust the default setting (Numeric) if returned values will be in string format (for example,

Up, Down, True, or False). If you select String, additional fields appear where you can
convert expected values to numeric values so you can set thresholds for alerting. For
example, map "True" to 1 and "False" to 2, and then use the numeric values in the
Threshold fields.

l Thresholds. Set warning and critical thresholds for API poller alerts.

How monitored API metrics in SAM impact Node status

When you use the API Poller feature to monitor node metrics via remote REST APIs, the status of
returned metrics impacts the overall status of the node, if Child status rollup mode is enabled. To learn
more, see Status Rollup Mode in the Orion Platform.

API poller
Description
status
Response code from API is 200. OK

All monitored values are within thresholds.

API poller was created but no API requests have been sent yet. Unknown

No licenses are available, either because SAM is not yet licensed or all licenses were
consumed. See API poller licensing.

At least one monitored value exceeded its warning threshold but no monitored values Warning
reached a critical threshold.

At least one monitored value exceeds its warning threshold. Critical

You can display the status of an individual API-monitored metric in the following places:

l Node Details view: The API Poller widget displays the latest monitored metrics with their status,
along with the name of the API poller.

page 81
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l PerfStack: Navigate directly to PerfStack from the API Poller widget on the Node Details view to
see historic API metric data.
l Orion Maps: Click a node with an assigned API poller to display monitored metrics.

API poller alerts

The API Poller feature includes two objects that can be used to configure trigger conditions in alerts:

l API Poller: Use the overall status of an API poller to trigger alerts (for example, if an API stops
responding or expected values are not returned). See How monitored API metrics in SAM impact
Node status.
l API Poller Monitored Value: Set warning and critical thresholds for alerts individual values
monitored by an API poller. See Configure monitored values in API pollers.

For an overview about alerts, see Use alerts to monitor your environment with the Orion
Platform.

Manage API pollers

This section includes the following topics:

l Add API pollers in SAM

l Add API poller credentials in SAM
l Chain multiple API requests in a single API poller in SAM
l Edit API pollers in SAM
l Reassign an API poller to a different node
l Import API pollers into SAM
l Export an API poller
l Delete API pollers in SAM
l Use macros and custom properties to populate API requests in SAM
l Assign API poller templates to nodes

To display all API pollers in your environment, click Settings > All Settings > Manage API Pollers.

page 82
Add API pollers in SAM
Here is an outline of how to build an API poller for a remote API. Out-of-the-box API poller templates
designed for Microsoft 365, Azure, Atlassian, VMware, and SolarWinds APIs are also available, as
described in the SAM API Poller Template Guide.

l Create the API poller and send a request to determine which values are available to monitor.
o Select a request method: GET or POST.

o Configure a name and description for the API poller.

o Provide a URL for the remote API.

o Specify the type of authorization used by an API.

o Enter credentials, if necessary.

o Send an initial request to the remote API to retrieve a list of available metrics.

l Select the values you want to monitor.

o Review the API response to determine what values are available to monitor.
o Select the metrics you want to monitor.

o Provide the name that you want to appear in the Orion Web Console for each metric.

o (Optional) Configure warning and/or critical thresholds for each metric.

l Save your new API poller.

To create an API poller for a node:

1. Review API poller requirements. For example, you'll need to specify an existing node.
2. Click Settings > All Settings > Manage API Pollers.
3. When the Manage API Poller page appears:
a. Click New.
b. Click the row for the node where you're adding the API poller.

c. Click Create API Poller.

page 83
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

4. At the top of the API Poller page, select a Method for the request. The default is GET, which
retrieves data from an external API.

5. Enter the Request URL of the API.

Starting in SAM 2020.2, you can use macros in request URLs; for example,
https://post-man-echo.com/get?ipAddress=${IpAddress}.

For APIs that do not require authentication, skip ahead to step 8 and click Send Request.

6. Click Configure to open the API Poller settings dialog box.

a. Provide a Name and (optional) Description.

If you do not provide a name for an API poller, related data is not displayed in
PerfStack.

b. (Optional) Disable SSL certificate verification.

SAM checks for a valid SSL certificate during API requests, by default. For remote
API servers without valid certificates, disable this option.

c. (Optional) Enable existing Orion settings for proxy servers.

d. (Optional) Set a custom polling interval.

e. Select the Authorization used by the API.

f. Provide credentials, if required.

page 84
 g. Click Save.

7. If the API requires specific details in the header (for example, credentials), add them. Click + to
add multiple headers.

Headers are not encrypted; they're stored in the database as plain text.

8. Click Send Request.

This initial API request is sent from the web. Afterward, API polling occurs via the Main
Polling Engine (usually the Orion server) or an Additional Polling Engine, depending on
the node configuration.

9. When the Response appears, click the Monitor ( ) icon for each metric you want to monitor. An
Expand ( ) icon indicates that you can retrieve additional metrics. The following example shows
that 13 more metrics are available.

page 85
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

A Response status code other than 200 indicates the request failed. Verify API poller
settings, make sure the remote API is available, and click Send Request again. See also
Troubleshoot API monitoring in SAM.

10. For each value you want to retrieve from the API, click the Monitor ( ) icon to open the
"Configure a value to monitor" dialog box.

page 86
 a. Leave "How should we store this value?" set to "New monitored value" to add only the
current metric.

Select "Use as a variable in subsequent request" to use the value for this API poller only. It
will not be stored in the database or consume a SAM license. This is useful for APIs that
require authentication tokens in headers; the first request retrieves a token that is then
passed to subsequent requests as a variable in headers. See Chain multiple API requests
in a single API poller in SAM for details.
b. Enter an Orion display name for the metric.
c. For Type, the default value is Numeric. If necessary, change it to String and then use the
extra fields that appear to map string values to numeric values. For example, map "True" to
1 and "False" to 2. See API poller alerts for details.
d. (Optional) Set Warning and/or Critical threshold values. See API poller alerts for details.

e. Click Save.
11. When finished selecting and configuring values to monitor, click Save to finish creating the
API poller.

If errors occur when saving an API poller, review OrionWeb.Log and ApolloWebApi.log files.

When you return to the Node Details view, wait 2 minutes for polling to occur. When monitored metrics
appear in the API Poller widget, you can:

l Click the title of a metric display only data for that metric in PerfStack.
l Click an API poller name to display all collected metrics in PerfStack.

Add API poller credentials in SAM

Depending on the type of API poller authorization and authentication used by an API, you may only
need to provide a username and password. Sophisticated APIs, such as the Azure API, require a
client ID, client secret, access token URL, and other details to validate access. Some free APIs don't
require any credentials. Refer to documentation from the API provider for details.

For tips on locating Azure credentials such as Tenant IDs, see Find Microsoft Azure
credentials.

To add credentials to an API poller:

1. Click Configure at the top of the API poller page.

2. Click New credential.

page 87
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

3. Add a name for the set of credentials, fill out the remaining fields, and then click Save.

Alternatively, select an existing set of credentials from the drop-down listbox.

If you assign multiple API poller templates of the same type (for example, four Azure templates)
to a node, the resulting API pollers can share the same credentials. If you assign different types
of templates (for example, one Azure template and one Pingdom template), you'll need to
configure separate credentials for each poller before sending API requests.

Chain multiple API requests in a single API poller in SAM

Starting in SAM 2020.2.1, you can send an initial request to an API to get a value, and then save the
value as a variable that can be passed to subsequent requests that are chained together in a single
API poller. This can be useful for APIs that involve tokens, sessions, or endpoint discovery.

For example, if an APIs requires tokens, the initial API request can retrieve a token that is then passed
along to headers of subsequent API requests to authenticate access to data. The VMware vCenter
Inventory template uses this technique.

To chain multiple API requests in a single API poller:

1. Click Settings > All Settings > Manage API Pollers.

page 88
 2. On the Manage API Poller page, click New, select the row for a node, and then click Create
API Poller.

3. Select GET as the Method.

4. Click Configure to provide details about the API poller, such as a name, credentials, and
thresholds; see Add API pollers in SAM for details. Click Save when finished.
5. Provide a header, if required.
6. Click Send Request.

7. When the response appears, click the Monitor ( ) icon next to the value you want to use in
subsequent requests (for example, a token needed to authenticate data).
8. In the next dialog box:
a. For "How should we store this value?" select "Use as a variable in subsequent request.

page 89
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

b. Enter a name for the variable.

In later requests, the value uses the following notation: ${varName}.

c. Click Save to close the dialog box.

9. To create another request in the same API poller, click Options ( ) > Duplicate.

When the page displays a set of fields for the new request, you can use the variable defined in
the previous request. In the following example, the variable is added to the URL.

10. Configure the new API request, as necessary, and then save changes. To add a new request to
the existing requests, click Options > Duplicate again.

Edit API pollers in SAM

To edit an API poller:

1. Click Settings > All Settings > Manage API Pollers.

2. On the Manage API Pollers page, select the API poller, and then click Edit.

page 90
 3. Use the following editing tools to modify the API poller:

l Click the Edit ( ) icon at the top of the page to change the API poller name.

l Click Configure to change the Name, Description, SSL option, Authorization type, or
credentials.

l Click Options ( ) to duplicate a request (for example, if chaining multiple requests), change
the order of requests displayed on the page, or delete a request.

l Click Expand ( ) or Collapse ( ) to adjust the amount of details displayed for a request.
l For individual metrics, click Edit ( ) or Delete ( ).

page 91
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

4. Click Save.

On the Manage API Pollers page, you can also reassign API pollers to a different node.

Reassign an API poller to a different node

To move an API poller to a different managed, external node in your environment:

1. Click Settings > All Settings > Manage API Pollers.

2. When the Manage API Pollers page appears, select the API poller you want to move.
3. Click Reassign.

4. In the next dialog box, select a node and click Reassign API Poller.

Import API pollers into SAM

You can select an API poller from a file on your local drive or a network location, and then import it into
the Orion Web Console. Supported files use the following suffix: .apipoller.template.

More SolarWinds API poller templates are available in the SAM section of THWACK, as posted
by solarwinds_worldwide_llc and tagged with an API Poller label. For an example, see
the GitHub health status API Poller Template. After you download a template from THWACK,
you can import it into SAM on the Manage API Pollers page.

To import an API poller:

1. Click Settings > All Settings > Manage API Pollers.

2. When the Manage API Pollers page appears, click Import.

page 92
 3. In the Import API Poller dialog box, click Browse to select a file, and then click Next.

4. Select a node to host the poller.

If you need to add a new managed node for the API poller, use the Add Node wizard.

5. Click Create API Poller. The size of the file determines how long it takes to import.

Export an API poller

You can export an API poller to your local drive; for example, to create a backup, or to move an API
poller from a testing environment to a production environment.

To export an API poller:

1. Click Settings > All Settings > Manage API Pollers.

2. When the Manage API Pollers page appears, select the API poller you want to export.
3. Click Export.

The file is downloaded to your local drive.

page 93
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Delete API pollers in SAM

To delete an API poller:

1. Click Settings > All Settings > Manage API Pollers.

2. On the Manage API Pollers page:
a. Select the API poller.
b. Click Delete.

Use macros and custom properties to populate API requests in SAM

The API Poller feature supports the use of macros (also called variables) to populate API request
URLs and headers with node-specific data, so you can reuse the same request URL for multiple
nodes. When you send the request, the Orion Platform automatically injects node-specific parameters
into the URL.

Supported macros are based on the Node entity in the SolarWinds Information Service (SWIS), a data
access layer in the Orion Platform. You can also use node-based custom properties, such as
DeviceOwner or AssetTag, in API request macros.

Click here to learn more about custom properties in the Orion Platform Administrator Guide.
See also Creative ways to use custom properties and Custom properties and how to use them.
You can also watch this THWACKcamp (23:03).

Here is an example of a URL that uses a custom property to retrieve data about Nutanix clusters
hosted on a node:
https://${cluster_host}:9440/api/nutanix/v2.0/clusters

This example includes the following elements:

l The https protocol encrypts data sent back and forth.

l cluster_host is a node-based custom property created for controller VMs.
l 9440 is the default Nutanix Prism communication port.
l /api/nutanix/v2.0/clusters is the endpoint for the request in the Nutanix REST API.

Use the standard, Latin1 character set in custom properties. Do not use angle brackets (<, >) as
values.

page 94
Note the following details about using macros in the URLs of API requests:

l The value of a node macro is unique for each node.

l Wrap each macro in these characters: ${ }. For example, the macro for system name is
${SysName}.
l Macros are not case-sensitive.
l Currently, macros are not encrypted.
l If SWIS doesn't recognize a macro, messages appear in polling logs and status is set to
Unknown.

The API Poller feature supports the following Orion Platform macros in request URLs:

Macro Description
${AgentPort} Node SNMP port number.

${Allow64BitCounters} Node allows 64-bit counters (1), or not (0).

${AvgResponseTime} Average node response time , in msec, to ICMP

requests.

${BlockUntil} Day, date, and time until which node polling is blocked.

${BufferBgMissThisHour} Device-dependent count of big buffer misses on node in

current hour, queried with MIB 1.3.6.1.4.9.2.1.30.

${BufferBgMissToday} Device-dependent count of big buffer misses on node in

current day, queried with MIB 1.3.6.1.4.9.2.1.30.

${BufferHgMissThisHour} Device-dependent count of huge buffer misses on node

in current hour, queried with MIB 1.3.6.1.4.9.2.1.30.

${BufferHgMissToday} Device-dependent count of huge buffer misses on node

in current day, queried with MIB 1.3.6.1.4.9.2.1.30.

${BufferLgMissThisHour} Device-dependent count of large buffer misses on node

in current hour, queried with MIB 1.3.6.1.4.9.2.1.30.

${BufferLgMissToday} Device-dependent count of large buffer misses on node

in current day, queried with MIB 1.3.6.1.4.9.2.1.30.

${BufferMdMissThisHour} Device-dependent count of medium buffer misses on

node in current hour, queried with MIB
1.3.6.1.4.9.2.1.30.

${BufferMdMissToday} Device-dependent count of medium buffer misses on

node in current day, queried with MIB 1.3.6.1.4.9.2.1.30.

page 95
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Macro Description
${BufferNoMemThisHour} Count of buffer errors due to low memory on node in
current hour.

${BufferNoMemToday} Count of buffer errors due to low memory on node in

current day.

${BufferSmMissThisHour} Device-dependent count of small buffer misses on node

in current hour, queried with MIB 1.3.6.1.4.9.2.1.30.

${BufferSmMissToday} Device-dependent count of small buffer misses on node

in current day, queried with MIB 1.3.6.1.4.9.2.1.30.

${Caption} User-friendly node name.

${Category} Category of the node (for example, Other, Network,

Server, or Auto-detected).

${ChildStatus} Status of child objects (for example, interfaces or

applications) monitored on a node.

For details, see Node status contributors.

${CMTS} The Cable Modem Termination System (CMTS)

connected to a node.

${Community} Node community string.

${Contact} Contact information for person or group responsible for

node.

${CPUCount} Node CPU count at last poll.

${CPULoad} Node CPU utilization rate at last poll.

${CustomPollerLastStatisticsPoll} Day, date, and time of last poll attempt on node.

${CustomPollerLastStatisticsPollSuccess} Day, date, and time that node was last successfully
polled.

${CustomStatus} Status of node does not affect actual, polled values and
alerts do not trigger.

${Description} Node hardware and software.

${DetailsUrl} The URL of the Details page for the node.

page 96
 Macro Description
${DisplayName} Name that appears for the node in the Orion Web
Console.

${DNS} Fully qualified node name.

${DynamicIP} If node supports dynamic IP address assignment via

BOOTP or DHCP (1); static IP address return (0).

${EngineID} Internal unique identifier of the polling engine to which

node is assigned.

${EntityType} Indicates if a node is a VM.

See Hardware field values in NPM Node Details.

${External} States if node is currently designated as external.

${GroupStatus} File name of status icon for node and its interfaces.

${Icon} File name of an icon.

${IOSImage} Family name of Cisco IOS on node.

${IOSVersion} Cisco Internetwork Operating System (IOS) version on

node.

${IP} Node IP address.

${IP_Address} Node IP address.

${IPAddress} Node IP address, as may be represented in legacy

Orion Platform modules.

${IPAddressGUID} The IP address of the node converted into GUID format

using IPv6.

${IPAddressType} The protocol used for the IP address, such as IPv4.

${IsOrionServer} Indicates if a node is the main Orion server.

${IsServer} Indicates if a node is a Windows server running

applications.*

${LastBoot} Day, date, and time of last node boot.

${LastSync} Time and date of last node database and memory

synchronization.

page 97
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Macro Description
${LastSystemUpTimePollUtc} Time and date, in UTC format, when node was last
polled for sysUpTime.

See also NPM Polling values explained in the

Success Center.

${LoadAverage1} Load average over the last 1 minute.

${LoadAverage15} Load average over the last 15 minutes.

${LoadAverage5} Load average over the last 5 minutes.

${Location} Location of the node.

${MachineType} Node manufacturer or distributor and family or version

information.

${MaxResponseTime} Maximum node response time , in msec, to ICMP

requests.

${MemoryAvailable} Total node memory available.

${MemoryUsed} Total node memory used over polling interval.

${MinResponseTime} Minimum node response time , in msec, to ICMP

requests.

${MinutesSinceLastSync} Number of minutes since the node was synced.

${NextPoll} Day, date and time of next scheduled node polling.

${NextRediscovery} Time of next node rediscovery.

${NodeDescription} Internal unique identifier of node.

${NodeName} Node host name. Defaults to node IP address ${IP_

Address} if host name does not resolve.

${NodeStatusRootCause} Node status, as influenced by child nodes.

For details, see Node status contributors.

${NodeStatusRootCauseWithLinks} Node status, as influenced by child nodes, that includes

hyperlinks in HTML format.

${ObjectSubType} States if node supports SNMP or is ICMP-only.

${OrionIdColumn} Orion ID column string.

page 98
 Macro Description
${OrionIdPrefix} Orion ID prefix.

${PercentLoss} ICMP packet loss percentage when node last polled.

${PercentMemoryAvailable} Percentage of node memory available over polling

interval.

${PercentMemoryUsed} Percentage of total node memory used over polling

interval.

${PolledStatus} Basic node status that is not influenced by child nodes.

For details, see Node status contributors.

${PollInterval} Node polling interval, in seconds.

${RediscoveryInterval} Node rediscovery interval, in minutes.

${ResponseTime} Node response time, in milliseconds, to last ICMP

request.

${RWCommunity} Node read/write community string; acts as security code

for read/write SNMP access.

${Severity} A network health score providing 1 point for an interface

in a warning state, 1000 points for a down interface, and
1 million points for a down node.

${SkippedPollingCycles} The date and time of the last skipped polling cycle.

${SNMPVersion} States the version of SNMP used by the node

${StatCollection} Statistics collection frequency, in minutes.

${Status} Numerical node status.

For details, see Status Icons and Identifiers.

${StatusDescription} User-friendly node status.

${StatusIcon} File name of node status icon.

${StatusLED} File name of node status icon.

${SysName} String reply to SNMP SYS_NAME OID request.

${SysObjectID} Vendor ID of the network management subsystem in

OID form. Clearly determines the type of node.

page 99
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Macro Description
${SystemUpTime} Time, in hundredths of a second, since monitoring
started.

${TotalMemory} Total node memory available.

${UiSeverity} States if node is currently unmanaged.

${Vendor} Node manufacturer or distributor.

${VendorIcon} File name of node vendor logo icon.

Assign API poller templates to nodes

As detailed in the SAM API Poller Template Guide, SAM includes a variety of templates to capture
metrics in PaaS, IaaS, on-premises, and hybrid environments from the following APIs:

l Atlassian
l JetBrains TeamCity
l Microsoft 365 (formerly "Microsoft Office 365")
l Microsoft Azure
l SolarWinds AppOptics
l SolarWinds Pingdom
l SolarWinds Service Desk
l VMware vCenter

To assign one or more templates to a node, use the Assign API Pollers wizard, accessible via the
Management widget on Node Details pages.

page 100
Note the following details:

l SolarWinds recommends using Firefox, Chrome, or Microsoft Edge to run the wizard.
l Templates are updated periodically. To get the latest version, use the Assign API Poller wizard
again.
l To exit the wizard and create a standard API poller instead, click Create custom API Poller.

More SolarWinds API poller templates are available in the SAM section of THWACK, as posted
by solarwinds_worldwide_llc and tagged with an API Poller label. For an example, see
the GitHub health status API Poller Template. After you download a template from THWACK,
you can import it into SAM on the Manage API Pollers page.

To assign one or more API poller templates to a node:

1. Navigate to the Node Details view for the node.

2. In the Management widget, click API Poller Management > Assign.

As shown here, the wizard displays template details, such as the default number of consumed
metrics, which impacts license usage. After you assign a template to a node, you can add or

page 101
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

delete monitored metrics.

3. Select the template(s) you want to add to the node and click Next.
4. On the next, select an Authorization type, specify credentials, and then click Assign Pollers.

If you assign multiple templates of the same type (for example, four Azure templates), they can
share credentials. If you assign different types of templates (for example, one Azure template
and one Pingdom template), you'll need to configure separate credentials before sending API
requests.

page 102
 5. After the API poller is applied to the node, click the API Poller template link, as shown in this
example.

The API poller appears, along with a list of monitored metrics.

6. (Optional) Click Configure to edit the Name or Description of the template. You can also adjust
SSL, proxy, polling interval, and credential settings.

page 103
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

7. Use the Edit ( ) and Delete ( ) icons to modify monitored values, as necessary.

8. When finished setting up the API poller, click Save to return to the Node Details view.

After the next poll occurs (2 minutes, by default), metrics appear in the API Poller widget on the Node
Details view where you can:

l Hover over a monitored metric to display details about it or display its parent API poller,
l Edit or delete monitored metrics,
l Click a metric to display related data in PerfStack, or
l Display metrics in Orion Maps that include the node.

Work with API pollers

If you can access a remote API, you can send requests to it with the API Poller feature. Define your
API endpoints, pick the metrics you want to monitor, provide credentials, and begin monitoring without
the need for custom scripts. You can also use an out-of-the-box API poller template included in SAM.

For example, you can create an API poller to monitor the Nutanix API and check data resiliency by
setting alert thresholds for the number of nodes in monitored Nutanix clusters so you're notified when
changes occur. You can also chain multiple API requests together to drill down into data endpoints
and collect metrics such as cluster Read IOPs.

Additional examples include:

l Use SolarWinds AppOptics and Loggly APIs to tighten connections between SolarWinds
products in your environment.

page 104
 l Use the Microsoft Graph API to increase visibility into the performance of apps being monitored
by Office 365 application templates in SAM.
l Use the Cisco UCS API to bolster blade server monitoring by adding metrics to what you already
collect for hardware health monitoring.
l Use the Orion SDK API to provide Orion Platform data to external teams, produce custom
dashboards for executives, or automate maps.

The following topics describe more ways to use the API Poller feature:

l Use the API Poller feature with the Orion SDK

l Useful APIs for SAM
l API poller use case: Monitor a Nutanix cluster
l API poller use case: Monitor AppOptics services

Use the API Poller feature with the Orion SDK

The Orion SDK is a set of tools, published on GitHub, that you can use to interface with the
SolarWinds Orion API. The API is not specific to any one Orion Platform product, such as SAM;
instead, it's the infrastructure that all of those products run on. Each time you use an Orion Platform
product, you're also interacting with the API -- it's open and waiting for requests that come from within
the products (for example, when you add a node). The API is already running on your Main Polling
Engine, as well as any Additional Polling Engines (APEs) or Additional Web Servers (AWS).

SolarWinds provides the Orion SDK as a tool to enhance the flexibility and ease of manipulating
certain aspects of the Orion Platform. The SDK offers direct access to portions of the SolarWinds
Information Service (SWIS) using SQL-like queries in SolarWinds Query Language (SWQL). It allows
for higher-level operations than would be allowed when making changes in SQL, returning results
similar to what SWQL or SWIS tools return.

Just as SAM can be used in many ways by different members of an organization, you can use the
Orion SDK for a variety of tasks, depending on what's available in your environment and how you use
the Orion Platform to interact with other systems. In this topic, we'll discuss how to use the API Poller
feature to interact with the SDK

Some ways to use the Orion SDK include:

l Provide Orion Platform data to external teams.

l Produce custom dashboards for executives (see SolarWinds Lab #69).
l Automate maps (SolarWinds Lab #8).
l Assign SAM application monitor templates to nodes.
l Create groups and dependencies.
l Deploy Orion agents.

page 105
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Note the following recommendations for using the SDK:

l Experiment with the Orion SDK in a non-production instance of Orion.

l Back up your Orion database frequently.
l Do not run untested PowerShell scripts against a production instance.

The Orion SDK is a powerful tool that can impact Orion Platform data. Before using it, you
should be well-versed in SQL queries and have a background in programming. SolarWinds
does not provide pre- or post-sales support on any Orion SDK customizations, including code.

See the Orion SDK wiki to learn more about the API. Here are some highlights:

l API requests should include the following details:

o Authentication: Use your Orion account credentials.

o Authorization: Read-only requests don't require extra permissions, but you'll need Node

Management rights to create, update, or delete data.

l The API lives on port 17778, uses HTTPS, and requires that you add
/SolarWinds/InformationService/v3/Json/ portion after the host:port section.

To learn about additional SolarWinds APIs, see Useful SAM APIs.

Orion SDK terminology

If you're new to the Orion SDK, the following definitions for basic terms may be helpful:

l Software Development Kit (SDK). An SDK is a set of tools and libraries, provided by vendors,
that allow others to more easily consume their API. You can download the Orion SDK from
GitHub at https://github.com/solarwinds/OrionSDK. It includes documentation, code samples,
and tools like SWQL Studio, a GUI you can use to build custom SWQL queries and browse
through available data.

You don't need to deploy the Orion SDK to use SAM's API Poller feature, but the included
SWQL Studio app may be helpful.

The GitHub site is the main resource for the Orion SDK, where issues are tracked. If you have
questions, post them in the Orion SDK forum on THWACK instead of contacting SolarWinds
Support. That forum is frequented by SolarWinds staff and THWACK MVPs, as well as other
customers that can provide feedback.
l SolarWinds Query Language (SWQL): SWQL (rhymes with "pickle") is a proprietary, read-only
subset of SQL that you can use to query your Orion database for specific network information.
For syntax and query examples, see Use SWQL in the Orion Platform.

page 106
 l Orion API: In software development terms, an Application Programming Interface (API) is an
access point that allows one piece of software to access another. In a multi-tier system that is
engineered to have its web, polling, reporting, and coordination communicate via separate
layers, an API allows different parts of a system to be developed independently. The Orion
Platform is that type of system (also called N-tier architecture), and you can use SWQL to read
data through the API, as well as add, delete, or update data.
l SolarWinds Information Service (SWIS). The implementation of the API within the Orion
Platform is embodied as a Windows service called SWIS. This service supports communication
between the Orion server, the Orion database, Orion Platform modules like SAM and NPM, and
Additional Polling Engines (APEs). It is also via SWIS that various scripting and programming
technologies can be used to access the Orion Platform.
l CRUD: SWIS supports the ability to Create, Update, and Delete SolarWinds (CRUD) objects so
you can add nodes, add interfaces to nodes, and manage many other processes
programmatically. can add nodes, add interfaces to nodes,

To learn more about the Orion SDK, see:

l Intro to API, SDK, & SWQL (THWACK product blog)

l Orion SDK Advanced Training - SolarWinds Academy Training Class
l There's an API for That: Introduction to the SolarWinds Orion SDK (video; 30:00)
l SolarWinds SWIS API Programming Class - SolarWinds Lab #39 (video; 37:13)
l Port 1777: Introduction to the SolarWinds API (video; 28.26)

Useful APIs for SAM

Like most Orion Platform modules, SAM can be utilized in many ways by different members of your
organization, depending on the tasks they need to complete and the level of detail they need. Here are
some APIs that may prove useful when working with the API Poller feature. You can also check with
your cloud service, software/hardware vendors, to see if they offer APIs.

Refer to API documentation posted by individual vendors for:

l Defined endpoints where data is available

l Supported request URL formats and examples
l Authentication and authorization requirements
l Troubleshooting tips
l Rate limits

Some cloud services limit the amount of free API requests per calendar month and charge
for extra requests in the remaining time frame.

page 107
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

API name API documentation Notes

Amazon Elastic Amazon EC2 API Reference © 2020, Amazon Web Services, Inc.,
Compute Cloud API available at docs.aws.amazon.com,
obtained on March 2, 2020

AppOptics API AppOptics API © 2020, SolarWinds, Inc.,

documentation.solarwinds.com, obtained on
August 11, 2020

Azure API Azure REST API Reference © 2020, Microsoft Corp., available at
docs.microsoft.com, obtained on March 2,
See Find Azure 2020
credentials.

Cisco UCS Manager Cisco UCS Manager XML API © 2020, Cisco Systems, Inc., available at
XML API Programmer's Guide www.cisco.com, obtained on March 2, 2020

SolarWinds DPA Use the DPA REST API © 2020, SolarWinds, Inc.,
REST API documentation.solarwinds.com, obtained on
API information is also March 2, 2020
appear in the DPA UI.

IP Address Monitor Use the SWIS API to perform © 2020, SolarWinds, Inc.,
(IPAM) API IPAM operations documentation.solarwinds.com, obtained on
March 2, 2020

Loggly API API overview © 2020, SolarWinds, Inc.,

documentation.solarwinds.com, obtained on
August 11, 2020

Microsoft Graph Microsoft Graph REST API © 2020, Microsoft Corp., available at
v1.0 reference docs.microsoft.com, obtained on August 11,
2020
To learn about legacy
Office 365 APIs, click
here.

Nutanix REST API Nutanix REST API © 2020, Nutanix, available at

portal.nutanix.com, obtained on March 2,
2020

Office 365 APIs Welcome to Office 365 © 2020, Microsoft Corp., available at
Management APIs docs.microsoft.com, obtained on August 11,
2020

page 108
API name API documentation Notes

Orion SDK Orion SDK wiki © 2020, SolarWinds, Inc.,

github.com/solarwinds/OrionSDK, obtained
on March 2, 2020

Pingdom API Pingdom API © 2020, SolarWinds, Inc.,

www.pingdom.com/api, obtained on March
2, 2020

Service Desk API SolarWinds Service Desk © 2020, SolarWinds, Inc.,

REST API documentation documentation.solarwinds.com, obtained on
August 11, 2020

vSphere API VMware API and SDK © 2020, VMware, Inc.,

Documentation www.vmware.com/support/pubs, obtained
on March 2, 2020

page 109
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

API poller use case: Monitor a Nutanix cluster

This use case shows how to use the API poller feature with another SAM feature, Monitor hardware
health for Nutanix clusters. We'll create an API poller to monitor a Nutanix cluster via the Nutanix
REST API. This use case includes a GET request to retrieve data about a cluster but you could also
use a POST request to update the cluster's configuration.

To learn about the API, see Nutanix REST API Explorer Live (© 2020, Nutanix, Inc., available
at www.nutanix.dev, obtained on February 24, 2020).

To create an API poller that monitors hardware health for a Nutanix cluster:

1. Navigate to the Node Details view for the Nutanix node that hosts the cluster.
2. In the Management widget, hover over the API Poller link and click Create.

3. Select the GET Method.

4. Provide a Request URL for the API: https://any_cvm_ip:9440/api/nutanix/v2.0/clusters

Note that this URL includes the following elements:

l The https protocol encrypts data sent back and forth.
l any_cvm_ip is a variable.
l 9440 is the default Nutanix Prism communication port.
l /api/nutanix/v2.0/clusters is the endpoint for the request.

5. Click Configure.

page 110
 6. In the API Poller settings dialog box:
a. Provide a Name: Nutanix Prism
b. Provide a Description: https://any_cvm_ip:9440/api/nutanix/v2.0/clusters
c. (Optional) Disable SSL certificate verification.

By default, SAM checks for a valid certificate in each API request. For this use case,
we'll disable that option.

d. (Optional) Enable existing Orion settings for proxy servers.

e. (Optional) Adjust the default polling interval, 2 minutes.
f. For Authorization, select Basic authorization.

g. Select an existing set of credentials from the Credentials Library, or enter them manually.
h. Click Save

7. Click Send Request.

8. When results appears In the Response treeview at the bottom of the page, expand the data to
display available metrics.
9. For this example, we'll monitor the number of nodes and receive alerts if the quantity drops
below 3, which can affect our data resiliency status.

a. Click the Monitor ( ) icon for the num_nodes metric.

b. In the "Configure a value to monitor" dialog box, provide a name for the metric and set the
warning threshold as less than 3.
10. Click Save

page 111
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Next, drill down into the Response data to find more metrics to monitor. You can add metrics to the
request we just created, or duplicate the original request and edit the metric that's retrieved. For this
use case, duplicate the existing request so you don't have to provide authorization details again.

To create another API poller for the same Nutanix cluster:

1. Click the menu icon , and then click Duplicate.

2. Edit the URL for the second request to retrieve the read IOPs metric:
https://any_cvm_ip:9440/PrismGateway/services/rest/v2.0/cluster/stats?metrics=num_read_iops
3. Click Send request to check the response.
4. When results appears In the Response treeview at the bottom of the page, expand the data to
display available metrics.
5. Set up a warning threshold to detect when the number of read operations surpasses 200
milliseconds.

a. Click the Monitor ( ) icon for the num_read_iops.

b. In the "Configure a value to monitor" dialog box, provide a name for the metric and set the
warning threshold to 200.
6. Click Save.

When you return to the Node Details view, the API Poller widget shows the new pollers: one for the
number of nodes in the Nutanix cluster and one for read IOPs. Wait 2 minutes for polling to occur. After
monitored metrics appear, you can see the latest metrics received in the API Poller widget, click the
Performance Analyzer link in the Management widget to display data in PerfStack, or display metrics
in Orion Maps that include the node.

page 112
API poller use case: Monitor AppOptics services
This use case shows how to apply the SolarWinds AppOptics Monitored Services API poller template
to a node and start collecting metrics from the AppOptics API.

Before you begin

l Review available documentation.

o See API poller requirements to make sure you have what you'll need, including a node to

host the remote API URL. For this use case, we created an external node named
appoptics.com that recognizes an application endpoint, AppOptics.
o See AppOptics API documentation to learn about API request requirements, endpoints,

and so on. For example, API requests required Basic Authorization, HTTPS, and an
AppOptics token.
o See the SAM API Poller Template Reference to learn about template requirements and

default metrics.
l Gather AppOptics account credentials. You'll need them to copy an API token from AppOptics to
SAM. For steps, see Retrieve an AppOptics API token to integrate AppOptics with an IIS node in
SAM.

To assign an API poller template to a node:

1. Navigate to the Node Details view.

2. In the Management widget, click API Poller Management > Assign.

SolarWinds recommends using Firefox, Chrome, or Microsoft Edge to use the wizard.

page 113
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

3. On the Choose API Pollers page of the Assign API Pollers wizard, select the SolarWinds
AppOptics Monitored Services template and click Next.

4. On the Authorization page of the wizard:

a. Select Basic Authorization.
b. Click New credential. In the dialog box that appears, add a Credential name, enter an
AppOptics API token as the Username, and click Save. No password is required.
c. Add a Credential name.
d. Click Assign Pollers.

page 114
 5. After you apply the API poller to the node, click the API Poller template link, as shown here:

The API poller appears, along with a list of monitored values

6. (Optional) Click Configure to edit settings for the template, such as Name, Description, and
credentials.

7. Use the Edit and Delete icons to modify monitoring for the Average response time metric.
8. When finished, click Save to return to the Node Details view.

When you return to the Node Details view, the API Poller widget shows the new pollers. Wait 2
minutes for polling to occur. After monitored metrics appear, you can see the latest metrics received in
the API Poller widget, click the Performance Analyzer link in the Management widget to display data
in PerfStack, or access metrics from Orion Maps that include the node.

page 115
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Troubleshoot API monitoring in SAM

This topic describes issues you may encounter when using the API Poller feature. For more
troubleshooting tips, check the Success Center and the SolarWinds online IT community, THWACK.

Here are some general tips to resolve API poller issues:

l Review the following information:

o Before you begin

o API poller requirements

l Check that the remote API URL is accessible.

l Verify credentials included in API requests.
l Review API requirements. For example, the Pingdom API uses HTTP Bearer Authentication that
requires an API token in each request.
l An "Out of API Poller metrics" message indicates that no SAM licenses are available. See API
poller licensing
l Confirm that Solarwinds.Orion.ApiPoller.Service.exe is active in Task Manager.

To check logs, search for ApiPoller or polled URLs in files stored in the following Orion server
locations:
l ProgramData\SolarWinds\Logs\Cortex
l ProgramData\SolarWinds\Logs\Cortex\Plugins\SolarWinds.CortexPlugin.Orion.Ap
iPoller.log
l ProgramData\SolarWinds\Logs\Orion\ApolloWebApi.log
l ProgramData\SolarWinds\Logs\Orion\OrionWeb.Log

Issue: Save errors when creating an API poller

Review the following logs located at ProgramData\SolarWinds\Logs\Orion\ where polling occurs

— either on the Main Polling Engine (usually, the Orion server) or an Additional Polling Engine.
l ApolloWebApi.log
l OrionWeb.Log

Issue: API Poller send request returns errors

When you add an API poller, the Send request is routed to a Website or Additional Website. Make
sure the endpoint is accessible from the URL.

Open Developer Tools in a web browser and examine the results of the send connection on the
Network tab. If errors occur in a header, try removing the header. If a remote API is unstable, you may
be able to drill down into the response data to display exception messages.

page 116
Issue: An API poller stopped after the node was moved to a different polling engine.

API pollers are not updated when you change a node's polling engine. Edit the API poller and save it
again.

Issue: API poller responses are returned but metrics are not updated in the Orion Web Console.

Verify that responses use valid JSON code. The API Poller feature does not currently support XML.

Issue: An API poller cannot maintain the API connection.

Run the following PowerShell script on the server that hosts the polling engine:

$uri = "Request-URL"
$method = "Get | Post"
$headers = - the same as User defined @{ 'userId' = 'UserIDValue' 'token' =
'TokenValue' }

The scripts are not supported under any SolarWinds support program or service. The scripts are
provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties
including, without limitation, any implied warranties of merchantability or of fitness for a
particular purpose. The risk arising out of the use or performance of the scripts and
documentation stays with you. In no event shall SolarWinds or anyone else involved in the
creation, production, or delivery of the scripts be liable for any damages whatsoever (including,
without limitation, damages for loss of business profits, business interruption, loss of business
information, or other pecuniary loss) arising out of the use of or inability to use the scripts or
documentation.

If firewall rules block remote connections, API pollers cannot connect.

If a request uses basic authentication, adjust the script as follows:

1. Create a string like username:password

2. Use a site like Base64 encode to encode the string. (© 2019 base64encode.net, available at
Base64encode.net, link obtained on September 16, 2019)
3. Define $headers as @{ 'Authorization' = ' Basic ENCODEDString' }
4. Execute the command. Here is an example:
Invoke-RestMethod -Uri $uri -Method Post -Headers $headers

5. Confirm that the return message is in JSON format.

If this method returns an error, check the client network configuration.

page 117
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Issue: An API poller times out repeatedly.

By default, API poller requests timeout in 60 seconds. You can change that value in Advanced
Configuration Settings.

1. Log into the Orion server as an administrator.

2. Use the Orion Service Manager to stop services.
3. To access Advanced Configuration Settings, copy the following text:
/Admin/AdvancedConfiguration/Global.aspx.

4. Paste text into your browser address bar, after /Orion, as shown in this example, and press
Enter.
<your production server>/Orion/Admin/AdvancedConfiguration/Global.aspx

5. On the Global tab, scroll to RequestTimeout, adjust the default value (60), and then click Save.
6. Restart services.

Issue: API polling occurs too frequently

Polling occurs every two minutes, by default. You can change that interval on the Advanced
Configuration Settings page in the Orion Web Console, accessible by following the steps above.

Note that the Advanced Configuration Settings page includes two tabs: Global and Server-specific:
l <your production server>/Orion/Admin/AdvancedConfiguration/Global.aspx
l <your production
server>/Orion/Admin/AdvancedConfiguration/ServerSpecific.aspx

Issue: API response is "The underlying connection was closed: Could not establish trust
relationship for the SSL/TLS secure channel."

This response appears if the default SSL certificate verification option was disabled for an API poller.

Issue: When assigning an API poller template to a node, the following message appears: API poller
cannot be created. Could not load template.

Check your internet connection.

Issue: "Internal server error" messages appear.

In Task Manager, determine if the Solarwinds.Orion.ApiPoller.Service.exe process is running.

page 118
If that process is not running, restart the SolarWinds Orion Module Engine service:

1. Create a separate backup of the following folder:

C:\Windows\Temp\.net\SolarWinds.Credentials.Orion.WebApi

2. Use the Orion Service Manager to stop the SolarWinds Orion Module Engine service.
3. Remove data from the C:\Windows\Temp\.net\SolarWinds.Credentials.Orion.WebApi
folder.
4. Start the SolarWinds Orion Module Engine service.

page 119
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Monitor application dependencies in SAM

SAM's Application Dependencies feature provides a holistic view of application and server
connections, expanding monitoring by detecting how applications and nodes interact with each other.

You can use data gathered during Application Dependencies polling to:

l Understand which applications, application processes, and nodes connect with each another.
l Ensure that the most important data for specific applications is monitored.
l Identify unmonitored applications and processes that require attention.
l Leverage latency and packet loss metrics to determine if an issue is caused by an application or
the network.

This contextual visibility of relationships between applications and physical/virtual servers also
reduces troubleshooting time. For example, instead of searching through many applications, nodes,
and component monitors to determine why an application is slow, you can navigate to the Application
Connections widget and analyze application dependencies to pinpoint the source of the issue.

page 120
To provide a more granular picture of application dependencies, the Connection Details page shows
processes and ports for connections, plus node, application, process status, and (if Connection
Quality polling is enabled) latency and packet loss statistics. The Connection Details page shows the
entire communication stack from one node to another, which makes it a unique troubleshooting tool.

With the Application Dependencies feature, you can see where and how servers communicate with
each other without contacting various teams to get information. You can use this feature to identify
established connections and provide perspectives into the connections themselves.

Watch this video to learn about monitoring and troubleshooting application dependencies.

For troubleshooting, application dependencies can help you determine if performance issues in an
application are due to a server on one side or the other, or if issues are related to the actual
communication between the two servers.

Application dependencies polling overview

SAM uses two types of polling to collect application dependency data:

l Application Dependency polling discovers and monitors the following types of connections:
o Application to application, in a typical client/server process monitored by SAM

o Application to node, with a server process not currently monitored by SAM

page 121
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

o Node to application, with a client application process not monitored by SAM

l Connection Quality polling tracks TCP communication traveling from client nodes hosting
applications to target nodes. This synthetic polling collects latency and packet loss statistics for
connections without intercepting network traffic, also known as "packet sniffing."

To learn more, see Manage polling for application dependencies.

How SAM uses Orion agents to monitor application dependencies

SAM uses Orion agents to flag nodes for Application Dependency polling. An agent must exist on at
least one of the two nodes for which you want to display dependencies. If a node does not host an
agent, the Application Connections widget displays sample data, as shown here.

Agent plug-in overview

The Orion Platform deploys and removes agent plug-ins as you enable and disable features in the
Orion Web Console. A single agent-managed node may include multiple plug-ins to handle different
tasks such as polling.

To support the Application Dependencies feature, SAM deploys agent plug-ins to nodes to monitor
connections and network communications, then displays data on the Application Connections widget
and Connection Details page.

Tip: Enable "Allow automatic agent updates" on the Manage Agents > Edit Agent Settings
page so you don't have to update plug-ins manually.

page 122
For Application Dependency polling:

l SAM deploys agent plug-ins to nodes if Application Dependency polling detects application-to-
application or application-to-node connections.
l Agent plug-ins collect data about dependencies between applications (application-to-application
connections) and/or nodes (application-to-node connections). It is available in Linux x64, Linux
x86, and Windows versions.

To avoid performance issues, SAM does not deploy Application Dependencies plug-ins to
the Main Polling Engine, which is usually the Orion server.

For Connection Quality polling, if enabled:

l SAM deploys additional agent plug-ins to collect TCP latency and packet loss metrics.
l For Windows nodes connected to clients that host applications and application processes, TCP
agent plug-ins include an Npcap driver to support Nping.

If you enable Connection Quality polling and disable it later, SAM removes the TCP agent
plug-in but not the Npcap driver. See Remove an Npcap driver after disabling Connection
Quality Polling.

SAM relies on server-initiated communications to detect "from” or to" nodes, also called “passive
agents” or “agentless" nodes. Only one node in a pair requires an agent plug-in. However, note that
data gathered by polling depends on communication settings for both nodes, as described here:

l If target and client nodes both host agent plug-ins, SAM collects data via Application
Dependency and Connection Quality polling for both nodes.
l If only the target node has an agent plug-in, SAM collects IP address and port data for the client
node but not application details, process names, or connection statistics.
l If only the client node has an agent plug-in, SAM collects IP address and port data for the server
node. If Connection Quality polling is enabled and SAM deployed a TCP agent plug-in to the
connection source node, polling can capture latency and packet loss statistics.

Use the Manage Agents page to check the status of agent plug-ins.

To start monitoring connections between applications and nodes, configure the Application
Dependencies feature, as described next.

See also:

l Access application dependency data in SAM

l Manage application dependency polling in SAM
l Troubleshoot application dependency issues in SAM

page 123
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Want an application-centric perspective of database performance? Consider integrating SAM

with SolarWinds Database Performance Analyzer (DPA.)

Configure the Application Dependencies feature in SAM

To start monitoring connections between applications and application processes in SAM, complete
these tasks:

1. Enable Application Dependency polling

2. Deploy Orion agents to nodes that host applications
3. Assign application monitors to nodes
4. (Optional) Customize polling settings

5. (Optional) Set up Application Dependencies alerts

Before you begin

Before configuring the Application Dependencies feature, review these details about supported
environments, settings, and monitoring limits.

Supported environments

SAM deploys agents and agent plug-ins to flag nodes for Application Dependency polling so
machines must support Orion agent requirements. In addition, remote computers hosting applications
listening on a specific port must support the following exceptions.

l On the destination node, allow inbound TCP connections for the port, plus an inbound rule from
any random remote port.
l On the source node, allow an outbound TCP connection for the port from an Nping application
on any random port.

Note the following details about supported environments:

l Desktop operating systems such as Windows 8 and 10 are not supported.

l Windows 2008 R2 and R2 SP1 with driver installation protection enabled are not supported.
l Do not use on IPv6 or link-local addresses to communicate within the network segment (link) or
the broadcast domain to which the host is connected.
l Raspbian 8.0 is not supported.
l Starting in SAM 2020.2, Linux distributions must support GNU C Library (glibc) 2.18 or later.

page 124
Required Orion Platform settings

Users with the Administrator role and the following Node Management rights can update Application
Dependency polling settings:

l Execute Application Dependency polling.

l Deploy agents to nodes.

Enable "Allow automatic agent updates" on the Manage Agents > Edit Agent Settings page so
you don't have to update plug-ins manually.

Recommended monitoring limits

For optimal performance, use the Application Dependencies feature to monitor up to 500 nodes.
Recommended limits per Orion instance for monitoring dependencies include:

l Application to application: 500

l Application to node: 200
l Node to application: 200
l Average number of TCP connections per single dependency: 5

Recommended limits are not cumulative. For example, the number of application-to-application
dependencies does not impact the number of application-to-node dependencies.

Orion agents hosted on minimally provisioned servers can consume high CPU usage during
polling. If that occurs, reduce the quantity of monitored elements or increase server resources.

Enable Application Dependency polling

To enable the Application Dependencies feature:

1. Click Settings > Application Connection Settings.

2. Enable the Enable Application Dependency Polling option.
3. (Optional) Enable Connection Quality Polling.
4. Click Save changes.

If Application Dependency polling fails immediately after it's enabled, go to the Manage Agents
page to check if an agent is currently being deployed. Wait 10 minutes and try polling again.

page 125
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Deploy Orion agents to monitor application dependencies

SAM uses Orion agents and agent plug-ins to flag nodes for Application Dependency polling. An
agent must exist on at least one of the two nodes where you want to display application
dependencies. If Orion agents do not yet exist on nodes, the Incoming Connections widget on the
Node and Application Details views displays sample data, as shown here:

Click Deploy Agent to Monitor Connections to add Orion agents and agent plug-ins to a node.

You can deploy agents to multiple nodes at the same time on the Manage Agents page.

Assign application monitors to nodes

Assign Application Monitors (either out-of-the-box or custom templates) to nodes with the Add New
Application Monitors Wizard. See Application Discovery.

You can also assign application monitors to nodes on the Manage Templates page.

Customize polling settings

To fine-tune application dependency polling and thresholds for your environment, use the Application
Connection Settings page to:

l Enable Connection Quality polling to display network communication statistics about application
dependencies.
l Set polling intervals.
l Indicate when SAM should remove a “down” connection and its dependencies from the Orion

page 126
 database.

You can also disable Application Dependency polling for specific nodes, if necessary.

Note the following details about the Application Dependencies feature:

l Each dependency must involve two separate nodes.

l Application Dependency polling does not monitor the Main Polling Engine (that is, the Orion
server). Otherwise, polling would impact performance due to the multitude of connections
involved.
l You do not need to configure nodes for polling in advance. SAM deploys required agent plug-ins
during Application Dependency polling and (if enabled) Connection Quality polling.

Set up Application Dependencies alerts

You can set critical and warning thresholds between applications for TCP connection packet loss and
latency, both at a global and individual connection level.

To configure Application Dependencies alerts at the global level.

1. Click Settings > All Settings > Application Connection Settings.

2. On the Application Connection Settings page, scroll down to Threshold Settings.
3. Select Critical and Warning values for Connection packet loss and Connection latency.
4. Click Save Changes.

To configure Application Dependencies alerts for individual connections, navigate to a specific node,
click Edit Node, adjust Alerting Thresholds, and click Submit. You can also navigate to a node's
Connection Details page and select Thresholds from the Commands menu.

page 127
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Use the Application Dependencies feature with Windows Failover Clusters (WFCs)
When used with WFCs, the Application Dependencies feature creates dependencies between
connected clients and listening servers on the server side for a cluster Virtual IP (VIP) instead of the
active cluster member.

Here is the required configuration for this scenario:

l Only one agentless Orion node has an IP address that matches the virtual IP address of the
clustered role.

Roles were called "Services and Applications" in SQL Server 2012 and earlier.

l Each VIP node has a unique IP address to support the Application Dependencies feature's
cluster-matching algorithm.
l A SAM process monitor such as AppInsight for SQL uses an agentless node.
l Application Dependency polling deploys agent plug-ins to agent-monitored cluster member
machines so they can be assigned to non-cluster VIP addresses.

The following diagram illustrates an example of MSSQL running on a WFC:

page 128
Note these details about this figure:

l An agentless node has the same IP address, 10.140.126.20, as the SQL Cluster VIP role and
AppInsight for SQL is assigned to the node.
l The cluster has two members with unique IP addresses monitored as Orion agent nodes.
l The Orion Server is monitored by an Orion Server template.
l The Orion Server instance uses the cluster VIP address, 10.140.126.20, for the SQL Server data
store.

SAM can detect the database connection from the Orion Server to the SQL database as a connection
between an application (the Orion SQL Server, as monitored by a template) and AppInsight for SQL
(MSSQLSERVER) even though the target of the database connection is SQL running on an active
cluster member.

Access application dependency data in SAM

As Application Dependency polling and Connection Quality polling (if enabled) occur, the latest data
populates these parts of the Orion Web Console:

l The Application Connections widget on Node Details and Application Details views.
l The Connection Details page that you can access via the Application Connections widget.

Application Connections widget

The Node Details and Application Details views display the Application Connections widget if
Application Dependency polling detects these types of dependencies:

l Application-to-application, including application processes

l Application-to-node

page 129
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Node-to-application

The Application Connections widget does not appear automatically on cloned, custom versions of
Node Details and Application Details views.

l To add a widget to an individual view, see Add widgets to Orion Platform views.
l To add a widget to the new type of dashboard introduced in Orion Platform 2020.2, see
Customize modern dashboards.
l In SAM 2019.4 or earlier, add a widget to multiple views by clicking Settings > All Settings >
Manage Views.

Sample data appears in the Application Connections widget if a node does not host an
application dependency agent plug-in, or if polling does not find dependencies. See Deploy
Orion agents to nodes with applications you want to monitor.

page 130
If Connection Quality polling is enabled, the Application Connections widget displays the following
data about TCP connections:

l Latency: Network latency (also called response time) is the time required for a packet to travel
across a network path from a sender to a receiver. The higher the latency, the greater the impact
on application performance as perceived by users. See Troubleshooting environmental issues
with Performance Analysis (PerfStack) dashboards.
l Packet Loss: A percentage of packets lost with respect to packets sent, usually caused by
network congestion. If this value exceeds the Orion general threshold, navigate to the Nodes
with High Packet Loss widget to open the custom chart for the node.

Similar to Spotlight functionality in AppStack, you can click connection types and status indicators at
the top of the widget to filter data, as shown here:

page 131
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Interpret colors and symbols in the Application Connections widget

Orion Platform products use icons as a visual language to describe the status of items such as nodes,
interfaces, events, or alerts. Values that exceed Orion Platform thresholds appear bold on a colored
background, as shown next.

Click here to learn how node status is calculated in the Orion Platform. Starting in 2019.2,
Enhanced Node Status includes child objects.

Gray indicates that either an application is unknown or data is not displayed due to database
credential account limitations stored in the SolarWinds Information Services (SWIS) business layer:

To display… You must have permission to view…

Node-to-node links Both parent nodes

TCP connections and statistics about latency and Both parent entities — either nodes or
packet loss applications

Applications and application processes linked to a The parent node

node

Network connection thresholds for a node The parent node

For a more granular picture of dependencies, view the Connection Details page, as described next.

page 132
Connection Details page
The Connection Details page shows the entire communication stack from one node to another, which
makes it a unique troubleshooting tool.

Data displayed on the Connection Details page includes:

l The application name and detected process names, such as mysql.exe.

l Monitored TCP metrics, including:
o CPU: The percentage of CPU utilization.

o P-MEM: The amount of physical memory used.

o V-MEM: The amount of virtual memory used.

o R-IOPS: Read input/output operations per second.

o W-IOPs: Write input/output operations per second.

l The port used by the application process.

l Latency and packet loss metrics (if Connection Quality polling is enabled).
l Latest Events details.

The Connection Details page also includes a Commands menu that you can use to configure
thresholds, initiate Application Dependency polling, or hide events.

To access the Connection Details page:

1. Access a Node Details view or Application Details view in the Orion Web Console.
2. Click the arrow next to a connection displayed in the Application Connections widget.

page 133
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The Connection Details page opens, as shown in this example:

3. (Optional) Click an option on the Commands menu to:

l Configure network connection thresholds.

l Initiate Application Dependency polling immediately.
l Show or hide events.

Menu options vary based on account permissions.

page 134
Manage application dependency polling in SAM
SAM uses two types of polling to collect application dependency data:

l Application Dependency polling: Discovers and monitors connections between applications and
application processes, plus connections between applications, application processes, and
nodes.
l Connection Quality polling: Collects latency and packet loss for connections between client
nodes hosting applications and target.

Options configured on the Application Connection Settings page impact how polling occurs across
agent-monitored nodes with connections to applications.

page 135
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Manage Application Dependency polling

After SAM deploys agents to monitored nodes, Application Dependency polling scans nodes twice in
the first ten minutes and then every two hours to:

l Detect connections between applications, application processes, and nodes.

SAM also detects "from” or "to" nodes that rely on server-initiated communications, known
as “passive agents” or “agentless" nodes. See the Agent plug-in overview for details.

l Identify nodes as either targets or clients.

l Gather IP address and port data.
l Display data in the Application Connections widget on the Node and Application Details views.

Note the following details about Application Dependency polling:

l Application Dependency polling occurs every two hours, so short-term connections are less
likely to be detected due to the time between polling.
l For Windows Failover Clusters (WFCs), SAM can create application dependencies between
connected clients and listening servers on the server side for a cluster Virtual IP (VIP) instead of
an active cluster member. See Monitor application dependencies for WFCs.

In addition to updating global polling settings on the Application Connection Settings page, you can
disable the Application Dependencies feature and re-enable it again later if necessary, as described
next.

Disable the Application Dependencies feature globally

Disabling this feature at the global level does not impact Application Dependency settings
configured for individual nodes on the Node Details view.

To disable the Application Dependencies feature:

1. Navigate to the Application Connection Settings page.

2. Toggle the "Clear the Application Dependency Mapping" option.
3. Click Save changes.

SAM stops Application Dependency polling for all nodes that do not have Application Dependency
polling configured at the node level, as described next. Connection Quality polling, if enabled, also
stops.

If Connection Quality polling was enabled, SAM removes the agent plug-in that delivered the
Npcap driver but does not remove the driver. See Disable Connection Quality polling.

page 136
Manage Application Dependency polling for a specific node

You can manage Application Dependency polling for specific nodes on the Node Details view. These
settings do not change if you disable the Application Dependencies feature at the global level.

To disable Application Dependency polling for a specific node:

1. Navigate to the node in the Orion Web Console.

2. Click Edit Node on the Node Details view.
3. Clear the Application Dependency Polling Enabled check box.

To initiate Application Dependency polling for a single node:

1. Navigate to the Node Details view for the node.

2. Click Poll Now.

To execute Application Dependency polling immediately across poll multiple nodes:

1. Navigate to the Manage Nodes view.

2. Select the nodes.
3. Click More Actions > Poll Now.

Manage Connection Quality polling

In addition to showing how nodes connect to applications and application processes, the Application
Connections widget and Connection Details page can display TCP latency and packet loss metrics if
Connection Quality polling is enabled, as shown here.

page 137
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To gather TCP data, SAM deploys agent plug-ins to nodes to track communication traveling from
clients that host applications and application processes to target nodes detected by Application
Dependency polling.

Note the following details about Connection Quality polling:

l The default interval for Connection Quality polling is five minutes.

l Each dependency must involve two separate nodes.
l See Supported environments for additional Connection Quality polling requirements.
l Connection Quality polling captures TCP communications only. To track non-TCP
communications in the Orion Platform, create a Windows Service monitor for the
NetTcpPortSharing service.

SAM uses Nping to generate network packets on nodes and collect data for Connection Quality
polling. To support Nping, SAM deploys an Npcap driver. If you disable polling later, SAM
removes the plug-in but not the Npcap driver. See Disable Connection Quality polling.

Enable Connection Quality polling

To enable Connection Quality polling:

1. Navigate to the Application Connection Settings page.

2. Under Connection Quality Settings, toggle the Enable Connection Quality Polling option to On.
3. Click Save changes.

Disable Connection Quality polling

If you disable the Connection Quality Settings option on the Application Connection Settings page,
SAM stops gathering latency and packet loss metrics but continues to gather application connection
data. The status of connection entities appears as Unknown on the Connection Details page.

When you disable Connection Quality polling, SAM removes agent plug-ins that delivered
Npcap drivers but does not remove the actual drivers. If remaining drivers present a security
concern for your organization, see Remove an Npcap driver after disabling Connection Quality
Polling.

page 138
Troubleshoot application dependency issues in SAM
If the Application Connections widget of a Node or Application Details view displays sample data with
a "Why don't I see any connections?" message, follow these steps:

1. Review your environment to ensure that:

l Orion Platform settings are configured appropriately.
l Application Dependency monitoring does not surpass recommended limits.
l Remote computers that host nodes use supported environments.
l Polling is enabled on the Application Dependency Settings page.

If polling stops after a recent SAM upgrade, note that the Application Dependencies
feature is disabled during upgrades to prevent performance issues for environments
with large quantities of nodes. Re-enable polling, if necessary.

2. Make sure Orion agents were deployed to nodes that you want to monitor for dependencies. You
can check them on the Manage Agents page.
3. Assign application monitors to nodes.
4. Review events displayed on the Connection Details page.
5. Explore Application Dependency log files.

If polling fails for Windows Server 2012 nodes, see Agent-related issues.

Review the following topics before contacting SolarWinds Customer Support:

l Troubleshoot agent-related issues for application dependencies in SAM

l Troubleshoot data-related issues for application dependencies in SAM
l Troubleshoot miscellaneous application dependency issues
l Locate application dependency log files for SAM

Troubleshoot agent-related issues for application dependencies in SAM

If you suspect agent issues are interfering with Application Dependencies and/or Connection Quality
polling, here are some items to check:

l Review Configure the Application Dependencies feature to make sure that each node being
polled:
o Uses a supported environment.

o Is monitored by an Orion agent.

o Has an application monitor assigned to it.

l Review agent information in the Orion Platform Administrator Guide.

page 139
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Navigate to the Manage Agents page to check if agents are currently being deployed. Wait 10
minutes for deployment to finish and polling to occur.

High CPU usage during polling

An Orion agent hosted on a minimally provisioned server can consume CPU usage. Try reducing the
quantity of monitored elements or increasing server resources.

Connection Quality polling fails for Windows Server 2012 nodes

If polling fails for Windows Server 2012 nodes, restart the nodes and wait for Connection Quality
polling to occur. If the issue continues, visit the SolarWinds Success Center and see Connection
Quality polling fails on Windows Server 2012 nodes.

Polling fails without errors

If application dependency data does not display as expected for a node:

1. Check if SAM deployed agent plug-ins to Orion agents on the node. Click Settings > Manage
Agents > Select agent > More Actions > View installed agent plug-ins.
2. Navigate to the Node Details view to ensure that Application Dependency polling was not
disabled for the node.

Polling can also fail if:

l A related component was removed or disabled.

l Agent plug-ins are currently being deployed, especially if the Application Dependencies feature
or Connection Quality polling was disabled and then enabled again. Wait 10 minutes and try
again.

“Plug-in update required” notice

By default, the Allow Automatic Agent Updates option is enabled on the Settings > All Settings >
Product Specific Settings > Agent Settings page. SAM deploys agent plug-ins to agent-monitored
nodes when Application Dependency polling detects interaction between an application and/or
application process and a node. Although most Orion Platform agents are deployed in advance,
application dependency agent plug-ins are deployed immediately if an application-to-node connection
is found.

page 140
If the Allow Automatic Agent Updates option is disabled on the Agent Settings page in the Orion Web
Console, SAM cannot deploy agent plug-ins to server nodes and the status of the agent appears as
"Plug-in update required" on the Manage Agents page.

If expected application dependencies do not appear after polling, navigate to the Manage Agents
page. If a "Plug-in update required" notice appears for a node, you can either:

l Enable the Allow Automatic Agent Updates option on the Agent Settings page so SAM can
deploy plug-ins automatically to all agent-managed nodes.
l Update agents individually on the Manage Agents page.

Application Dependency agent plug-in installation fails on Linux systems

Application Dependency agent plug-in deployment fails on 64-bit Linux systems and the following
message on the Installed Agent Plug-Ins page: "Installation of 'Application Dependency Mapping -
Linux x64' failed. Invalid argument Code [0x16]." This occurs because the owner of the plug-in file
prevents the removal of the old version due to permission issues. Click here for workarounds.

Uninstall Npcap drivers after disabling Connection Quality polling

When Connection Quality polling is enabled on the Application Dependency Settings page, SAM
deploys ADMConnectionQuality plug-ins with Npcap drivers to Windows nodes for the collection of
latency and packet loss metrics.

If you disable Connection Quality polling, you can use a template to remove Npcap drivers, if
necessary. See Remove Npcap driver after disabling Connection Quality Polling for ADM.

Nping returns “Unable to start either npcap or npf service” message

This message appears for nodes running Windows 2007 or if driver installation protection is enabled
for Windows 2008 R2 or later. It is related to the Npcap driver deployed via an agent plug-in that
supports the Nping tool which SAM uses to gather connection statistics on Windows nodes.

SolarWinds recommends upgrading nodes to Windows 2008 R2 or later. Otherwise, you will be
prompted to install Npcap each time polling occurs for Windows nodes.

Security warnings for the Orion server

If Connection Quality polling is enabled, Orion deploys agents and agent-plugins to nodes connected
to clients that host applications and application processes that may trigger warnings in third-party
security software. Downloaded items include:

l An Orion agent.
l An agent plug-in that includes an Npcap driver to support Nping.
l A Microsoft Visual C++ Redistributable package

page 141
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Troubleshoot data-related issues for application dependencies in SAM

Review this section if unexpected data appears in the Application Connections widget and/or the
Connection Details page.

Stale data

The Application Dependencies feature is designed to group polls into batches for efficiency so
different data may be polled at different times and the status of nodes, applications, and connections
may not seem synchronized.

If you notice outdated data, check polling intervals on the Application Dependency Settings page, as
well as intervals defined for individual nodes on the Node Details view.

Node-specific intervals override global polling intervals defined on the Application Settings
page.

Unexpected nodes in Application Connections widget

Application Dependency polling and Connection Quality polling check agent-managed nodes to
which Application Dependency plug-ins were deployed, but “to” and “from” connections can also be
detected with agentless nodes, as described in the following scenarios:

l If only the target node hosts an Application Dependency agent plug-in:

o Application Dependency polling gathers IP address and port data for the target node.

o Data related to the client node (application, process name, etc.) and connection statistics is

not gathered or displayed.

l If only the client node hosts an Application Dependency agent plug-in:
o Application Dependency polling gathers IP address and port data for the client node.

o Only IP address and port data are gathered from the server node.

o Connection statistics are not gathered.

TCP connection metrics do not update after polling

Application Dependency polling identifies agent-monitored nodes connected to applications and

deploys plug-ins to those nodes before Connection Quality polling occurs. There may be a delay in
between the two types of polling, plus agents and agent plug-ins need time to deploy. Wait for the next
Connection Quality polling cycle to begin.

Date discrepancies on Connection Details page

The Last Polled value on the Connection Details page shows the latest time of Application
Dependency polling. If polling intervals were edited for individual nodes, that date may not reflect the
date of the last poll across all nodes. For example, if Node1 was polled one hour ago, but the last
large-scale Application Dependency poll occurred two hours ago, the Last Poll date reflects the most
recent period — one hour.

page 142
Applications and application processes lack expected node dependencies

SAM removes application-to-node connections if a parent/child node or parent/child application is

removed from the Orion Platform or is no longer monitored by an agent. For dependencies detected by
Connection Quality polling, the last TCP connection is removed when the parent dependency is
removed.

A TCP connection may also be removed when:

l You remove or disable a related component.

l The LastSeenTimeStamp for the connection is not updated for over eight hours. Consider
changing the Remove down connections options on the Application Dependency Settings page.
See Customize polling settings.
l You disable Application Dependency polling for a specific node on the Edit Node page.

If applications and application processes do not have expected dependencies with nodes on the
Application Connections widget, confirm that SAM detected communication between nodes by
checking the inventory log:
C:\ProgramData\SolarWinds\Logs\ADM\{NodeID}_{NodeIP}.log

Check the data processing logs for monitoring applications on each node:
C:\ProgramData\DataProcessingLogs\NodeId-{NodeID}\*.log

"Unknown" connection status

If you initiate polling on the Connection Details page, Application Dependency polling starts but an
"Unknown" connection status may appear until the next Connection Quality poll occurs (every five
minutes, by default).

"Loopback" connection status

TCP Loopback connections established internally on a node may appear on the Application
Connections widget. A Loopback connection status indicates an internal connection on the node
(localhost connection). If the destination and source nodes are the same, Connection Quality polling
ignores the connection.

Hyperlinks to Orion components (process, port) missing

The application monitor does not contain a component monitor that SAM can refer to for the given
process or port.

page 143
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Troubleshoot miscellaneous application dependency issues

This section contains additional troubleshooting tips for the Application Dependencies feature.

Check Application Dependencies services

The following table describes where to check to ensure Application Dependencies services are
functioning. See Application Dependencies log files for log file locations.

Group
Description Expected results
Status

Check nodes that will be Collector See polling plans for nodes with active applications.
polled Service
log

Check planned jobs Polling See jobs created for node active applications.
Plan log

Check that a publish-subscribe Business See the cache that was created, along with inventory
pattern (pubsub) succeeded Service messages received for node with active applications.
log

Handle HTTP listeners port sharing in Windows

A networking Windows OS subsystem is implemented as a kernel-mode device driver called the

HTTP protocol stack — also called HTTP.sys. This driver listens for HTTP requests from the network,
passes requests to IIS or other applications for processing, and returns processed responses to client
applications.

Detecting HTTP connections is not the main goal of the Application Dependencies feature. Typically,
communication between clients and HTTP servers is not permanent, and Application Dependency
polling occurs relatively infrequently so it will not detect short HTTP connections.

HTTP connections may appear in the Application Connections widget in the following circumstances:

l Random capture of common HTTP(s) occurred.

l Orion Server communication was captured during Orion server polling or via user action in the
Orion Web Console that initiated a poll.
l HTTP communication persisted for a long time, perhaps due to tunneling of another kind of TCP
communication over HTTP(s).

page 144
Monitor Windows Communication Foundation (WCF) communication

The Windows Communication Foundation (WCF) application uses the Net.TCP Port Sharing service
to share ports across multiple processes to reduce the number of ports that need to be open on a
firewall. That service listens on port 17777, which is the same port where several Orion Platform
services listen so they can forward communication to the Orion Platform through an internal, non-TCP
communication channel.

Locate application dependency log files for SAM

The Application Dependency polling job searches for application and application process
connections from nodes monitored by agents to which application monitors were assigned. The job
also tracks the creation of application dependencies, as indicated by agent plug-ins that SAM deploys
during polling.

SAM stores application dependency polling logs in the following default locations:

l Orion server:
o C:\ProgramData\SolarWinds\Logs\ADM\
o C:\ProgramData\SolarWinds\Logs\SAM.ADM\
o C:\ProgramData\SolarWinds\Collector\Logs\Plugins\ADM.Plugin.Application
TcpConnection.Creator.log
l Target machines:
o C:\ProgramData\SolarWinds\Logs\Agent\

Connection Quality polling logs are stored in the following locations on the Orion server:
l C:\ProgramData\SolarWinds\Logs\ADM
l C:\ProgramData\SolarWinds)\Logs\Agent\

To free up disk space, move logs to the C:\Program Files

(x86)\SolarWinds\Logs\SAM.ADM\ folder where files are automatically deleted after five
days by default.

Application dependency database tables

The following tables are stored on the Orion database server. You can use the Database Manager to
view the SolarWinds database.

l ADM_NodeInventory: Lists all nodes with application dependency agent plug-ins and last poll
data.
l ADM_NodeSettings: Lists custom Application Dependencies settings for each node.

page 145
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l APM_ApplicationTcpConnection: Stores detailed data about connections between nodes and

applications, including:
o Process name that connects to the application

o Command line details

o Service name

o Port and server details

l APM_ApplicationTcpConnectionView (View): Stores detailed data about connections between

nodes and applications, including:
o Process name that connects to the application

o Command line details

o Service name

o Port and server details

l APM_DependencyTcpStatistics: Stores discovered connections including DependencyID

l APM_DependencyTcpStatisticsView (View) – Stores discovered connections including
DependencyID

Monitor hardware health in SAM

You can use SAM to monitor the health of Dell, HP, HPE ProLiant, IBM, Cisco UCS, and Nutanix
hardware components such as temperature, fan speed, power supply, CPU, memory, disk space, and
more. SAM provides instant visibility of the status (up, critical or warning), allows you to set baseline
values, and alerts you if levels fall below set thresholds.

To get started monitoring hardware health for Dell, HP, HPE ProLiant, and IBM devices:

1. Review Hardware health monitoring requirements.

2. Download, install, and configure agent software from third-party vendors so SAM can gather
details that are not available natively from server operating systems. Click here for details.
3. Run Discovery to detect third-party agent software and hardware health sensors on servers, and
automatically enable hardware health monitoring across multiple nodes. Note the following
details:
l You can also enable hardware health monitoring in the Add Node Wizard or Node Details
views.
l When Discovery enables hardware health monitoring for eligible devices, Asset Inventory
data collection is also enabled to track each node's hardware and software daily.
l Although Hardware Health and Asset Inventory can both be enabled automatically during
Discovery, they can function independently of each other. For example, you can collect
Asset Inventory daily for a node without polling for hardware health every 10 minutes.

page 146
To monitor hardware health for UCS devices, start by adding the parent UCS controller to the Orion
Platform. See Monitor Cisco UCS Devices for details.

To monitor hardware health in Nutanix environments, add Hyper-V or VMware nodes for monitoring,
add the parent Nutanix cluster, and provide Controller VM (CVM) credentials. See Monitor hardware
health for Nutanix clusters.

Hardware health monitoring for UCS and Nutanix devices is not currently supported by the
Orion Remote Collector feature introduced in SAM 2020.2.1. To learn more about UCS and
Nutanix monitoring, see the Orion Platform Administrator Guide.

Note the following details about hardware health monitoring in SAM:

l Hardware health monitoring is a database-intensive feature. Heavy usage can impact database
performance and increase the size of the Orion database. To improve performance, consider
how often you need to poll statistics, and how long data is archived. See Update polling settings
in the Orion Platform.
l Certificate errors found during polling are ignored by default, but you can change that setting.
l For tips on monitoring HPE Proliant Gen10 servers, see this THWACK post.

See also:

l Troubleshoot hardware health monitoring in SAM (SAM online help)

l Troubleshoot hardware issues in the Orion Platform (Orion Platform Administrator Guide)
l Difference in hardware health by manufacturer and polling method for servers (Success Center)

Hardware health monitoring requirements for Dell, HPE, and IBM devices in
SAM
This section describes hardware health monitoring requirements for the following systems:

l Dell servers with OpenManage Server Administrator Managed Node 7.2 or later
o Including Dell M1000e and Dell PowerEdge M610, R210, R610, R710, R900, 1950, 2850,

2950, 2970, and 6850

l HPE BladeSystem servers with HP System Insight Manager 6.2 or higher
o Including C3000 and C7000

l HPE ProLiant Gen10 servers with SIM 8.0 or later (via SNMP protocol only)
o Including DL320 G4, DL360 G3, DL360 G4, DL380 G4, DL380 G6, and ML570 G3

HP WBEM providers are required for HPE servers polled via WMI.

page 147
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l IBM servers with IBM Director (Common Agent, 6.3 or higher)

o Including System x3550, System x3550 M2, System x3550 M3, System x3650, System

x3650 M2, System x3650 M3, x3850, and eServer 306m

IBM ServeRAID Manager software must be installed on IBM X-Series servers to

display storage hardware health information.

Additional hardware may be supported with a limited amount of data returned by polling.

SAM also supports hardware health monitoring capabilities shared with SolarWinds Virtualization
Manager (VMAN), as documented in these sections of the Orion Platform Administrator Guide:

l Monitor Cisco UCS Devices

l Monitor hardware health for Nutanix clusters

OS and protocol requirements

Hardware health monitoring for Dell, HP, HPE, and IBM servers supports the following operating
systems and protocols:

Operating System Protocol

Windows SNMP, WMI

Linux SNMP

AIX v7 and higher SNMP

VMware ESX/ESXi v4.x and v5.x CIM, VMware API

l Use SNMP for VMware nodes not polled via CIM

or the VMware API.
l Open port 5989 to poll VMware servers via CIM.

VMware API for ESX/ESXi hosts polled HTTPS

via vCenter

Download and install third-party software

SAM uses standard protocols such as SNMP and WMI to monitor hardware health data, but not all
information is available natively from an OS without installing the hardware vendor's required agent
software. To download agent software for supported devices, visit the Success Center and see Third-
party software required to monitor hardware health and collect asset inventory information.

page 148
Enable hardware health monitoring for nodes in SAM
When you add nodes during Discovery, hardware health sensors are automatically enabled for
devices that meet SAM's hardware health monitoring requirements and polling begins. Additional
places where you can enable hardware health monitoring include:

l The Add Node wizard

l The Node Details view.

Enable hardware health monitoring from the Add Node Wizard

When selecting resources for monitoring a node in the Add Node wizard, select the Hardware Health
Sensors box to enable hardware health monitoring.

Enable hardware health monitoring for an individual node

1. Click My Dashboards > Home.

2. In the All Nodes widget, click the node you want to monitor.
3. Click List Resources.

4. Select Hardware Health Sensors, and click Submit.

SAM also supports hardware health monitoring for Nutanix clusters, including child Hyper-V
and VMware nodes.

page 149
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Configure certificate error handling for hardware health polling

By default, SAM ignores certificate errors during hardware health polling. You can update that setting
so users are prompted to verify untrusted connections before proceeding.

1. Log into the Orion server as an administrator.

2. Use the Orion Service Manager to stop the SolarWinds Collector Service.
3. Navigate to the default folder in File Explorer, C:\Program Files
(x86)\SolarWinds\Orion\HardwareHealth.

4. Using a text editor, open SolarWinds.HardwareHealth.Collector.dll.config.

5. Scroll to <appSettings> and change false to true in the
HardwareHealthVerifyServerCertificateline, as shown here:

<add key="HardwareHealthVerifyServerCertificate" value="true" />

6. Save your changes.

7. Restart the SolarWinds Collector Service.

page 150
Use alerts to monitor your SAM environment
An alert is an automated notification that a network event occurred; for example, when a server doesn't
respond. The network event that triggers an alert is determined by conditions you set up when you
configure your alert. You can schedule alerts to monitor your network during a specific time period,
and create alerts that notify different people based on when the alert is triggered.

The types of events you can create alerts for vary, depending on the Orion Platform products installed.
For example, in NPM you can create an alert to notify you if a node in a specific location goes down or
if the network response time is too slow. With SAM, you can receive alerts when application response
times lag, or your Exchange mailbox database is almost full.

Create alerts for any monitored object, and alert against volumes and nodes with most Orion Platform
products. You can also use SAM component monitor and application monitor variables in alerts. See
also Manage thresholds in SAM.

To get started, click Alerts & Activity > Alerts, and then click Manage Alerts. For steps involved in
setting up an alert based on component monitors, see Create an alert for monitored components in the
Success Center.

See the Orion Platform Administrator Guide to learn more about alerts, or watch an in-depth
SolarWinds Lab episode, All About Alerts.

page 151
Monitor processes, services, tasks, and events in real time
SAM provides several ways to monitor real-time events, including options to create component
monitors from events and handle Windows tasks for monitored servers.

l Use the Real-Time Process Explorer in SAM

l Use the Service Control Manager in SAM
l Use the Windows Scheduled Tasks Monitor in SAM
l Real-Time Event Log Viewer

Use the Real-Time Process Explorer in SAM

The Real-Time Process Explorer (RTPE) displays monitored and unmonitored processes for WMI and
SNMP monitored nodes directly in SAM. The advantage of the RTPE is that you no longer need to
physically or remotely log into a computer and run the Task Manager to retrieve that machine's vital
statistics.

Note the following details about the Real-Time Process Explorer:

l You can access the RTPE from the Management widget on Application Details views and Node
Details view.
l Only SAM administrators can end processes or enable/disable the RTPE.
l The User Name and Command Line columns are hidden by default.
l On nodes monitored via ICMP, you'll need to enter Windows credentials manually each time you
use the RTPE. Consider promoting the selected node to SNMP or WMI to avoid this issue.

Pop-ups must be enabled for the Real-Time Process Explorer to be viewed.

To access the Real-Time Process Explorer:

1. Click My Dashboards > Applications > SAM Summary page.

2. In the All Applications group, drill down to an application and click it.

page 152
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

3. In the Management widget, click Real-Time Process Explorer.

The Real-Time Process Explorer displays processes related to the application and node, as shown
here.

Select a process and click an option at the top of the widget to control polling, use different credentials,
end a process, or start monitoring one.

To learn more, see:

l Monitor unmonitored processes in SAM

l Real-Time Process Explorer data
l Real-Time Process Explorer alerts in SAM
l Real-Time Process information in "Top XX" alerts
l Real-Time Event Log Viewer

Monitor unmonitored processes in SAM

Processes currently monitored by SAM are indicated by the application icon and name of the
assigned application. Processes that are not currently monitored by SAM are indicated by the [+]
symbol, followed by the words, Start monitoring.

page 153
 1. From the RTPE, click Start monitoring.
2. From the Edit Properties section of the Component Monitor Wizard you can begin setting up the
selected component monitor.

Real-Time Process Explorer data

Different information is displayed in the Real-Time Process Explorer (RTPE) depending on which
protocol you use to monitor a node. The table below shows the differences in the information gathered
based on the protocol used.

Monitor Process WMI SNMP Orion Agent for Linux/Unix

Name Yes Yes Yes

Process ID Yes Yes Yes

Assigned Application Yes Yes Yes

CPU usage Yes Yes Yes

Physical Memory Yes Yes Yes

Virtual Memory Yes No Yes

Disk I/O Yes No Yes

User Name Yes No Yes

Command Line Yes* Yes* Yes*

Polling interval Five seconds Up to two minutes

Windows servers update SNMP statistics every two minutes, and it takes two updates to provide an
accurate calculation. Data displayed in the RTPE via SNMP can take up to four minutes to appear.

Empty rows may appear if your Orion account does not have rights to display certain data.

By default, all available columns, except the User Name and Command Line, appear for the top
ten running processes. To sort, add, or remove columns, click the column header and then click
the drop-down arrow.

page 154
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Show all running processes

Click Show All in the bottom-left of the window.

Show a set number of running processes

Change the number in the text box next to the Show All button

Pause polling

If available, click Pause Polling in the top-left of the window.

End processes

Check the boxes next to the processes you want to end and then click End Process. This
option is only available when the RTPE is using a WMI connection.

Start polling

Click Start Polling in the top-left of the window.

For Windows-based nodes, change the credentials by clicking Use Different Credentials to open the
credential library dialog box.

Clicking Refresh will re-poll the running processes.

Real-Time Process Explorer alerts in SAM

Three alerts are included with the Real-Time Process Explorer:

l High CPU Percent Utilization with Top 10 Processes

This alert sends an email when the CPU utilization is greater than 80%.
l High Physical Memory Utilization with Top 10 Processes
An alert is sent when physical memory usage is at or above 90%.
l High Virtual Memory Utilization with Top 10 Processes
An alert is sent when virtual memory usage is at or above 90%.

Use the Alert Manager to create, edit, delete, enable, or disable alerts. You can access the Alert
Manager from these places:

l Settings page (recommended): Click Settings > All Settings. Under Alerts & Reports, click
Manage Alerts.
l Active Alerts Details page: Click Manage Alerts in the Management widget.
l Node Details view: Click Manage Alerts in the All Alerts this Object Can Trigger widget.

To learn more about alerts, see the Orion Platform Administrator Guide.

page 155
 Alerts may lag if monitoring hardware health via SNMP. It takes two updates to these statistics
to provide an accurate calculation, so an alert can take up to four minutes to reach its recipient.
To expedite this process, change the protocol to WMI, which updates every five seconds.
Consider adjusting the trigger time to a value greater than two minutes.

Real-Time Process information in "Top XX" alerts

SAM provides additional troubleshooting information for high CPU, memory, and virtual memory by
sending email alerts. This is done by utilizing the Top Offending Processes metric running on the
server at the time of the alert.

Find the executable path SolarWinds.APM.RealTimeProcessPoller.exe and its command line

arguments below.

Here is command line argument syntax:

SolarWinds.APM.RealTimeProcessPoller.exe -n=<NodeID> [-
count=<NumberOfProcesses>] [-sort=<SortBy>] [-timeout=<PollingTimeout>] [-
alert=<AlertDefID>]

Command line argument variables are included in the following table:

Variable Definition

-n ID of a Node (NodeID), which is polled.

-count The number of processes to show.
-sort The criteria used to select top processes, including:

l CPU - Processor time. This is the default value if the

command line argument is not specified.
l PhysicalMemory - Process physical memory.
l VirtualMemory - Process virtual memory.
l DiskIO - Process disk I/O per second.

-timeout Timeout for polling in seconds.

-alert The AlertDefID of associated triggered alert. If this
argument is provided, then alert notes are updated with the
results from polling.
-activeObject The ActiveObject property of the associated triggered alert.
If this argument is not provided, NodeID is used.

page 156
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Example 1

This example returns the top 20 processes with the highest virtual memory consumption running on
the host with node ID 123.
SolarWinds.APM.RealTimeProcessPoller.exe -n=123 -count=20 -sort=VirtualMemory -
timeout=300

Example 2

This example uses the Execute an External Program alert action:

SolarWinds.APM.RealTimeProcessPoller.exe -n=${NodeID} -alert=${AlertDefID}

Example 3

This example uses the Execute an External Program alert action for an alert defined for virtual
memory:
SolarWinds.APM.RealTimeProcessPoller.exe -n=${NodeID} -alert=${AlertDefID} -
activeObject=${NetObjectID} -sort=VirtualMemory

Real-Time Event Log Viewer

View Windows event logs in real-time using the WMI protocol with the Real-Time Event Log Viewer
(RTEV). Event logs can be filtered by log type, event source, and the level of severity.

The viewer allows you to:

l Start monitoring selected real-time Windows event log entries

l Pause and restart polling
l Log into the selected server with different credentials

Access the Real-Time Event Log Viewer

1. Click My Dashboards > Applications > SAM Summary.

2. Select an application from the All Applications widget.
3. Select Real-Time Event Log Viewer from the Management widget.

page 157
 The Real-Time Event Log Viewer opens with a filterable list of all events and logs.

Enable pop-ups so you can display the Real-Time Event Log Viewer.

page 158
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Filter Real-Time Events

After the events of the selected Log Type are collected and appear in the window on the right, you can
filter the results with various criteria.

1. Select an option from the log type drop-down menu:

2. Select Custom Sources from the Event Sources drop-down menu. Select only the sources you
want to keep when the filter is applied, as highlighted:

3. Select the type of messages you want the filter to keep by selecting the Event Level.

page 159
 4. Click Apply Filter to have the events filtered and displayed.

After filtering is complete, hide and unhide the filtering pane on the left by clicking either of the two
arrows, highlighted in red:

The display window shows a list of the most recent events. Should any new events occur while this
window is open, a green bar at the top of the window indicates that new events have arrived. Click the
green bar to add these new events to the display window.

The Level column icons correspond to the Event Level icons in the legend of the events pane.

Clicking any message in the display window brings up a message box providing the entire message
along with additional details.

Monitor events

You can monitor selected events from the Real-Time Event Log Viewer by selecting an event and
creating a component monitor:

1. Select an event and click Start Monitoring in the Message Details view.
The Add Component Monitor wizard opens with the selection.
2. Modify the Component Monitor based on the application you selected, following the wizard
steps.
3. After you begin the Component Monitor Wizard, use the option to Disable Keyword Matching.
The Include Events drop-down menu provides options to help you filter results.

page 160
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

4. Save and assign the component monitor.

Use the Service Control Manager in SAM

The Service Control Manager is similar to the Real Time Process Explorer, except it manages
services of monitored Windows nodes instead of processes. The advantage of using this feature is
that you do not have to physically, or remotely, log into a Windows computer to view and control its
services. The status of services appears directly in SAM via the Service Control Manager.

Services viewed in the Service Control Manager are polled every 25 seconds using WMI.

Accessed via the Management widget on Node Details views, the Service Control Manager shows all
services on the monitored computer. Hover over the row of any service to display details about it.

page 161
Enable the Service Control Manager

To enable the tool:

1. Click Settings > All Settings > Manage Accounts.

2. Locate the account and click Edit.
3. Expand the Server & Application Monitor Settings section.
4. For the Service Control Manager option, select Yes.
5. Save changes to the account.

Access the Service Control Monitor

You can access the Service Control Manager through the Management widget on Node Details views.

l You may need to log in with an administrator account to perform this action.
l Pop-ups must be enabled in your browser to view the Service Control Manager.
l The option may not appear if "Top 10" widgets are hidden.

1. Click My Dashboards > Home.

2. In the All Nodes group, click a node.
3. On the Node Details view, locate the Management widget and click Service Control Manager

page 162
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The Service Control Manager displays services, sorted alphabetically, along with the application
assigned to the service, if it's already being monitored.
Click a row to start, restart, or stop a service. You can also pause polling or provide different
credentials for a service.

The table below shows the default settings for the Service Control Manager:

Action Description Default Setting

Service Job Life Time The age of the information for a service. 3 min

Service Poll Interval The refresh frequency of data reported by 25 sec

the service.

Service Action Job Timeout Reports the timeout for a service. 3 min

Use the Windows Scheduled Tasks Monitor in SAM

The Windows Scheduled Tasks Monitor (WSTM) is a SAM feature that displays tasks running on
Windows nodes monitored via WMI in your environment, along with the status, last run time, and last
run results of each task. With this feature enabled, details about a node's tasks appears in the
Windows Scheduled Tasks widget on the Node Details view, as shown here.

page 163
Note the following details about the Windows Scheduled Tasks Monitor:

l It collects data from the Task Scheduler that is native to Windows, but doesn't offer the same
functionality. You can display task details in SAM, but you cannot edit tasks.
l Only tasks in the Task Scheduler Library (also called the root folder) are monitored.
l If using component-based licensing, this feature consumes five licenses per monitored node.
l Windows Scheduled Tasks data appears in AppStack for monitored nodes.

See also:

l Requirements
l Enable the Windows Schedule Tasks Monitor
l What you can do in the widget
l Alerts and reports
l Troubleshooting

Requirements

l Windows nodes with WMI enabled

l Administrator group privileges on the remote computer, unless using the Orion Agent for
Windows

Only tasks in the root folder of the Windows Task Scheduler library are monitored.

Enable the Windows Scheduled Tasks Monitor

There are several ways to enable Windows Scheduled Tasks monitoring for nodes:

l To quickly enable this feature across all Windows hosts in your environment, use the Discovery
Wizard. You can also use the wizard to surgically enable this feature only on a select group of
nodes.
l To enable this feature for an existing node, navigate to the Node Details view and click List
Resources in the Management widget. Select the Windows Scheduled Tasks option and click
Submit. If the option does not appear, see Troubleshooting.

page 164
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l To enable this feature during automated Discovery, click Define Monitoring Settings on the
Monitoring Settings tab of the Discovery wizard and select the Windows Scheduled Task option
in the Choose What to Monitor part of the wizard.

l To enable this feature if adding an individual node, select Windows Servers: WMI and ICMP as
the Polling Method and then select Windows Scheduled Tasks in the List Resources widget.

You can also enable the Windows Scheduled Tasks Monitor by assigning the Windows Scheduled
Tasks template to nodes.

What you can do in the Windows Scheduled Tasks widget

If this widget does not appear on the Node Details view as expected, click here.

Within the Windows Scheduled Tasks widget, you can:

l Hover over any task title to display details about a task.

l Sort the displayed tasks by clicking the head of each column.
l Click Edit in the top corner to change the title or subtitle of the widget.

page 165
 Click here for a list of status codes that may appear in this widget.

At the bottom of the widget, click Edit Settings to modify the Windows Scheduled Tasks monitor
assigned to the node, which is based on the Windows Scheduled Tasks template.

Windows Scheduled Tasks Monitor alerts and reports

SAM includes an out-of-the box (OOTB) alert that can notify you about task execution failures, Alert
me when task last run result is non successful. To learn how to use this alert, see Work
with preconfigured alerts in SAM.

Two reports are also available:

l The Windows Scheduled Tasks General Report displays scheduled tasks across all monitored
servers in your environment.
l The Windows Scheduled Tasks Failure Report shows only tasks on monitored nodes that failed
during their last run.

See Run a preconfigured report in SAM for details.

Troubleshooting

Why don't I see the Windows Scheduled Tasks option in the List Resources widget for a node? The
Windows Scheduled Tasks option is hidden in the List Resources widget if:

l A node is not configured for WMI polling. See Change the polling method for a node.
l No tasks are scheduled on the target node.

Why aren't scheduled tasks appearing for a monitored node? Make sure that Windows Scheduled
Task Monitor is enabled for the node. If you received a "Network path not found" message, check that
node credentials have permission to access the Task Scheduler files location. Make sure the node is
Up.

See also Out-of-the-box scheduled task alert triggers a false alert.

page 166
Use SAM templates, application monitors, and
component monitors
SAM includes over 250 out-of-the-box (OOTB) templates that you can assign to nodes and begin
using immediately to track changes in your environment. These templates are comprised of code and
scripts that you can customize for individual nodes, or groups of nodes.

Each template includes one or more component monitors designed to monitor a server, application,
database, or process. You can assign these pre-built templates to nodes to create application
monitors (sometimes called "applications) that are specific to individual nodes, as shown in the
following diagram. When polling occurs, scripts automatically gather data and report results within the
Orion Web Console.

page 167
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Application monitor templates

An application monitor template is a group of component monitors modeling the total availability
and performance level of an application. A complicated application such as Windows Server
may require dozens of component monitors to accurately assess its current status and
performance.

Instead of creating component monitors one-by-one for every application server, you can assign
a pre-made template. The template can either be one included with SAM, or a custom template
you make yourself. For example, you can assign the Active Directory 2016 Services and
Counters template to domain controllers to begin monitoring services and counters immediately.

SolarWinds recommends checking THWACK periodically for updates to SAM templates.

Except for AppInsight templates, templates are not updated automatically during
upgrades to avoid overwriting custom changes made to templates. For details, see Import
and export SAM templates.

A template is only a blueprint and does not perform any monitoring on its own. Only after
assigning the template to a server node are active assigned component monitors created.

Some templates have specific port requirements. See the SAM Template Reference for
details.

Component monitors

Component monitors are the building blocks of SAM. Each monitors the status and performance
of a different aspect of an application. There are several types of component monitors, each
containing settings that define what is monitored and how to monitor it. Some have prerequisites,
configuration, and credentials requirements for target systems.

Click here for a list of available component monitors.

Some types of component monitors allow you to set threshold conditions on the monitored
parameters. You can set separate thresholds to indicate warning and critical conditions. For
example, to monitor the percentage of free space remaining on a volume, you can set a warning
threshold at 15%, and a critical condition at 5%. Later, you can configure alerts to notify key staff
if monitored values exceed set thresholds.

Click here to learn more about thresholds.

As an analogy, pretend SolarWinds SAM is monitoring a car. You would have component
monitors to check tire pressure, engine RPM, water temperature, battery voltage, and other
important subsystems of that vehicle. You can set alerts to give notification if the water gets too
hot, or if the battery voltage drops too low.

page 168
 To continue the car analogy, pretend you want to monitor a fleet of 50, 2010, blue Dodge
Charger automobiles. Instead of defining the component monitors for 50 cars, you can define all
the component monitors in a Dodge Charger template.

Assigned component monitors

Assigned component monitors are created by assigning application monitor templates to server
nodes. Each actively monitors its assigned node according to its settings. Component monitors
inherit these initial settings from the template. If you change a component monitor in a template,
that same change is made to all assigned application monitors based on the template.

You can override the template settings at any time, breaking the inheritance relationship
between the component monitor and its template. For example, the user name and password
usually differ for each node, and you would select a different credential for each assigned
application monitor, thus overriding the template setting for the Credentials field.

To restore the inheritance relationship between a component monitor and its template, click
Inherit From Template next to the setting.

Continuing the car analogy, when you assign the Dodge Charger template to a Dodge Charger
vehicle, you now have a set of assigned component monitors for monitoring the vehicle’s tire
pressures, engine RPM, and so forth.

Assigned application monitors

An assigned application monitor runs its component monitors at regular intervals, and then
uses the status results from the component monitors to determine an overall status for the
application.

If some component monitors are up and others are down, the application monitor follows the
Status Rollup Mode setting in the Orion Web Console Settings to show either the worst status of
the group or a warning status.

The difference between an assigned application monitor and a template is that the template is
only a blueprint and does not perform any monitoring on its own. Only after assigning the
template to a server node does SolarWinds SAM conduct any actual monitoring on the node.

To complete the car example, you assign the Dodge Charger template to all the Dodge Charger
vehicles to create the assigned application monitor and determine the overall status for your
Dodge Charger fleet. For example, the fleet may be 95% available at a given time due to
warnings for some of the cars.

page 169
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The following diagram illustrates the workflow involved in creating an application to be monitored by
SAM.

page 170
AppInsight templates

AppInsight templates are specialized, complex SAM templates designed for in-depth monitoring
of Microsoft Active Directory, Exchange, IIS, and SQL. In addition to monitoring virtually every
aspect of these key business tools at the server level, you can drill down into the data store layer
for performance data. For details, see Monitor with AppInsight applications.

To learn more about templates, application monitors, and component monitors, see:

l The template and application monitor relationship

l Manage SAM templates and application monitors
l Manage thresholds in SAM
l Work with SAM component monitors
l Use PowerShell in SAM templates, application monitors, and component monitors
l Example tasks for SAM application monitors

Additional learning resources include:

l SAM Custom Template Guide

l SAM Template Reference
l Understanding Application Templates (video)
l Creating a New Application Template (video)
l Managing Assigned Application Monitors (video)
l Building & Implementing Custom Application Templates (SolarWinds Academy)
l Expert Series: SAM - Alerting and troubleshooting templates (SolarWinds Academy)
l Use properties and variables in SAM application monitors and component monitors in alerts
(SAM online help)
l Using Automation to Apply SAM Templates (video)

Many templates, application monitors, and component monitors can use Orion agents to collect
data from target servers. See Monitor with Orion agents in SAM.

Looking for a way to poll data from remote APIs? In SAM 2020.2 and later, use the API Poller
feature to gather metrics for nodes via an external REST API.

page 171
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The template and application monitor relationship

The following illustration shows how SAM application monitor templates and application monitors
relate; it applies to all SAM templates, including AppInsight templates.

If you change a configuration setting or component monitor at the template level, all application
monitors based on that template are affected. For example, if you adjust a threshold for a component
monitor, that change is made to the same component monitor in all application monitors based on the
template. This inheritance relationship helps you make bulk changes quickly. Rather than change one
item in 100 application monitors based on a single template (requiring 100 changes), you can make
the change once in the template and that change is inherited by all child application monitors.

However, if you go one level deeper and edit a component monitor setting in an application monitor,
that change only impacts the application monitor, not the original template. If you change thresholds at
the component monitor level, only thresholds of the individual component monitor are affected.
Thresholds on the parent template, or other application monitors based on the parent template, are not
impacted.

page 172
Manage SAM templates and application monitors
As described here, a SAM template is the blueprint for an application monitor that can be used to
monitor nodes and processes. It is a collection of component monitors designed to monitor a server,
application, or process. You can use the templates included in SAM "as is", copy a template and
customize it for your needs (recommended), create a template from scratch, or import templates from
THWACK.

This topic describes basic template-related tasks, including:

l Create a template
l Assign a template to a node
l Edit a template
l Copy a template
l Delete a template
l Tag a template
l Change between 32-bit and 64-bit polling

Additional topics in this section include:

l Best practices for SAM templates, application monitors, and script monitors
l Understand the Credentials Library in SAM
l Assign templates to nodes manually to create application monitors
l Use group assignments for SAM templates and application monitors
l Create a template in SAM
l Import and export SAM templates

page 173
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

See also:

l Manage thresholds in SAM

l SAM Custom Template Guide
l SAM Template Reference

Create a template
SAM includes two options for creating templates:

l (Recommended) Use the Component Monitor Template Wizard to create component monitors
and add them to a new template. This option adds instances of a component monitor type with
fewer steps to create a template.
l Create a fresh template without component monitors, and then add component monitors
manually.

The fastest way to build a template is to use the Component Monitor Wizard, which provides the most
common and popular component monitors per platform. You can use it to add multiple instances of a
selected component monitor to a new or existing template, and then edit the template to add more
component monitors as needed.

For example, you may need to monitor 20 services on servers and run custom PowerShell scripts.
Use the wizard to generate a template with 20 process or service monitors (depending on your use
case), and then add PowerShell script monitors as needed.

When you enter credentials for component monitors, a connection test runs. Depending on the
components, you may need to enter additional server and credentials data.

To create a template in the Component Monitor wizard, follow these steps.

1. Select the type of component monitor you're adding.

2. Select a target server in your environment and complete required fields.

3. Select from a list of available processes, services, and performance counters for the server.

page 174
 4. Edit the properties of component monitors, as necessary.

See Use script component monitors in SAM to learn about PowerShell, Nagios,
Linux/Unix, or Windows scripting in custom templates.

5. Provide an Application Monitor Template Name.

Avoid spaces at the beginning or end of the name. Otherwise, application monitors based
on the template may not appear in widgets.

6. Assign the template to nodes in your environment according to server type.

7. Review the configuration of the new template and confirm that you want to create it.
SAM creates the template and assigns it to the selected nodes.

If you do not want to use the wizard, you can also create a new, empty template and add component
monitors as needed. For example, you may only want to create a template with PowerShell script
monitors to gather data on your systems and applications.

1. Click Settings > All Settings > SAM Settings and select Manage Templates.
2. Click New Template.
3. Add general information and settings for the template including name, description, and tags.

Avoid spaces at the beginning or end of the name. Otherwise, application monitors based
on the template may not appear in widgets.

4. Based on the number of component monitors, set the polling frequency and timeout.

Continue by adding component monitors.

Create a custom template (Example)

For customized monitoring, you can create new templates based on existing templates or build
templates from scratch. For example, you can build a template to monitor a local SQL Server instance
that includes Windows Service component monitors, a TCP port monitor for your SQL server, and an
HTTP monitor for the Orion Web Console.

This template could include the following monitors:

l TCP port component monitor to monitor port 1433, the port through which SolarWinds
communicates with the SQL Server.

page 175
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Service component monitors for the following Windows services:

o SolarWinds Alerting Engine

o SolarWinds Network Performance Monitor

o SolarWinds Job Engine

o SolarWinds Job Scheduler

o SolarWinds Module Engine

o SolarWinds Syslog Service

o SolarWinds Trap Service

l HTTP component monitor to monitor port 80, the default port for the Orion Web Console.

To learn more, see the SAM Custom Template Guide.

Create a SAM template to monitor a service

You can create templates specifically for the following Windows services that support the Orion
Platform:

l SolarWinds Network Performance Monitor

l SolarWinds Job Engine v2
l SolarWinds Job Scheduler
l SolarWinds Module Engine
l SolarWinds Syslog Service
l SolarWinds Trap Service

When creating templates, modify these instructions based on the services you are monitoring:

1. Click Settings > All Settings > SAM Settings > Create New Template.
2. Add general information to the template including a name, description, and tags. Tags are used
for searching or opening lists of templates.
3. Click Add Component Monitor, expand the Network Protocol Component Monitors list, and
select TCP Port Monitor. Click Submit to add.
4. Click Rename and name the TCP port monitor, and click OK.
5. Ensure the Port Number field corresponds to the port used to communicate with the SolarWinds
SQL Server instance. By default, this is port 1433.
6. Click Add Component Monitor, expand the Process and Service Component Monitors, and
check Windows Service Monitor and click Submit.
7. Click Rename, name the SolarWinds Alerting Engine monitor, and click OK.
8. Enter or select the credential set to use when accessing the Windows service information.

page 176
 9. Enter the name of the SolarWinds Alerting Engine service in the Net Service Name field.
10. Click Add Component Monitor then expand the User Experience Component Monitors list, and
then check HTTP Monitor.
11. Click Rename, name the HTTP port monitor, then click OK.
12. Ensure the Port Number corresponds to the port used for the Orion Web Console, then click
Submit.

Assign a template to a node

To begin monitoring with a template, you need to assign it to a node. At that point, the template is
considered to be an "application monitor" (sometimes called an "application") that collects and reports
on polling data to the node according to the application monitor's configuration.

Use the Discovery Wizard to add nodes, if necessary.

To assign templates to nodes:

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Check the template(s) to assign, and click Assign to Node.
3. Specify the node(s) to monitor and click Next.
4. Enter or select the appropriate credentials.
5. Click Assign Application Monitors.

Want to learn how to use Orion Platform groups to automatically assign or remove SAM
templates? Check out the Using Automation to Apply SAM Templates video. See also Group
monitored objects, in the Orion Platform Administrator Guide.

Edit a template
Every template, including default SAM templates, can be modified. You can change the name,
description, general settings, and application monitors. You can also create a copy of a template and
modify the copy.

1. Click Settings > All Settings > Settings > Manage Templates.
2. Select a template and click Edit.

page 177
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

3. Specify the values for the Polling Frequency and Polling Timeout fields.

Setting a polling frequency below 30 seconds can result in erratic monitor behavior.

4. To add a monitor, click Add Component Monitor. Expand and filter through the options to add
one or more monitors to the template.
5. You can edit one or more monitors, update settings per monitor, and more. See Edit component
monitors in templates and application monitors for details. To review help information per
monitor, use the help option in the Orion Web Console.
6. When done, click Submit to save the changes.

Add component monitors

When editing a template, you can add one or more SAM component monitors. This scenario uses the
Manually Add Component Monitor option where you select component monitors from a list to add to
the template. Alternatively, you can use Browse for Component Monitors to select items in the
Component Monitor wizard.

1. Next to Add Component Monitors, click the option button and select Manually add Component
Monitors.

page 178
 2. In the list of component monitors that appears, select the check box for the monitor you're adding
to the template.

3. (Optional) Click inside the Quantity field and enter a digit to add multiple versions of the same
monitor.
4. Click Add.
5. Modify the configurations and custom settings per monitor, as necessary.
6. When you return to the Edit Template page, expand each component monitor to configure
settings, add scripts, and more.

7. When finished, click Submit.

Click Save and Continue Working as you add and complete component monitors.

Copy a template
You can modify current templates, or create a copy. With copies, you can use a base template from the
default templates, imported templates, or templates you created. Using a copy for a new template can
make the process much faster than starting a new template without pre-filled monitors and
configurations.

The copied templates use the same name of the original name with "- Copy" appended.

page 179
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

If you want to completely modify a current template, use a copy to keep the original.

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Select the template you want to copy, and click Copy. A new template is added with the same
component monitors and configured settings, which you can modify, as necessary.

Delete a template
Deleting a template also deletes all of related application monitors assigned to nodes, both modified
and unmodified.

Template-related data is not immediately removed from the Orion database, but systematically
updated every few minutes in the background.

Instead of deleting a template, consider exporting it to a file so you can restore it later, if
necessary.

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Check the template(s) to delete and then click Delete.
3. Confirm deletion by clicking Yes.

Tag a template
Tags are descriptive labels that help you classify and sort templates on the Manage Application
Monitor Templates page. Templates included in SolarWinds SAM are already tagged with several
descriptive labels you can modify as you see fit.

1. Click Settings > All Settings > SAM Settings > Manage Templates.

2. Select the templates you want to tag, then click Tags.

3. Click Add existing tag(s) or select the tags from the list.
4. Type the tags, separating multiple tag entries with commas, then click Submit.

To remove tags:

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Select the templates you want to tag, then click Tags > Remove Tags.
3. Select the tags from the list, then click Submit.

page 180
Change between 32-bit and 64-bit polling
You should use 64-bit polling on 64-bit OS systems. Using AppInsight applications with 32-bit polling
on 64-bit computers via an agent prevents certain performance counters from collecting information.

To change to 64-bit polling at the application resource level:

1. Click My Dashboards > Applications > SAM Summary.

2. Select an AppInsight Application (Exchange, SQL, IIS) and then click Edit Application Monitor.
3. Expand Advanced, and then click Override Template.
4. In the Platform to run polling job field, change the value to x64.
5. Click Submit.

To change to 64-bit polling at the template level:

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Select an AppInsight application and click Edit.
3. Expand Advanced and change the Platform setting to x64.

page 181
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Best practices for SAM templates, application monitors, and script monitors
Creating SAM templates and application monitors involves more than just adding and configuring
component monitors. Use best practices and tips provided in the following topics to enhance
monitoring your SAM environment:

l SAM polling recommendations

l Best practices for SAM script monitors

In addition, note the following details about SAM templates:

l SolarWinds recommends checking THWACK periodically for updates to predefined SAM

templates. Except for AppInsight templates, templates are not updated automatically during
upgrades to avoid overwriting custom changes made to templates. For details, see Import and
export SAM templates.
l Periodically, SolarWinds releases SAM templates to support the latest product versions, such as
Microsoft Server 2016. You can continue using templates for older product versions, but
updating to the latest template is recommended.

SAM polling recommendations

The Orion Platform is designed to optimize monitoring performance by automatically balancing polling
intervals in heavy polling environments. If the polling rate reaches or exceeds 85% of the Orion
server's maximum polling rate, the following message appears in the Orion Web Console and polling
intervals are automatically adjusted to decrease the polling rate.
Poller Status Warning: A poller is either approaching or in excess of its
polling rate limit.

To determine when to adjust polling rates and notify users, the Orion Platform products uses an
internal calculation that includes both the number of network objects polled and the configured polling
interval, along with the general assumption that 10,000 component monitors are running at default
polling intervals.

With this data, the Orion Platform establishes two polling rate thresholds:

l A polling warning level, and

l A maximum polling limit level.

Due to how the Orion Platform calibrates polling on-the-fly, you don't need to compensate for
performance issues by manually setting polling rates higher than required to ensure that data is polled
frequently. The Orion Platform handles adjustments automatically to ensure that all polling jobs are
completed. If the polling rate exceeds what the server can handle, the polling intervals are increased
to handle the higher load.

page 182
Altering the polling rate or the number of components polled by a polling engine is the primary way to
reduce the polling load on the server. Although the Orion Platform may compensate for a heavily
populated installation by increasing the polling interval on the back end, SolarWinds recommends
staying under the polling limit to avoid compounding issues with your installation.

Monitoring an excessive number of components on a single polling engine can negatively

impact your SAM environment. Review the SAM Scalability Engine Guidelines and stay within
recommended limits. If using node-based licensing in SAM 6.9.1 or later, you can add an
Additional Polling Engine at no extra licensing cost. See the SAM Licensing model for details.

General Orion Platform tips for polling engines include:

l Evaluate the status of polling engines in your environment and customize global polling rates, as
necessary. See Review polling engine loads.
l Review current or potential issues in your deployment, as detected by Active Diagnostics. See
Check deployment health regularly.

SAM-specific suggestions to improve polling rates include:

l Leverage WinRM polling for WMI-based component monitors, introduced in SAM 2020.2.

WinRM fallback can negatively impact polling times. Make sure this feature is properly
configured or disable it on specific nodes, as necessary. Otherwise, SAM will attempt to
use WinRM during all future polling cycles and fallback will continue until the
configuration is updated. See Configure WinRM polling in your SAM environment.

l For nodes for which monitoring is a lower priority, consider extending polling intervals for
individual nodes or stopping polling entirely.
l Examine SAM templates and application monitors to determine if any component monitors can
be disabled. See also Determine how many SAM component monitors are assigned per polling
engine.
l Consider how often you need to poll hardware health statistics. The default polling rate is every
10 minutes but you may decide to extend intervals for some nodes. Asset Inventory polling
occurs daily but can also be adjusted.

page 183
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Review polling engine loads

Use the Polling Settings page to customize global polling rates, distribute Orion agents across polling
engines, and more, as described in Optimize polling engines in your Orion Platform deployment. See
also Manage Orion Polling Engines.

To check the status of multiple polling engines:

1. Click Settings > All Settings.

2. Scroll to the Details section at the bottom of the page, and then click Polling Settings.
3. Review the Polling Engines page to determine the source(s) of your excess polling load.

Note the following details about this page:

l The SAM Application Polling Rate pertains to polling jobs for SAM templates and
application monitors. To calculate polling for AppInsight applications, SAM uses the actual
number of component monitors that are actively polling, as opposed to the flat rate used to
calculate license consumption for component-based licensing.
l Many Orion Platform statistics use the term "elements," which typically refers to managed
nodes, interfaces, or volumes. For SAM, polling statistics are usually expressed as
"components," a reference to component monitors within SAM templates and application

page 184
 monitors that gather specific metrics for applications, processes, and so on. To learn more,
see Work with SAM component monitors or watch SolarWinds Lab Bits: Common SAM
Template Elements.

Check deployment health regularly

The Active Diagnostics tool runs daily to detect current or potential issues with the Orion server that
usually serves as the Main Polling Engine, the database, and any Additional Polling Engines. After
analysis, this tool provides summaries with links you can follow to resolve issues. To learn more, see
Troubleshoot Orion Deployment issues with Active Diagnostics.

1. Click Settings > My Orion Deployment.

2. Click the Deployment Health tab.

Review the circles at the top to see the total number of problems, potential issues, or healthy
checks for all scalability engines in your environment.

3. In the main pane, review individual items. Sort the issues by priority in descending order to know
which issues should be resolved first.
4. For more details about an issue, click the arrow at the end of the issue row. In the panel, review
what went wrong and follow the article link for steps to resolve the issue.

You can also check logs for Orion agents. See How to gather NPM and SAM agent diagnostics.

page 185
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Determine how many SAM component monitors are assigned per polling engine

To check the number of component monitors to each polling engine:

1. Click Settings > All Settings.

2. Scroll to the Details section at the bottom of the page, and then click Database Details.
3. Scroll to the bottom of the Database Details page, and then click Total elements per poller.
4. Review the information provided on the Total element count page.

See also How to display all components polled for each polling engine in SAM.

Best practices for SAM script monitors

Script component monitors (also called "script monitors") offer limitless options for monitoring and
returning metrics for target servers when used in SAM templates and application monitors. Each
monitor has different options to execute scripts, add credentials, set working directories, and then
generate and display returned values as output.

SAM's Component Monitor Library includes the following predefined script monitors:

l Windows PowerShell Monitor

l Windows Script Monitor

page 186
 l Linux/Unix Script Monitor
l Nagios Script Monitor

To learn about modifying script monitors, or how to write your own scripts, see the SAM Custom
Template Guide.

Disclaimer: Scripts provided outside of the Orion Web Console are not supported under any
SolarWinds support program or service. Scripts are provided AS IS without warranty of any
kind. SolarWinds further disclaims all warranties including, without limitation, any implied
warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use
or performance of the scripts and documentation stays with you. In no event shall SolarWinds or
anyone else involved in the creation, production, or delivery of the scripts be liable for any
damages whatsoever (including, without limitation, damages for loss of business profits,
business interruption, loss of business information, or other pecuniary loss) arising out of the
use of or inability to use the scripts or documentation.

Your organization should internally review and assess to what extent PowerShell is
incorporated into your environment. This is especially important when importing scripts from
third parties, including content posted by other customers in the SolarWinds online IT
community, THWACK. For details, see Use PowerShell in SAM.

Check credentials and server permissions for scripts

Verify that credentials have permission to execute scripts on the Orion server and target servers.
Script monitors may provide fields for credentials, or you may need to provide credentials in the
script code, arguments, or command line. Test the script in SAM prior to verifying credentials and
access. For details, see the SAM Custom Template Guide.

Test scripts before monitoring

When adding and configuring script component monitors, test scripts before using them. When
the test completes, SAM registers each returned metric as a numbered output in the Orion
database. You can configure the display of collected metrics and values through the component
monitor. Each script monitor supports up to 10 different outputs.

Confirm node status updates

Until tested, scripts and component monitors return an initial "Unknown" status. After testing,
polling returns accurate application status.

Use code comments

Add comments to describe how the script works and track changes. SolarWinds recommends
using code comments to keep detailed steps and responses in your code. If additional
administrators work in the script monitors, the comments provide context for the code.

page 187
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

# for a comment per line.

<#
For lengthy comments per code section.
#>

Do not use positional parametrization

In the command line for executing scripts, always add the parameter per value. Do not assume
the position of data in the command dictates the parameter. For example, use -h for hostname.

Use a header for writing multiple scripts

Create a header in your code to reuse throughout your scripts. The header could include
example code and code comments for:

l A list of exit codes.

l Set variables for return metrics commonly used in your scripts.
l Use code to determine if you are testing code on the Orion server or target server. For example,
the following PowerShell code returns a message identifying if the server is a test system or the
Orion server:

Additionally, you could add a step to save the code to the Orion server if it's not already there.

Use macros

When using macros, consider assigning them to named variables in your scripts.

page 188
 The following macros are available for Linux/Unix, Nagios, Windows Script, and PowerShell
script monitors:
l ${USER}
l ${PASSWORD}
l ${PORT}
l ${Node.SysName}
l ${Node.Caption}
l ${Node.DNS} - Use this instead of ${IP}.
l ${Node.ID}
l ${Component.ID}
l ${Component.Name}
l ${Application.Id}
l ${Application.Name}
l ${Application.TemplateId
l ${Threshold.Warning}
l ${Threshold.Critical}
l Node Custom Property Macros ${Node.CustomPropertyName}
l Application Custom Property Macros ${Application.CustomPropertyName}

For nodes monitored by Orion agents, use the macros ${Node.SysName} and ${Node.DNS}.
The ${IP} may return a loopback IP before polling starts.

Report status through exit codes

Scripts must report their status by exiting with the appropriate exit code, which determines how
the status of the monitor appears in the Orion Web Console.

A script should return an exit code which results in an Up (0), Warning (2), or Critical (3) status.
When an exit code is received, a dynamic evidence table structure is created to support all
further exit codes. If the component only returns Down (1) or Unknown (4) on first use, the
appropriate dynamic evidence table structure is not created appropriately.

l 0 - Up
l 1 - Down
l 2 - Warning
l 3 - Critical
l Any other value - Unknown, for example 4

page 189
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Multiple options to return exit code and message

You can return one of multiple options for exit codes and messages using IF/ELSE or case
statements in scripts.

Use error trapping to capture issues

Using error trapping code such as try/catch blocks help capture and report errors, thus blocks
providing more details about an issue.

Performance enhancement tips

Modify the polling frequency

Depending on the length of calls and amount of data pulled for a monitor, you may want to
modify the frequency. For script monitors you may need to only run the script once per day or
once per week. For example, to compare MIBs using the SolarWinds MIB Database template,
you may only need to run the comparison once a day or week.

Extend the polling timeout for long calls

For scripts with lengthy calls for large amounts of data, extend the polling timeout. The default
300 seconds may not be long enough to process scripts. If the call may take longer, especially
during peak times, increase the timeout. For example, for MIB database comparison scripts
using the SolarWinds MIB Database template, multiple files are called, downloaded, and
compared to return status messages and complete specific actions.

Enhance latency and performance by pulling multiple metrics per template

When executing script component monitors in a template, SAM affects performance and latency
making calls to a target server. Complete calls for up to 10 metrics per script to reduce the
number of calls, increasing performance. Depending on the size and processing of scripts,
balance scripts and lengthy calls across multiple instances of a script monitor.

Assign templates to nodes manually to create application monitors

This topic describes how to manually assign templates to nodes, but you can also assign them
automatically with the Application Discovery Wizard.

To begin monitoring with a template, you need to assign it to a node. At that point, the template is
considered to be an "application monitor" (sometimes called an "application") that collects and reports
on polling data to the node according to the application monitor's configuration.

The quickest way to assign a template to a node is through the Add New Application Monitors Wizard.
You can also assign them on the Manage Application Monitor Templates page, or by adding a new
node with the Add Node Wizard, as described below.

page 190
To assign a template using the Add New Application Monitors Wizard:

1. Click Settings > All Settings > SAM Settings > Manually Assign Application Monitors.
2. Select the Application Monitor template to apply, and then click Next.
3. Select the server nodes where you want to apply the template, and then click Next.
4. Select existing credentials or create new credentials, then click Assign Application Monitors.

To assign a template through the Manage Application Monitor Templates page:

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Browse and select the template you want to assign.
3. Click Assign to Node, select the nodes where you're assigning the template, and then click Next.

4. Select existing credentials or create new credentials, then click Assign Application Monitors.
5. Review the information for the application monitor you created, and then click Done.

To add an application monitor to a new node being added to the Orion Platform with the Add Node
Wizard:

1. To add a node, click Settings > All Settings > Add Node.
2. Provide details on the Define Node tab, and then click Next.
3. On the Choose Resources tab, select what you want to monitor.
4. On the Add Application Monitors tab, use the Show Only drop-down to select a category of
application monitors and display a list of Component Types.

5. Select the application monitor(s) you want to assign.

6. Select or enter the appropriate credentials, and then click Next.

page 191
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

7. On the Change Properties page, modify information as needed.

8. Click OK to finish adding the node.

Scan nodes and assign SAM templates automatically with the Application Discovery Wizard
SAM can scan nodes for you and automatically assign the templates it deems suitable for each
scanned node. You select the nodes to be scanned, the templates to use, and the parameters to
determine a match. When the Application Discovery Wizard runs, it compares applications located on
nodes with parameters to automatically assign templates to nodes, thus creating application monitors.

The Application Discovery Wizard does not work for User Experience (UX) monitors; assign
them to nodes manually instead.

To scan nodes, discover applications, and assign templates to nodes:

1. Click Settings > All Settings > SAM Settings.

2. In the Getting Started with SAM section , click Scan Nodes for Applications.
3. Browse or filter to select nodes to scan. You can select all or pick and choose from lists. Click
Next.
4. Browse, filter, and select the applications you want to scan for, based on existing templates.
Expand the Advanced Scan Settings to set the exactness for matches. Click Next.

To minimize scan time, limit the number of templates in your first scan. To see more
templates, select a different template group from the Show Only list.

l Exact Match: All the components must match to assign the template.
l Strong Match: Most of the components must match to assign the template.
l Partial Match: Some of the components must match to assign the template.
l Minimal Match: At least one component must match to assign the template.
5. Some SAM templates require credentials either to access restricted resources, or to run within
the context of a specific user. To scan for these templates, add the necessary credentials to the
list, moving them into an order for using. If a template you are scanning for requires credentials,
the credentials in this list are tried in the order in which they appear. You can add credentials or
allow credentials to inherit from the node's local credentials. Click Next.

If you have domains sharing user names with different passwords, we recommend you
run separate application discoveries for each domain.

page 192
 Credentials are tried several times over the course of a scan. If the credentials are
incorrect, the account can become locked due to the amount of failures. To avoid potential
account lockouts that affect actual users, use service accounts created specifically for use
during monitoring. With service accounts, no actual user is affected by an account lockout
if a password is entered incorrectly.

6. Review the selected options before scanning. If the automatic discovery matches templates
already assigned to the node, the template is not automatically assigned a second time. To
assign duplicate templates, select Yes, Assign Anyway from the Do you want to assign
duplicates list.
7. Click Start Scan to start the discovery and assignments.
8. The scan runs in the background. A message appears at the top of the Orion Web Console
when scanning is complete. Click View results to see the results of the scan.

You can modify the assigned applications monitors via the Manage Application Monitors page,
accessible by clicking Settings > All Settings > SAM Settings > Manage Application Monitors.

Unmanage assigned application monitors in SAM

You can "unmanage" an application monitor to stop collecting data from a node on behalf of
component monitors included in the application monitor. The Orion Platform continues to gather node
status, hardware health, CPU, memory, and basic node data, but SAM stops pulling specific metrics
for individual component monitors from the node.

Note the following details about unmanaging application monitors:

l You can unmanage individual "child" application monitors assigned to specific nodes without
"unmanaging" the parent template.
l You cannot unmanage individual component monitors within an application monitor. However,
many component monitors can be disabled, either in the parent template or in a child application
monitor assigned to a specific node.

To unmanage an application monitor:

1. Click Settings > All Settings > SAM Settings > Manage Application Monitors.
2. On the Manage Assigned Application Monitors page:
a. Select the application monitor.
b. Click Maintenance Mode.
c. Click Unmanage Now
3. (Optional) Click Schedule to mute related alerts, or set time for scheduled maintenance.

page 193
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

4. To resume polling later data for an application monitor, select it, click Maintenance Mode, and
then click Manage Again. The application monitor status refreshes after the next polling cycle.

Use group assignments for SAM templates and application monitors

You can assign templates and application monitors to groups of nodes. As you add nodes to the
group, templates and application monitors linked to the group are automatically added to the new
nodes. Likewise, if you add a new template or application monitor to the group, all node members
receive the new additions.

Group assignments use the following logic:

l Added nodes receive the assigned templates and application monitors, regardless of template
type. For example, if a template assigned to a group monitors a specific OS version such as
Windows Server 2012, all nodes in the group are assigned the Windows Server 2012 template,
regardless of the OS used by each node.
l Nested groups are not supported. AppInsight applications cannot be assigned to groups.
Application assignment to a group happens in the background and can take some time to be
created depending on the size of the application.
l If an OS-specific template, such as the Apache (Windows) template, is assigned to a group with
Linux nodes, the template is assigned and reports a status of Unknown due to OS mismatch.
l If a node added to the group already has the template assigned to it, no changes occur.
l If a node is part of two groups with shared templates, the node only receives one copy of each
assigned template and application monitors.
l If you delete a group, the assigned templates may remain assigned depending on the Advanced
section configuration. In the Auto Delete Application Monitor option, select Yes to remove the
templates if the group is deleted or nodes are removed from the group.

l You cannot assign credentials to a node and have all templates assigned to the group use those
credentials. Credentials are not associated by group. You can select Inherit Credentials from
Node when using WMI or an agent. The new application created from the template will use
credentials from the node that is assigned to.

See also:

l Assign SAM templates and application monitors to a group of nodes

l Remove SAM templates and application monitors from a group of nodes

page 194
Assign SAM templates and application monitors to a group of nodes
Assigning a templates and application monitors to a group of nodes is more efficient than applying the
template to individual nodes one at a time.

Before you begin, create as least one group of nodes, as described in the Orion Platform
Administrator Guide.

1. Click Settings > All Settings > SAM Settings > Manage Templates > Application Monitor
Templates.
2. Select a template or application monitor, and then click Assign to Group.

3. Select a group from the Available Groups column, click the green arrow, and then click Next.

By default, the template is assigned to nodes in the group with a compatible a server OS.
This setting can be changed in the Advanced section at the bottom of the page, along with
the Auto Delete setting that removes nodes from a group when related applications are
deleted from the node.

page 195
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

4. Select your credentials and then click, Assign Groups.

5. Click Done.

It may take up to 10 minutes for assignments to process. If it takes longer, you may need to
restart services.

Your templates are now assigned to a group.

To view the applications within a group:

1. Click My Dashboards > SAM Summary.

2. Click a group in the Application Templates Assigned to Group widget.

You can use dynamic queries to create groups of nodes, and then assign templates to the
group. See How to Create Groups Using Dynamic Queries.

Remove SAM templates and application monitors from a group of nodes

1. Click Settings > All Settings > SAM Settings > Manage Templates > Application Monitor
Templates.

page 196
 2. Select the templates and application monitors you want to remove from the group, and then click
the link in the Assigned To column.
3. On the Template Assignments page, click the Group tab and then click Unassign > Yes,
Unassign.

4. Click Close.

Create a template in SAM

SAM includes a variety of out-of-the-box (OOTB) templates, but you can also create your own
templates by adding component monitors and then customizing them for your needs. When complete,
assign the template to managed nodes to collect specific metrics during polling.

There are several ways to create new templates:

l Use the Component Monitor Wizard to quickly create a template by adding multiple, customized
component at the same time, and then assigning the new template to nodes.

page 197
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Copy an existing template and customize it for your needs.

l Create a blank template and add component monitors manually.

Here are the basic steps involved in creating a template:

Create a template To create a template with the Component Monitor Wizard:

1. Navigate to Settings > All Settings > SAM Settings.

2. Under Getting Started with SAM, click Component Monitor Wizard.
3. Follow on-screen instructions to add and customize component
monitors for the template, and then assign the template to target
nodes.

To copy an existing template to create a new template:

1. Navigate to Settings > All Settings > SAM Settings >Manage

Templates.
2. On the Manage Application Templates page, click the Application
Monitor Templates tab.
3. Select an existing template and click Copy.
4. After the "Copying application templates" message appears, type
"Copy of" in the Search field.
5. Select the copied template, click Edit, modify as necessary, and save
your new template.

To create a blank template and add component monitors manually:

1. Navigate to Settings > All Settings > SAM Settings >Create a

template.
2. On the New Template page, provide a name, description, and other
details.
3. Click Add Component Monitors to add each component monitor you
want to include.
4. Click Submit to save your changes.

You can also import a template from THWACK and customize it.

Add component With the base component monitors added to a new template, add other
monitors component monitors as needed per application.

page 198
Assign a template to a Templates assigned to nodes begin collecting data with the next poll,
node providing specific metrics and data responses based on the component
monitors and configurations. For script monitors, the script collects data and
returns metrics and values according to the code you enter.

Create a template with the Component Monitor Wizard

The fastest method to create a template with a set of component monitors is to use the Component
Monitor Wizard, which provides the most common and popular component monitors per platform.
Using this wizard, you can create multiple instances of a selected component monitor to add to a new
or existing template. When finished, you can edit the template to add additional component monitors,
as needed.

For example, you can use the wizard to create a template with 20 process monitors or service
monitors (depending on your use case) for the services. Then you can add more PowerShell script
monitors later.

1. Click Settings > All Settings > SAM Settings.

2. Under Getting Started with SAM, click Component Monitor Wizard.
3. On the first tab of the wizard, select a component monitor type to add to your template, such as
Windows Service Monitor, and then click Next.

4. To select a Target server, enter an IP address or browse to an existing node. Provide all
required information and click Next to display a list of available processes, services, and
performance counters for the server.
5. On the Select Component tab, select the services you want to add as component monitors for
the template, and then click Next.

page 199
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

6. On the Edit Properties tab, customize each component monitor by selecting its check box and
clicking [+}.

When finished customizing component monitors, click Next.

7. On the Add to Application Monitor or Template tab, select New Application Monitor Template,
enter a Name for the template, and click Next.

Do not begin or end a Name with a space. Otherwise, application monitors based on the
template may not appear in widgets. Edit the name to remove extra spaces.

8. Assign the template to nodes in your environment according to server type (such as Windows or
VMware).
Expand and select one or more servers where you want to add the template.

9. Review the template and click Submit to save it.

After you create a template, you can add more component monitors, as described next.

Add component monitors

When editing a template, you can add component monitors using either of these options:

l Manually Add Component Monitors allows you to select and add multiple types of component
monitors to the template
l Browse for Component Monitors opens the Component Monitor Wizard to add multiple
instances of a selected component monitor

This scenario uses the Manually Add Component Monitor option.

page 200
 1. You have two options for adding component monitors. This scenario uses the Manually Add
Component Monitor option.

l Manually Add Component Monitors allows you to select and add multiple types of
component monitors to the template
l Browse for Component Monitors opens the Component Monitor Wizard to add multiple
instances of a selected component monitor

2. When added, you can modify the configurations and custom settings per monitor.
3. Select a component monitor, use the Quantity field to specify how many copies you want, and
click Add.
4. Expand each component monitor to configure settings, add scripts, and more.

As you work, click Save and Continue Working to save changes.

5. When finished adding component monitors, click Submit.

page 201
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Assign the template to nodes

To begin monitoring with the template, assign it to one or more nodes, thus establishing an application
monitor on each node.

1. Click Settings > All Settings > SAM Settings and click Manage Templates.
2. Check the template(s) to assign, and click Assign to Node.
3. Specify the node(s) to monitor and click Next.
4. Enter or select the appropriate credentials.
5. Click Assign Application Monitors.

Import and export SAM templates

SAM integrates with the SolarWinds online IT community site, THWACK, so you can download the
latest updates to SAM templates, download custom templates created by other SAM customers, and
share templates that may be useful to other customers.

SolarWinds recommends that you check THWACK periodically for updates to SAM's out-of-the-
box (OOTB) templates. Except for AppInsight templates, templates are not updated
automatically during upgrades to avoid overwriting custom changes made to existing templates.
Official updates to OOTB templates posted on THWACK are attributed to solarwinds_
worldwide_llc.

When working with THWACK templates, note the following details:

l To import templates from THWACK or post templates on THWACK, you'll need a THWACK
account. To create one, navigate to https://thwack.solarwinds.com.
l You cannot import or export AppInsight templates.
l SolarWinds posts SAM templates under development to get customer feedback. While
SolarWinds Support does not provide direct support for yet-to-be-released templates, product
owners monitor THWACK posts to answer questions and evaluate input.
l SolarWinds does not provide direct support for templates posted on THWACK by third parties. If
you have questions or suggestions for material posted by a THWACK member, use the forum's
built-in messaging functionality.

page 202
 Disclaimer: Any custom scripts or other content posted herein are not supported under any
SolarWinds support program or service. The scripts are provided AS IS without warranty of any
kind. SolarWinds further disclaims all warranties including, without limitation, any implied
warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use
or performance of the scripts and documentation stays with you. In no event shall SolarWinds or
anyone else involved in the creation, production, or delivery of the scripts be liable for any
damages whatsoever (including, without limitation, damages for loss of business profits,
business interruption, loss of business information, or other pecuniary loss) arising out of the
use of or inability to use the scripts or documentation.

Import templates
There are several ways to import templates:

l Navigate to the Manage Templates page > Shared Templates in THWACK tab and import
templates, or
l Download template files to your local drive and then import them into SAM.

Note the following details about importing templates:

l Before updating existing templates:

o Create backup copies of existing templates to save any custom changes that occurred.

o Ensure the imported file format is XML with an .apm-template extension.

o Unzip templates before importing.

l Official SAM templates posted on THWACK are attributed to solarwinds_worldwide_llc.

l To learn about accessing THWACK templates via a proxy, click here.
l If an imported template name matches an existing template, the name is appended with n
automatically, where n is an integer.

Watch a THWACK Tuesday Tips video about importing templates from THWACK.

To import a SAM template from THWACK:

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Switch to the Shared Templates on THWACK tab.
3. Locate and select the template you want to import and then click Import.
4. Enter your THWACK credentials, and then click Log In.
5. When the confirmation message appears, click View Imported Templates or Close.

page 203
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To import a SAM template from a file on a local drive:

If a template is in a ZIP file on your local drive, extract the file and verify it is in XML format with
the following extension: .apm-template. Otherwise, you'll receive an Invalid File error.

1. Click Settings > All Settings > SAM Settings, and click Manage Templates.
2. Click Import/Export, and click Import.
3. Browse and select the template file from your local drive.
4. Click Submit.
After verifying the file type and format, SAM imports the template.

Export a template
Note the following details about exporting templates to THWACK:

l Templates are exported in XML format with a .apm-template extension.

l Exported templates are added to the template repository accessed by SAM, as displayed on the
Shared Templates on THWACK tab of the Manage Templates page.
l Templates may take several minutes to export, depending on how many you're exporting.

To export a SAM template to THWACK:

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. On the Application Monitor Templates, tab, select the template(s) to export.
3. Click Import/Export > Export to THWACK.

a. Enter your THWACK credentials, and then click Log In.

b. Click Close on the confirmation message that appears.
4. In THWACK, navigate to the SAM area of the website.

page 204
 5. Click Write a document, add a title and description, and attach the .apm-template file.

6. Add apm_monitoring_template in the Tags field.

SAM was formerly called "APM."

7. Select Application Monitor Templates in Categories.

8. Click Publish to post the information and template.

To add descriptive text to your template post, click your Profile picture in the top of THWACK and click
Your Content. On the All Content tab, select the row for your template post and click Edit.

Understand the Credentials Library in SAM

You typically need to associate credentials with SAM component monitors so they can retrieve data
from target servers. For example, to use a WMI monitor, you must provide valid domain or computer
credentials. Or, if your web server requires credentials, you must provide the appropriate credentials to
access the protected sections of your site. Those credentials can be stored in the Credentials Library.

If each component in an application monitor requires a separate credential, you cannot add them in
Add New Application Monitor wizard. Instead, edit the application monitor after creating it to configure
the credentials of each component separately.

Note the following details about credentials:

l Credentials may be used several times if you Use Application Discovery to scan nodes and
apply templates automatically. If credentials are incorrect, the account may become locked out.
To avoid lockouts that affect actual users, consider using service accounts for monitoring.
l If SNMP credentials were provided for a node during Discovery, you do not need to specify
additional credentials for SNMP operations. To learn more, see SNMP credentials for the Orion
Platform.
l These credentials can be used with the "Inherit credentials" option for nodes and templates.

page 205
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The Credentials Library differs from the Certificate Credentials Library, which stores certificate
details for SSH keys, including user name, private key, and key type. See Store SSH keys in
the Certificate Credentials Library.

Manage SAM credentials in the Credentials Library

If you have administrator rights, you can use SAM's Credentials Library to manage credentials that are
associated and used with component monitors to retrieve data from servers and services.

Add credentials to the Credentials Library

For a video overview, see Setting Credentials in SAM.

1. Click Settings > All Settings > SAM Settings > Credentials Library > Add New Credential.

2. Provide a name for the credential set. SAM will display this name in the Credential for Monitoring
field of monitors that accept credentials.
3. Provide the user name and password, and then confirm the password and click Submit. If
providing Windows credentials to access information through WMI, be sure to provide the
account name in the following syntax: domainOrComputerName\user name for domain level
authentication or User Name for workgroup level authentication.

You can assign credentials to all the associated components of a template or application
monitor.

Edit credentials in the Credentials Library

1. Click Settings > All Settings > SAM Settings > Credentials Library.
2. Click Edit for the desired credential.

3. Modify the information as needed and then click Submit.

Delete credentials from the Credentials Library

1. Click Settings > All Settings > SAM Settings > Credentials Library.
2. Click Delete for the desired credential.
3. Click OK to confirm the deletion.

If you delete a credential set, be sure to update any monitors that were using the credentials to
use a different credential set.

page 206
Store SSH keys in the Certificate Credentials Library
Typically, you must associate credentials with component monitors and templates to enable them to
retrieve application data. For added security, SAM also includes a Certificate Credential Library where
you can store certificate details for SSH keys required for script monitoring, including:

l User Name
l Private Key: Upload a private key file or paste the private key in PEM format.
l Key Type: RSA or DSA
l Password (optional)

Certificates can be used for authentication with Linux devices monitored in SAM. Linux, Unix, and
Nagios script monitors also support certificate-based authentication.

The Certificate Credentials Library differs from the Credentials Library that stores standard
authentication credentials for component monitors. For example, a WMI component monitor
may need to run as a particular user (or service account) to collect information. See Understand
the Credentials Library in SAM and the Setting Credentials in SAM video.

To access the Certificate Credentials Library:

1. Click Settings > All Settings.

2. Under Product Specific Settings, click SAM Settings.
3. Click Certificate Credentials Library.

Assign certificate credentials

There are two ways to assign Certificate Credentials — when assigning a template to a node or when
editing a template directly. Before you begin, choose the right method

l If each node uses unique private keys, editing the application after it's assigned is the best
option.
l If most nodes use the same private key, edit the credentials directly in the template.

You'll be prompted to provide the following details for each certificate credentials:

l Credential Name: User-defined text that identifies the credential for later use in templates.
l User Name: The user who is associated with the public key certificate on the target computer.
l Key: Text content of the private certificate file in Privacy Enhanced Mail (PEM) format.
l Key type: The algorithm the certificate used to generate the certificate pair. (This can be found
as part of the header. For example, e.g. "--- BEGIN RSA PRIVATE KEY---.")
l Key password: The password used to protect the certificate file

page 207
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To assign certificate credentials when assigning a template to a node:

1. Assign a template to a node.

2. When asked to choose credentials, select the "Inherit credentials" from template option.
3. Click Assign Application Monitors and then click Edit next to the template name.

4. From here, you can select one or more Linux/Unix/Nagios script component monitors to edit by
checking the boxes to the left of each monitor and then clicking Multi-Edit.
5. Check the Authentication Type box and select User name and PrivateKey from the drop-down
menu.
6. Check the Credential for Monitoring box and select the credentials you want to use from the
drop-down menu, and then click Save.

To assign certificate credentials when editing a template directly:

1. Select the template you want to edit.

2. Change the Authentication Type option to User name and PrivateKey for each component
monitor that should use this authentication type.
3. From the Credential for Monitoring field drop-down menu, select the credentials you want to use
with your monitors, and then click Submit.

page 208
Use WinRM for application monitor polling in SAM
Starting in SAM 2020.2, Windows Remote Management (WinRM) is the default polling method used
by WMI-based component monitors (for example, Performance Counter Monitors) to gather data from
target nodes for SAM templates and application monitors. A fallback mechanism automatically
switches to legacy RPC/DCOM polling, if necessary.

If you're building a new environment with SAM 2020.2, WinRM application polling is automatically
enabled for the Orion server and WMI component monitors. By default, WinRM application polling is
also applied to any Windows network nodes that you decide to add later, although you still need to
make sure that the Orion server can connect to the nodes.

If upgrading from an earlier version of SAM, see Configure WinRM polling in your SAM environment to
learn how to start leveraging this functionality.

This feature is SAM-specific. It differs from the main polling method selected when adding
nodes to the Orion Platform, that determines how basic metrics such as node status and packet
loss are collected. The WinRM option described here only controls SAM-based polling for WMI-
based component monitors on target nodes that do not use Orion agents to collect data.

Using WinRM instead of RPC/DCOM for WMI queries can increase SAM's scalability while collecting
the same data with higher reliability and in less time. The following table provides more details about
these methods.

WinRM RPC/DCOM
Protocol Web Services (WS)- RPC is a legacy protocol, originally created for
Management is a faster LANs, that could be deprecated in the future.
protocol developed for
Windows Server 2012 R2 and
the modern internet.

Firewall Requires a single open port: Requires multiple open ports, starting with TCP Port
requirements 5985 (HTTP) or 5986 135 to initiate communication with a server, and
(HTTPS). then switching to random ports between 1024 and
65535.

Security Uses a modified form of Uses dynamic port allocation.

HTTPS.

Performance No unmanaged code. Uses a Possible memory leaks, increased CPU

stateless protocol for HTTPS consumption related to unmanaged code, and
requests and responses. polling issues if WMI components timeout.

page 209
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

WinRM RPC/DCOM
Execution Runs queries locally on target Executes queries remotely so the Round-Trip Time
machines. Switches to (RTT) between SAM and target machines can
DCOM if WinRM fails. increase overall scan times. No fallback
mechanism.

Scalability Asynchronous API support Multiple application monitors assigned to a node

means caller threads can can collect data in parallel, but each component
execute other parts of code monitor in a single application monitor can only
while waiting for results. collect data serially. The more application monitors
you assign to a single node with WMI-based
component monitors, the more ports may be
consumed and the longer polling may take.

For a list of component monitor types that use WinRM as the primary fetching method, see Configure
WinRM polling in your SAM environment.

WinRM application polling alerts

The following out-of-the-box alert writes to the event log when WinRM polling fails and DCOM/RPC is
used as a fallback method:

Attempt to use WinRM for application template polling failed.

Note the following details about this preconfigured alert:

l It appears once for each application monitor that attempts WinRM polling but fails; it does not
repeat for consecutive failed polling cycles.
l It will not appear for nodes where WinRM polling is disabled, or if WinRM polling is disabled on
the Orion server. See Configure WinRM polling in your SAM environment.

To resolve WinRM polling issues, see Troubleshoot application monitor polling with WinRM.

page 210
Configure WinRM polling in your SAM environment
Starting in SAM 2020.2, WinRM is the default fetching method for WMI-based component monitors, as
listed here. SAM automatically switches to DCOM as a fallback method to collect data if WinRM fails
during a polling cycle, and then works through other methods until polling succeeds.

l Directory Size Monitors

l File Count Monitors
l Performance Counter Monitors
l Process Monitors for Windows
l Windows Event Log Monitors
l Windows Service Monitors
l WMI Monitors

WinRM fallback can negatively impact polling times. Make sure WinRM polling is properly
configured on target nodes or disable WinRM on specific nodes, as necessary. Otherwise, SAM
will attempt to use WinRM during all future polling cycles and fallback continues until the
configuration is updated. For additional tips, see SAM polling recommendations.

WinRM polling is enabled on the Orion server by default, regardless of whether you upgraded from an
earlier version or are new to SAM. For reference, here is an overview of initial WinRM settings for
SAM application polling (referred to as the "SAM WinRM toggle" below) in new and upgraded
environments.

l In a new environment, created with SAM 2020.2 or later:

o The global SAM WinRM toggle is enabled on the Orion server.

o The SAM WinRM toggle is enabled for the WMI-based component monitor types listed

above, including Directory Size Monitors. This toggle is also called the WinRM
Authentication Mechanism setting.
o WinRM application monitor polling is enabled on all Windows network nodes added to the

Orion Platform, by default.

l In an existing environment, originally installed with SAM 2019.4 or earlier:
o The SAM WinRM toggle is enabled on the Orion server, at the global level.

o The SAM WinRM toggle is enabled as the primary fetching method for all WMI-based

component monitors.
o WinRM application monitor polling will be enabled on new Windows network nodes added

to the Orion Platform moving forward.

o WinRM application monitor polling is not enabled on existing Windows network nodes in

an upgrade scenario, but may already be enabled on some nodes. See Configure
WinRM polling in your SAM environment.

page 211
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Use the following procedures to adjust WinRM settings to suit your business needs:

l Configure WinRM polling on target nodes

l Add target nodes that use WinRM polling as trusted hosts on the Orion server
l Disable WinRM polling on individual nodes
l Disable WinRM polling on the Orion server
l Configure WinRM polling in your SAM environment

See also Choose a fetching method for Performance Counter Monitors in the SAM Template
Reference.

For target nodes hosted in a separate domain from the Orion server, you'll need to adjust
TrustedHost settings on the Orion server.

Configure WinRM polling on target nodes

If you upgraded from SAM 2019.4.1 or earlier, WinRM polling is automatically enabled on any new
Windows network nodes added to the Orion Platform after you upgrade to SAM 2020.2 or later, but
you'll need to configure it on existing nodes that aren't already using WinRM to:

l Monitor AppInsight for IIS or AppInsight for Exchange, or

l Support the remote execution of PowerShell scripts.

To enable WinRM polling on a node, review the What is WinRM & How Do You Configure IT
THWACK blog, download the free Remote Execution Enabler for PowerShell tool, and follow steps in
the Remote Execution Enabler Quick Reference Guide on THWACK. When finished, the target node
should include the following elements:

l The WinRM service to receive requests from other IP addresses.

l An SSL certificate to secure data.
l A firewall exception to allow external requests to reach the WinRM service.
l A WinRM Listener to accept external requests.

You can also use a Group Policy Object (GPO) in Active Directory to configure WinRM settings.

If a node is not in the same domain as the Orion server, you'll need to add it as a trusted host, as
described next.

page 212
Add target nodes that use WinRM polling as trusted hosts on the Orion server

To use WinRM polling on target nodes that exist in a different domain than the Orion server, add them
to the WS-Management TrustedHosts list on the Orion server, to support WinRM communication
between the client (the Orion server) and the server (the target node).

The following steps assume that the Orion server is used as the Main Polling Engine. In large
environments with Additional Polling Engines (APEs), use these steps to create trust
relationships between target nodes and related polling engines.

1. On the Orion server, add each target node as a TrustedHost with this PowerShell command:
Install-Module psTrustedHosts -Force

2. Set all hosts as trusts by entering:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

For added security, replace the * wildcard character with a specific IP address. Use
commas to separate multiple IP addresses, if necessary.

3. Verify the WinRM connection from the Orion server to each target node by entering:
Test-WSMan -ComputerName $TargetNodeHostName -Authentication default

If the Orion server and a target node have the same credentials, results will look similar to this
example:

Check the application log on nodes that involve WinRM polling for the following error. The default
location for application logs is C:\ProgramData\SolarWinds\Logs\APM\ApplicationLogs.

SolarWinds.APM.Probes.Management.ManagementDataFetcher - Fetching WMI query

failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.
Microsoft.Management.Infrastructure.CimException: WinRM cannot process the
request. The following error with error code 0x8009030e occurred while using

page 213
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Negotiate authentication:
A specified logon session does not exist. It may already have been
terminated.
This can occur if the provided credentials are not valid on the target
server, or if the server identity could not be verified.
If you trust the server identity, add the server name to the TrustedHosts
list, and then retry the request. Use winrm.cmd to view or edit the
TrustedHosts list.
Note that computers in the TrustedHosts list might not be authenticated. To
learn how to edit the TrustedHosts list, run the following command: winrm
help config.
at
Microsoft.Management.Infrastructure.Internal.Operations.CimSyncEnumeratorBase
`1.MoveNext()
at
SolarWinds.APM.Probes.Management.WinRM.Commands.SelectCommand.ToQueryResultLi
sts(IEnumerable`1 cimInstances)
at SolarWinds.APM.Probes.Management.WinRM.Commands.SelectCommand.Execute
(WinRmConnection connection)
at SolarWinds.APM.Probes.Management.ManagementCommand`2.Execute()
at
SolarWinds.APM.Probes.Management.ManagementDataFetcher.ExecuteSelectCommand
(IManagementConnection connection, SelectQuery wqlQuery)
at SolarWinds.APM.Probes.Management.ManagementDataFetcher.Fetch[TResult]
(Func`2 fetchingAction, Func`2 fallbackAction)

If an application log includes this error, follow the troubleshooting steps in the message. The following
links may also be helpful (© 2020 Microsoft Corp., available at docs.microsoft.com and
support.microsoft.com, obtained on March 11, 2020):

l Installation and Configuration for Windows Remote Management

l Test-WSMan (Use a cmdlet to test if WinRM is running on local or remote servers.)
l How to troubleshoot connectivity issues in MS DTC by using the DTCPing tool (Use a tool to
test RPC communication between two computers.)

The following log file contains information and errors related to the WinRM configuration
process: C:\ProgramData\Solarwinds\Logs\APM\RunWinRMConfigurator.log

page 214
Disable WinRM polling on individual nodes
Starting in SAM 2020.2, the WinRM feature is enabled all Windows network nodes added to the Orion
Platform by default, regardless of whether you upgraded from an earlier version or are new to SAM.
Use the procedures in this section to disable WinRM polling, if necessary.

To disable WinRM polling on a target node:

1. Navigate to the relevant Node Details view and click Edit Node.
2. When the Edit Properties page opens, scroll down and clear the Enable WinRM check box.
3. Click Submit to save your changes.

Disable WinRM polling on the Orion server

The WinRM feature is enabled on the Orion server in SAM 2020.2, by default. To disable this
functionality at the global level, adjust APM.WMI.Settings on the Advanced Configuration page.

1. Log into the Orion server as an administrator.

2. Use the Orion Service Manager to stop all Orion services.
3. Copy the following text: /Admin/AdvancedConfiguration/Global.aspx
4. Paste text into your browser address bar, after /Orion, as shown in this example.
<your product server>/Orion/Admin/AdvancedConfiguration/Global.aspx

5. On the Global tab of the Advanced Configuration page, scroll down to APM.WMI.Settings.
6. Clear the WinRemoteManagementforWmiEnabled check box, and then scroll down to click
Save.

7. Restart Orion services in the Orion Service Manager, and then wait a few minutes for changes to
occur

page 215
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Troubleshoot application monitor polling with WinRM

Following are issues you may encounter when using WinRM as the fetching method for WMI-based
polling for SAM templates, application monitors, and component monitors that do not use Orion agents
to collect data from target nodes. The "Attempt to use WinRM for application template polling failed"
alert writes to the event log when WinRM polling fails and DCOM/RPC is used as a fallback method.

For additional troubleshooting tips, visit the SolarWinds Success Center or THWACK.

Basic WinRM troubleshooting steps include:

l Review Configure WinRM polling in your SAM environment.

l On target nodes:
o Verify that the WinRM service is started and set to "Automatic".

o If a firewall exists, allow exceptions for the Orion server on port 5985 (HTTP) and/or 5986
(HTTPS).
o If required, check for a valid SSL certificate.

o Confirm that a WinRM HTTPS Listener exists.

l On the Orion server:

o Make sure the Orion server can connect to the target node.

o Confirm that the SAM WinRM toggle is enabled on the Orion server, at the global level

o If a target node is in a separate domain, check the TrustedHosts list on the Orion server

and update it, if necessary.

In large environments with Additional Polling Engines (APEs), make sure that target
nodes are TrustedHosts on related polling engines.

l Review the following log files on the Orion server:

o C:\ProgramData\Solarwinds\Logs\APM\RunWinRMConfigurator.log (WinRM
configuration)
o C:\ProgramData\Solarwinds\Logs\APM\ApplicationLogs (polling)
o C:\ProgramData\Solarwinds\Logs\SolarWinds.APM.Probes_[*] (polling)

To confirm the WinRM configuration on a target server:

1. Log into the target server.

2. Open a PowerShell session and run the following command:
winrm get winrm/config/listener?Address=*+Transport=HTTPS

3. Verify that the ListeningOn value lists valid IP addresses. If the value is null, add a WinRM
HTTPS Listener.

page 216
To confirm that the SAM WinRM toggle is enabled on the Orion server, at the global level:

1. Navigate to the Advanced Configuration page in the Orion Web Console:

a. Copy the following text to the Windows Clipboard:
/Admin/AdvancedConfiguration/Global.aspx

b. Paste text into your browser address bar, after /Orion, as shown in this example.
<your product server>/Orion/Admin/AdvancedConfiguration/Global.aspx

2. On the Global tab of the Advanced Configuration page, scroll down to the APM.WMI.Settings
section.
3. Verify that the WinRemoteManagementforWmiEnabled option is selected.

This option is enabled in fresh installations by default, starting in SAM 2020.2. If you need to
enable or disable it, use the Orion Service Manager to stop the SolarWinds Job Engine v2
service beforehand, and then restart the service afterward.

If you used a GPO to configure nodes for WinRM, check the Group Policy configuration.

1. Open your Group Policy Editor.

2. Go to Computer > Policies > Windows Components > Windows Remote Management (WinRM)
> WinRM Service.

3. Check the configuration of the "Allow automatic configuration of listeners" policy.

4. Verify that the Policy configuration is correct.

To add all target network nodes across a domain as trusted hosts for the Orion server:

1. Open PowerShell as an Administrator.

2. Run this command:
set-item wsman:\localhost\Client\TrustedHosts *.domain.com

See Add target nodes that use WinRM polling as trusted hosts on the Orion server.

page 217
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To configure trusted hosts on both the target server and the polling engine:

1. Log into the polling engine, which may be the Orion server.
2. Open PowerShell as an Administrator.
3. Run this command to view the TrustedHosts value:
Get-Item WSMan:\localhost\Client\TrustedHosts

4. If necessary, run this command to set the TrustedHosts value:

winrm set winrm/config/client '@{TrustedHosts="*"}'

This command sets the TrustedHosts value to *, a wildcard character that can be replaced with
comma-separated IP addresses of servers to trust. Target servers must trust the polling engine
IP Address, and the polling engine must trust target server IP addresses. SolarWinds
recommends setting this value to * for polling engines that gather data from multiple target
servers.
5. To confirm trust settings, run the Get-Item command from step 2 again.

"Requested HTTP URL was not available" message

The following message appears when a WinRM URL prefix is not configured correctly:

Fetching WMI query failed by

'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.
Microsoft.Management.Infrastructure.CimException:
The WinRM client sent a request to an HTTP server and got a response saying
the requested HTTP URL was not available.
This is usually returned by a HTTP server that does not support the WS-
Management protocol.

Compare the WinRM URL prefix settings with Node settings on the Manage Nodes page. Navigate to
the Manage Nodes page, click Edit Node, and scroll down to the WinRM Settings section, as shown
here:

page 218
"Client cannot connect" message

The following message appears if SAM cannot connect to the WinRM service:

Fetching WMI query failed by

'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.
Microsoft.Management.Infrastructure.CimException: The client cannot connect
to the destination specified in the request. Verify that the service on the
destination is running and is accepting requests. Consult the logs and
documentation for the WSManagement service running on the destination, most
commonly IIS or WinRM. If the destination is the WinRM service, run the
following command on the destination to analyze and configure the WinRM
service: "winrm quickconfig".

This message may indicate that a target node resides in a different domain than the Orion server. See
Add target nodes that use WinRM polling as trusted hosts on the Orion server.

To resolve a client connection issue:

1. Restart the WS-Management service in the Group Policy Management Editor.

2. Run the following PowerShell command to configure WinRM: winrm quickconfig
3. Run the following PowerShell commands to check for a mismatch between WinRM
configurations on the Orion server and the target node:
l Get-WSManInstance -ResourceURI winrm/config/listener -SelectorSet @
{Address="*";Transport="http"}
l Get-WSManInstance -ResourceURI winrm/config/listener -SelectorSet @
{Address="*";Transport="https"}

4. Navigate to the Manage Nodes page, click Edit Node, and scroll down to the WinRM Settings
section to review settings.

"Specified logon session does not exist" message

The following message appears when SAM cannot connect to the WinRM service:

Fetching WMI query failed by

'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.
Microsoft.Management.Infrastructure.CimException: WinRM cannot process the
request.
The following error with error code 0x8009030e occurred while using
Negotiate authentication:
A specified logon session does not exist. It may already have been

page 219
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

terminated.
This can occur if the provided credentials are not valid on the target
server, or if the server identity could not be verified.
If you trust the server identity, add the server name to the TrustedHosts
list, and then retry the request. Use winrm.cmd to view or edit the
TrustedHosts list.
Note that computers in the TrustedHosts list might not be authenticated. For
more information about how to edit the TrustedHosts list, run the following
command: winrm help config.

This may indicate that either:

l The Orion Platform polling engine is not in the domain so connections to remote hosts are
blocked cause the remote computer is not in the trusted host, or
l Provided credentials are not valid on the target server.

To add all nodes across the domain to trusted hosts, run the following command:
set-item wsman:\localhost\Client\TrustedHosts *.domain.com

See Add target nodes that use WinRM polling as trusted hosts on the Orion server.

WinRM authentication issue

The following messages indicate that WinRM authentication may not be configured correctly at the
component level:

The WinRM client cannot process the request. CredSSP authentication is

currently disabled in the client configuration.
Change the client configuration and try the request again. CredSSP
authentication must also be enabled in the server configuration.
Also, Group Policy must be edited to allow credential delegation to the
target computer. Use gpedit.msc and look at the following policy:
Computer Configuration -> Administrative Templates -> System -> Credentials
Delegation -> Allow Delegating Fresh Credentials.
Verify that it is enabled and configured with an SPN appropriate for the
target computer.
For example, for a target computer name "myserver.domain.com", the SPN can
be one of the following: WSMAN/myserver.domain.com or WSMAN/*.domain

Fetching WMI query failed by

'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.
Microsoft.Management.Infrastructure.CimException:

page 220
 The WinRM client cannot process the request. Unencrypted traffic is
currently disabled in the client configuration.
Change the client configuration and try the request again.

Follow these steps to check the SAM WinRM toggle setting for the following types of component
monitors:

l Directory Size Monitors

l File Count Monitors
l Performance Counter Monitors
l Process Monitors for Windows
l Windows Event Log Monitor
l Windows Service Monitors
l WMI Monitors

1. Navigate to the Application Details -Summary page and click Edit Application Monitor.

2. On the application monitor page, scroll down to the Component Monitor section and expand
details.

page 221
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

3. Review the WinRM Authentication Mechanism setting:

page 222
Work with SAM component monitors
Component monitors are the building blocks of SAM templates. Each template consists of multiple
component monitors that are each designed to poll for specific metrics about an application, process,
or event. Some component monitors have prerequisites, configuration, and credentials requirements
for target systems, as listed in the SAM Template Reference.

For a quick overview, watch Common SAM template elements (6:34).

To display the component monitors included in a template:

1. Navigate to Settings > All Settings > SAM Settings >Manage Templates.
2. On the Manage Application Templates page, click the Application Monitor Templates tab.

3. Select an existing template and click Edit.

The following example shows some of the component monitors in the AppInsight for Active Directory
template:

page 223
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Component monitor types

Component monitors that share similar characteristics are categorized by a component monitor type.
The following example shows three different types included in the Active Directory 2016 Services and
Counters template:

l Performance Counter Monitor,

l Windows Service Monitor, and
l Window Event Log Monitor

For a list of database values assigned to component monitor types that you can use to configure
alerts, see Component monitor properties for alerts.

Component monitor fetching methods

For many component monitors, you can configure the preferred fetching method used to gather data
from target nodes. SAM automatically switches to a fallback method to collect data if the first method
fails, and then works through other methods until polling succeeds.

You can also configure some component monitors to use Orion agents to collect data.

Starting in SAM 2020.2, WinRM is the default method used to collect data with the following WMI-
based component monitor types:

l Directory Size Monitors

l File Count Monitors
l Performance Counter Monitors
l Process Monitors for Windows
l Windows Event Log Monitor
l Windows Service Monitors
l WMI Monitors

page 224
See also:

l Configure WinRM polling in your SAM environment

l Choose a fetching method for Performance Counter Monitors (SAM Template Reference)

Component monitor thresholds

For some component monitors, you can set threshold conditions on the monitored parameters to
indicate warning and critical conditions. For example, to monitor the percentage of free space
remaining on a volume, set a warning threshold at 15%, and a critical condition at 5%. See Manage
thresholds in SAM.

Component monitor scripts

Some component monitors gather data directly from target services, others execute scripts on target
servers to pull metrics. For example, the Apache template uses an Orion agent and several Linux/Unix
Script Monitors to collect data. The IdleWorkers component monitor uses SSH to upload a script to
target Linux servers and then processes the returned values and text output that appear in the Orion
Web Console.

The Active Directory 2016 Domain Controller Security template includes component monitors that use
scripts to collect data:

l Locked out users uses a PowerShell script to pull metrics for currently locked out users.
l Disabled users uses a PowerShell script to return the number of currently disabled users; you
can adjust thresholds as necessary.

page 225
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Other topics in this section include:

l View the Component Monitor Library in SAM

l Manage component monitors in SAM templates and application monitors
l Edit component monitors in templates and application monitors
l Use the Component Monitor Wizard in SAM

Additional resources include:

l SAM Custom Template Guide (Learn how to use component monitors in PowerShell, Nagios,
Linux/Unix, and Windows scripts.)
l SAM Template Reference (Learn about component monitors included in predefined templates.)
o Configure Linux/Unix systems for monitoring by the Orion agent in SAM

o Configure Java Application Servers and JVMs for SAM monitoring

o Choose a fetching method for SAM component monitors or templates

l SAM Template Showdown (SolarWinds Lab Episode #53)

l Use PowerShell in SAM
l Use properties and variables in SAM application monitors and component monitors in alerts
(SAM online help)

View the Component Monitor Library in SAM

Component monitors are the building blocks of SAM templates. Each template and application
monitor consists of multiple component monitors designed to poll for specific metrics about an
application, process, or event. For an overview, see Work with SAM Component Monitors.

To access the Component Monitor Library:

1. Click Settings > All Settings.

2. Under Product Specific Settings, click SAM Settings.
3. Under Component Monitors, click Component Monitor Library.

Component monitors are grouped by monitor type in the tree view; each includes two numbers:

page 226
 l The first number represents the number of application monitor templates that contain the
specified component monitor.
l The second number represents the number of application monitors that contain the specified
component monitor.

Expand a component monitor to display the following categories:

l Templates that contain the specified component monitor

l Application monitors that contain the component monitor

Expand a category to display the names of the templates or application monitors in the category. Click
the name of a template or application monitor to open a page where you can edit the item.

To access a list of component monitors in online help, click here.

Manage component monitors in SAM templates and application monitors

This section describes various tasks you can accomplish with component monitors, including:

l Create a new template with assigned component monitors

l Add component monitors to a new template and then assign that template to nodes
l Assign component monitors to a node

page 227
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Copy assigned component monitors to an application monitor template

l Copy assigned component monitors to an assigned application monitor
l Edit component monitors in assigned application monitors
l Delete component monitors in assigned application monitors

When adding a new component monitor to a template, change its default name to specify
exactly what's being monitored. For example, if you add a Windows Service Monitor, specify
the service name.
This extra step clarifies the purpose of the component monitor when it appears in alerts and
other system messages. To change a component monitor name while adding it, scroll to the top
of the component monitors list and click Rename.

To create a new template with assigned component monitors:

1. Click Settings > All Settings > SAM Settings > Create New Template.
2. Name the template then click the Add Component Monitors drop-down menu.
3. Select a method for adding component monitors.

page 228
 4. The browsing method opens the Component Monitor Wizard. Add component monitors as
needed.

5. Click Submit to save the new template.

6. Follow the steps in Assign templates to nodes manually to create application monitors.

To add component monitors to a new template and then assign that template to nodes:

1. Click Settings > All Settings > SAM Settings > Manage Component Monitors within Templates.
2. Select the component monitors you want to add to the new template.
3. Click Create New Template.
4. On the New Template page, provide a name and description for the template, and then configure
the template and its component monitors.

5. Click Save to return to the Manage Component Monitors within Templates page.
6. Follow the steps in Assign templates to nodes manually to create application monitors.

To assign component monitors to a node:

1. Click Settings > All Settings > SAM Settings > Manage Assigned Component Monitors.
2. Select the component type or assigned Application Monitor component monitors to list.
3. Select the component monitors to assign to a node, and then click Assign to Node.
4. Name the application and specify the polling frequency and polling timeout period.
5. Click Next, and select the nodes that you want to assign the Application Monitor. Click Next.
6. Enter or select the appropriate credentials, and click Assign Application Monitors.

page 229
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To copy assigned component monitors to an application monitor template:

1. Click Settings > All Settings > SAM Settings > Manage Assigned Component Monitors.
2. Select the component type or assigned Application Monitor whose component monitors you
want to list.
3. Select the component monitor(s) to copy to an assigned Application Monitor, then click Copy to
Application Monitor Template.
4. Select the template(s) to copy to and click Submit.
5. Click OK.

To copy assigned component monitors to an assigned application monitor:

1. Click Settings > All Settings > SAM Settings > Manage Assigned Component Monitors.

2. Select the component type or assigned Application Monitor whose component monitors to list.
3. Select the component monitor(s) to copy to an assigned Application Monitor, then click Copy to
Assigned Application Monitor.
4. Select the Application Monitor(s) to copy to and then click Submit.
5. Click OK.

To edit component monitors in an assigned application monitor:

1. Click Settings > All Settings > SAM Settings > Manage Assigned Component Monitors.
2. Select the component type or assigned Application Monitor whose component monitors you
want to edit.
3. Select the component monitor whose assigned Application Monitor you want to edit.

4. Click Edit Assigned Application Monitor.

5. Edit the settings and then click Submit. The edited Application Monitor appears in the list of
Assigned Application Monitors.

To delete component monitors in an assigned application monitor:

1. Click Settings > All Settings > SAM Settings > Manage Assigned Component Monitors.
2. Select the component type or assigned Application Monitor component monitor(s) to delete.
3. Select the component monitor(s) to delete.
4. Click Delete, then click Yes to confirm deletion.

page 230
Edit component monitors in templates and application monitors
Through the Manage Application Monitor Templates page, you can modify component monitors used
in templates and application monitors. To see a list of the monitors in a template, select the template
on the Manage Application Monitor Templates page and click Edit.

Changes made to component monitors in templates are automatically applied to application monitors
created from the template, which occurs when you assign a template to a node. You can use this
inheritance relationship to make bulk changes quickly.

You can edit monitors individually, edit multiple monitors of the same type simultaneously, as well as
disable or delete monitors in a template. To modify the specific configuration of a monitor, edit it
individually.

Some component monitors in AppInsight templates have default settings that cannot be
modified due to dependencies.

Edit component monitors in templates

You can simultaneously edit multiple component monitors in a template.

Options include:

l Multi-Edit: A prompt displays with editing options specific to the type of monitors selected. For
example, the Fetching Method for the three Services selected can be changed from RPC to
WMI.

Different types of monitors have different options available for editing.

l Assign Credentials: Modify the credentials for the selected monitors.

l Test: Run a communication test on the monitors using agent or agentless communication as
configured.
l Set Test Node: Modify the test node for communication tests.
l Disable/Enable: Start and stop polling for the monitor.
l Delete: Permanently remove the monitor.

To reorder monitors, drag and drop them in the table view, or use the green arrows. This new order is
respected only in the All Applications and Application Details widgets.

page 231
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Disable or delete component monitors in templates

You can disable component monitors in templates and application monitors, as needed. The monitor
remains in the SAM but doesn't collect data. Select the check box for the monitor you want to turn off
and click Disable.

To permanently delete a component monitor from a SAM template:

1. When editing a template, select the monitor you want to remove and click Delete.
2. Confirm by clicking Yes. The monitor is permanently removed from the template.

Use the Component Monitor Wizard in SAM

As described here, SAM templates and application monitors use various component monitors to
gather data from server nodes and applications.

In addition to the predefined component monitors included in SAM, you can use the Component
Monitor Wizard to create custom component monitors for a specific process, performance counter, or
service, and then add that new component monitor to a template or existing application monitor (that
is, a template already assigned to a node).

1. Click Settings > All Settings > SAM Settings > Component Monitor Wizard.
2. Select a component monitor type.

3. Based on the component monitor type selected, the wizard guides you through various steps.
For example, if you select Process Monitor, you're prompted to select a target system from a list
of available systems in your environment. You may also need to select a platform type and enter
credentials for the target system. Provide all required information and click Next.

If creating a component monitor for a performance counter, do not use a "*" wildcard in the
Instance field. Only one instance can be polled per component monitor.

4. If you entered target system credentials, a connection test runs. If it passes, continue adding
component monitors and properties. Depending on the components, you may need to enter
additional server and credentials data.

page 232
 5. After creating a component monitor, add it to templates and application monitors, as necessary.
See Manage component monitors in SAM templates and application monitors.

After polling occurs, data gathered by the application monitors appears on Node Details views.

For an example about using the Component Monitor Wizard, see Create a custom JMX Monitor
in SAM. For a video overview, click here.

page 233
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Manage thresholds in SAM

Thresholds are markers that indicate certain levels were reached, which you can adjust and set to act
as trigger points for many component monitors included in SAM templates and application monitors.
For example, to monitor CPU usage, a Critical threshold set at 90% would be typical. After setting
thresholds, you can configure alerts so SAM sends an email alert when a Critical status threshold is
breached.

If thresholds are set too low, you'll receive frequent alerts. If set too high, problems can occur
without your knowledge.

The Orion Platform includes predefined, general thresholds for most statistics, but you can override
these thresholds and customize them on a per-object basis. For example, global thresholds exist for
Disk Usage and Response statistics for all monitor nodes, but can be updated for specific nodes. To
learn more, see Thresholds in the Orion Platform.

The following statistics have global thresholds that apply to every node monitored in the Orion
Platform, by default:

l Average CPU load

l Disk Usage
l Percent memory Used
l Percent Packet Loss
l Response Time

Baseline data, as well as Warning and Critical thresholds for application monitors, can also be
gathered and calculated automatically, as described in Adjust threshold settings and apply baseline
data in SAM. The option to enter thresholds manually remains available. In general, you need to
monitor applications for several weeks to collect enough data to use as a baseline. After you establish
a baseline, you can make an educated guess about how to set Warning and Critical thresholds for
component monitors.

By default, I/O thresholds of Windows Service Monitors are not set.

This section includes the following topics:

l Inherit thresholds in SAM

l Multi-value scripts and thresholds
l Apply baseline thresholds at the template level
l Apply baseline thresholds at the application-monitor level
l Adjust threshold settings and apply baseline data in SAM
l View latest baseline details

page 234
Additional resources about thresholds include:

l Thresholds in the Orion Platform (Orion Platform Administrator Guide)

l Use Min/Max Average Statistic charts to set thresholds based on 95th percentile data (Success
Center)
l Baseline thresholds (THWACK)

Inherit thresholds in SAM

As described here, if you change a setting or component monitor in a template, that change is
automatically inherited by all application monitors created from the parent template when you assign
templates to nodes. This inheritance also applies to thresholds so component monitors within an
application monitor inherit the changes made in the template.

If you change thresholds at the component monitor level, only thresholds of the individual component
monitor are affected. Thresholds on the parent template, or other applications based on that parent
template, are not be affected.

Multi-value scripts and thresholds

Each component monitor includes a number of thresholds for pulling and saving data. To use these
values in multi-value scripts, use the following threshold macros:

l ${Threshold.Warning.DisplayName}
l ${Threshold.Critical.DisplayName}

page 235
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The following screenshot displays the use of the macros in a script.

The following screenshots display the multiple display names used in a script for the warning and
critical threshold values.

Apply baseline thresholds at the template level

Applying and editing thresholds at the template level affect all applications that are based on that
template. Thresholds can be used based on calculated baseline data or you can create your own
thresholds based on your needs.

page 236
 1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Select a template and click Edit from the toolbar.
3. Select a component monitor, click [+] to expand the monitor details.
4. Select Use thresholds calculated from baseline data:

Once this box is checked, the Warning and Critical fields automatically populate with the macro,
${USE_BASELINE}. This macro can be used when configuring alerts.

5. Select the options for sustained thresholds, and then click Submit.

page 237
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

You can edit multiple component monitors and their thresholds if the monitors are the same
type and thresholds are available. Multi Edit only become available when the selected
component monitors are the same type, as shown. After you click Multi Edit, select Statistic
Threshold > Use thresholds calculated from baseline data. Edit thresholds, click Save >
Submit.

By default, I/O thresholds of Windows Service Monitors are not set.

Apply baseline thresholds at the application-monitor level

The Orion Platform has a set of global thresholds that apply to all monitored nodes, but you can also
apply baseline thresholds at the application-monitor level for individual nodes, as described here.

You may need to log in with an administrator account to perform this action.

1. In the Orion Web Console, click My Dashboards > Applications > SAM Summary.

2. From the All Applications widget, expand the tree and then click an application.
3. From the Application Details widget, click Edit Application Monitor.

page 238
 4. If selecting only one Component Monitor, click [+] to expand the monitor details.
a. Click Override Template.

The current values for the thresholds appear in the Warning and Critical fields.

b. Click Use Latest Baseline Thresholds, as shown:

c. When applied, the values change and a blue icon appears indicating that baseline
thresholds are being used.

5. If selecting more than one component monitor, use the check boxes to select the monitors you
want to edit, and then click Multi-Edit.
a. Click Multi-Edit.

Multi-Edit only becomes available when the selected component monitors are of the
same type.

page 239
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

b. Check the Statistic Threshold check box on the pop-up window, then check the Use
thresholds calculated from baseline data.

Once the second box is checked, the Warning and Critical fields automatically
populate with the macro, ${USE_BASELINE}.

6. Click Save > Submit.

Adjust threshold settings and apply baseline data in SAM

See also Manage thresholds in SAM.

In general, baseline data is calculated on demand; however, seven days of data is the recommended
minimum amount of data needed for baseline calculations to be considered accurate. Baseline data
for macros, such as ${USE_BASELINE}, are automatically calculated during nightly database
maintenance.

After thresholds are calculated and applied to component monitors, the thresholds remain static until
manually re-applied. This is not a moving baseline that is calculated nightly based on the last seven
days of data. A moving baseline would mask data spikes and other anomalies that need to be
highlighted.

Thresholds set manually to meet the needs of your environment may yield more desirable
results.

How SAM calculates baselines

SolarWinds SAM uses the following macros to calculate baseline values:

Macro Description

${USE_ Calculates the currently used baseline in SAM, as used in threshold fields of SAM
BASELINE} component monitors. Recommended baseline values are calculated using the
following formulas:
Warning: ${MEAN} + 2 * ${STD_DEV} (or ${MEAN} - 2 * ${STD_DEV})

Critical: ${MEAN} + 3 * ${STD_DEV} (or ${MEAN} - 3 * ${STD_DEV})

Baseline thresholds are not suitable for all metrics. If calculated values do not
meet expectations, consider setting the thresholds manually.

${USE_BASELINE} does not support math functions. To adjust the baseline

calculation, replace ${USE_BASELINE} with the formulas above and change
the calculation as necessary.

page 240
 Macro Description
${MEAN} Calculates the Current Mean or Average. You can use this macro with math functions
in threshold fields.

${STD_ Calculates the Standard Deviation. You can use this macro with math functions in
DEV) threshold fields.

To change the amount of data used in baseline calculations:

1. Click Settings > All Settings > SAM Settings > Data & Database Settings.

2. Enter a number of days, and then click Submit.

The value for the Baseline Data Collection Duration field cannot exceed the value defined for
the Detail Statistics Retention field, as displayed at the top of the Data & Database Settings
section.

To apply baseline thresholds at the template level:

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Check a template and click Edit from the toolbar.

page 241
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

3. If selecting only one component monitor, click [+] to expand monitor details.
a. Click Use Latest Baseline Thresholds to display the ${USE_BASELINE} macro in the
Warning and Critical fields.
b. Select options for sustained thresholds as needed.

4. If selecting more than one component monitor, select monitors by checking the boxes next to
their names.
a. Click Multi-Edit.

Multi-Edit is only available if selected component monitors are the same type.

b. Review Statistic Threshold data that on the pop-up window, then check the Use thresholds
calculated from baseline data.

The Use thresholds calculated from baseline data check box is not available until
Statistic Threshold is checked. After Use thresholds calculated from baseline data is
checked, the Warning and Critical fields automatically populate with the macro,
${USE_BASELINE}.

5. Click Save, then click Submit.

To apply baseline thresholds at the application level:

1. Click My Dashboards > Applications > Summary.

2. From the All Applications widget, expand the tree and then click an application.
3. From the Application Details widget, click Edit Application Monitor.

page 242
 4. If selecting only one Component Monitor, click [+] to expand the monitor details.
a. Click Override Template.

The current values for the thresholds appear in the Warning and Critical fields.

b. Click Use Latest Baseline Thresholds, as shown:

c. When applied, values change and a blue icon indicates that baseline thresholds are used.

5. If selecting more than one component monitor, use the check boxes to select the monitors you
want to edit.
a. Click Multi-Edit.

Multi-Edit is only available if selected component monitors are the same type.

b. Check the Statistic Threshold check box on the pop-up window, then check the Use
thresholds calculated from baseline data.

Once the second box is checked, the Warning and Critical fields automatically
populate with the macro, ${USE_BASELINE}.

6. Click Save, then click Submit.

page 243
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To use the latest baseline details for a component monitor:

1. Click My Dashboards > Applications > Summary.

2. From the All Applications widget, expand the tree and then click an application.
3. From the Application Details widget, click Edit Application Monitor.
4. Find a component monitor in the list and click [+] to expand the monitor details.
5. Click Override Template, then click Latest Baseline Details.

To edit capacity planning thresholds for a node:

1. Click a node to navigate to the Node Details view for that node.
2. In the Management widget, click Edit Node.
3. Click Manage Orion General Thresholds to display Capacity Planning options appear under
each object:

4. Make your selections, then click Submit on both the Orion General Thresholds screen and the
Edit Properties screen.

View latest baseline details

Details about how baseline data, as well as Warning and Critical thresholds are calculated, can be
found on the Latest Baseline Details page. This page details the data collection and calculation
process using several graphs and tables.

View the Latest Baseline Details Page

You may need to log in with an administrator account to perform this action.

1. In the Orion Web Console, click My Dashboards > Applications > SAM Summary.
2. In the All Applications widget, expand the tree and then click an application.
3. From the Application Details widget, click Edit Application Monitor.
4. Find a component monitor in the list and click [+] to expand the monitor details.

page 244
 5. Click Override Template click Latest Baseline Details.

page 245
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Use PowerShell in SAM

Created by Microsoft, PowerShell is a task automation and configuration management framework that
consists of a command-line shell and associated scripting language, built on the .NET Framework.
PowerShell is included in most installations of Microsoft Windows Server or you can install it, if
necessary.

Many SAM features, such as AppInsight for IIS and AppInsight for Exchange, leverage PowerShell to
execute commands and gather data from remote systems. You can also use PowerShell with other
Orion Platform products; for example, in SolarWinds IP Address Manager (IPAM), you can use it to
create subnets. The Orion SDK includes a specialized module for PowerShell called PowerOrion.

The ability to deploy PowerShell scripts to remote systems from within the Orion Platform is a powerful
advantage for system administrators. With an interactive prompt and scripting environment,
PowerShell provides access to the file system on remote computers, along with data stores such as
the registry. It includes built-in commands with a consistent interface — the PowerShell Integrated
Scripting Environment (ISE).

PowerShell does not process text; it processes objects based on the .NET Framework.

PowerShell also includes default cmdlets, which are lightweight commands you can use to
manipulate objects. Cmdlets have a unique format — a verb and noun separated by a dash (-), such as
Get-Help. You can use them separately, combine them in scripts that perform complex tasks, or create
your own cmdlets.

Some ways you can use PowerShell with SAM include:

l Automatically deploy a Windows agent to established instances on Amazon Web Services.

l Create a Windows PowerShell script monitor.
l Monitor Microsoft Exchange servers and IIS applications. See the SolarWinds Guide to
Monitoring Exchange.
l Monitor Office 365 services. See Using Microsoft Office 365 templates in the Success Center.
l Add scripts to component monitors used in SAM templates and application monitors

SolarWinds provides customer support for PowerShell scripts and functionality built into SAM,
but not for scripting languages or custom scripts. For scripting support from the SolarWinds
online IT community, visit THWACK.

page 246
Review these topics to learn more:

l PowerShell security considerations

l PowerShell requirements
l Enable remote access for PowerShell with WinRM
l Use Microsoft Exchange Management tools
l Use PowerShell with Orion agents
l Set PowerShell permissions for Exchange
l Learn more about PowerShell

PowerShell security considerations

Depending on how it's configured, PowerShell can make your deployment vulnerable to
unauthorized access. For example, running script monitors in Local Host mode on the Orion
server with Admin privileges gives scripts unlimited power. Your organization should internally
review and assess to what extent PowerShell scripts are incorporated into your environment.
This is especially important when importing scripts from third parties, including content posted
by other customers in the SolarWinds online IT community, THWACK.

When used in Orion Platform modules such as SAM, PowerShell can be a powerful tool that provides
the ability to:

l Access file systems on computers.

l Access data stores, including the system registry.
l Deploy scripts to run on multiple remote machines.

While PowerShell enhances SAM functionality, it's important to consider the security risks inherent in
using PowerShell scripts. Do not run untested PowerShell scripts against a production instance of the
Orion Platform. SolarWinds recommends using a dedicated Windows account with low-level
privileges for PowerShell monitors, especially for scripts executed on polling engines that use the
same Windows account as the Orion server.

You can also avoid security risks, such as malicious OS command injections, by using PowerShell's
built-in security, as described in Microsoft PowerShell documentation (© 2018 Microsoft Corp., link
available at docs.microsoft.com, obtained on October 30, 2018).

page 247
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

PowerShell requirements
Following are PowerShell requirements for a typical SAM environment:

l PowerShell version: Version 1.0 or later is required for local execution. For remote execution of
scripts, PowerShell 2.0 or later is required on the Main Polling Engine (that is, the Orion server),
Additional Polling Engines (APEs), and target servers. PowerShell is included in most versions
of Windows Server or you can install it, if necessary.

Some scripts require PowerShell 2.0 to execute certain actions. Later versions of
PowerShell shipped with Windows Server include a backwards compatibility mode you
can enable to run 2.0 with a later version.

Another consideration is whether to use 32-bit (x84) or 64-bit (x64) PowerShell. For best results,
match the PowerShell version to the OS and application configurations on a server. For
example, on a 64-bit Main Polling Engine that polls a 64-bit server, use PowerShell 64 bit (x64).

l Accounts and permissions: Local Admin rights are required to run scripts on the Orion server.
To execute scripts on target servers, select a Windows credential with rights to log into the Orion
server plus sufficient rights on the target node to execute tasks in the script. For example, if a
script does something with WMI, the credentials also need WMI rights on the target node.

SolarWinds recommends using a dedicated Windows account with minimal privileges for
PowerShell monitors, especially for scripts executed on the Main Polling Engine.

Without the correct permissions for a target server, scripts return an Unknown status.

l Microsoft .NET Framework: Many PowerShell scripts require .NET 3.5.x but most Orion
Platform products include later versions. For example, SAM 2019.4 includes .NET 4.8. If
necessary, use Server Manager's Add Roles and Features wizard to add .NET Framework 3.5.x.
l Remote access: To use Remote Host as the Execution Mode for a PowerShell script, enable the
Windows Remote Management (WinRM) service on the Orion server so it can access remote
target servers, as described next.

To ease PowerShell plug-in management in an environment with multiple polling engines,

consider assigning all nodes with PowerShell templates to a single polling engine.

page 248
Enable remote access for PowerShell with WinRM
To support SAM features that use PowerShell, such as AppInsight for IIS, the WinRM service must be
enabled and properly configured on the main Orion server. WinRM cannot be enabled on target
servers remotely, but you can configure the Orion server to grant permission for PowerShell to access
the target servers.

There are several automated ways to enable remote access for PowerShell on servers, including:

l Use the free Remote Execution Enabler for PowerShell tool. See this THWACK post for
instructions.
l Add the server as a new node. Starting in SAM 2020.2, WinRM polling is automatically enabled
on new Windows nodes. .
l Configure the target server as an AppInsight for IIS node via the Node Details view.

If you deploy an Orion agent to a target node and use Agent as the Preferred Polling method in
an application monitor, PowerShell scripts can be executed directly on the node without the
need to configure WinRM for remote PowerShell execution. See Use PowerShell with Orion
agents.

To enable WinRM quickly from the command prompt:

1. On the Orion server, open a command prompt as an Administrator, and enter the following:
winrm quickconfig –q
winrm set winrm/config/client @{TrustedHosts="*"}

2. On each target server, open a command prompt as an Administrator and enter:

winrm quickconfig
winrm set winrm/config/client @{TrustedHosts="IP_ADDRESS"}

TrustedHosts is case sensitive.

Another way to enable remote access for PowerShell manually is to follow these steps:

1. On the Orion server and each remote server you want to run PowerShell on:
a. Change the startup type for the WinRM service to Automatic.
b. Start the WinRM service.
c. Run the get-service winrm PowerShell command to verify WinRM is running.
2. On the Orion server, click Start > Accessories > Windows PowerShell > Windows PowerShell.

page 249
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

3. In the PowerShell console, run:

Set-PSSessionConfiguration Microsoft.PowerShell -ShowSecurityDescriptorUI -
force

4. Enable the "Full Control for everyone" option.

5. Verify the group to which the polling user belongs can access PowerShell.
6. Repeat these steps for all remote target servers.

When finished, each remoting server should include the following elements:

l An SSL certificate
l A WinRM Listener
l A firewall exception to allow outside requests to reach the WinRM service
l The WinRM service to receive requests from other computers

The following log file contains information and errors related to the WinRM configuration
process: C:\ProgramData\Solarwinds\Logs\APM\RunWinRMConfigurator.log

Use Microsoft Exchange Management tools

Many SAM PowerShell components rely on Exchange Management tools.

To monitor a specific version of Microsoft Exchange:

l Use the corresponding version of Exchange Management Tools.

l Install Exchange Management Tools on the Orion server and Additional Polling Engines that
use PowerShell scripts.
l Review Set PowerShell permissions for Exchange.

Use PowerShell with Orion agents

When working with SAM application monitor templates and individual application monitors assigned
to nodes, you can use a Windows Script Monitor with an Orion agent to run PowerShell, Perl,
VBScript, or any other Windows script language remotely. In that configuration, you don't need to
configure WinRM for remote PowerShell execution. All communication between the Orion server and
the agent occur over a single fixed port.

Otherwise, agentless polling executes locally on the polling engine itself (that is, either the Orion
server or an Additional Polling Engine).

page 250
To summarize:

l With agentless polling, the local execution of the script is local and the script is executed on the
polling engine.
l For Orion agent polling, the local script execution allows the script to be run directly on the target
node. There is no need to configure WinRM.

To learn more, see:

l Monitor with Orion agents in SAM

l Poll devices with SolarWinds Orion agents (Orion Platform Administrator Guide)
l SolarWinds Orion agent requirements (Orion Platform Administrator Guide)

Learn more about PowerShell

l The Basics of PowerShell (Part 1) (THWACK)
l The Basics of PowerShell (Part 2) (THWACK)
l The Basics of PowerShell (Part 3) (THWACK)
l Create a Windows PowerShell Script monitor (SAM Custom Template Reference)
l Troubleshoot PowerShell issues (SAM online help)
l Working with Office 365 via PowerShell (THWACK)
l Using Microsoft Office 365 templates (SolarWinds Success Center)
l Manage and Monitor PowerShell scripts in SCM (THWACK)

Use properties and macros in alerts for SAM application

monitors and component monitors
To supplement the alert functionality available in the Orion Platform, you can use various properties
and macros (also called variables) that are built into SAM's application monitors and component
monitors, as described in:

l Application monitor properties for alerts

l Application monitor macros for alerts
l Component monitor properties for alerts
l Component monitor variables for alerts

To learn more about alerts in general, see the Orion Platform Administrator Guide or watch All
About Alerts.

page 251
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Application monitor properties for alerts

You can use the following properties in alerts for application monitors.

Application Name

Select the names of currently configured application monitor templates as values.

Application Status

Select whether the application is in a Critical, Down, Unknown, Up, or Warning status.

Application monitor macros for alerts

The following macros are available when selecting APM-Application as the property type.

"APM" was the original product name for SAM.

Application Variable Macro Definition

${APM:ApplicationDetailsURL} ${N=SwisEntity;M=DetailsUrl} Hyperlink to the

Application Details
view that triggered
the alert, or the
Details page of the
application that
triggered the
component.

${Availability} ${N=SwisEntity;M=ApplicationAlert. The status of the

ApplicationAvailability} application.

${ComponentsWithProblems} ${N=SwisEntity;M=ApplicationAlert. A comma-delimited

ComponentsWithProblems} list of components
in a Down,
Unknown,
Warning, or Critical
state.

page 252
Application Variable Macro Definition

${ComponentsWithProblems ${N=SwisEntity;M=ApplicationAlert. List of components

Formatted} ComponentsWithProblemsFormatted} that are not Up,
along with the
component status.
HTML formatting is
used for the Send
e-mail action to
improve the
appearance of the
listed components.

${ComponentsWithProblems ${N=SwisEntity;M=ApplicationAlert. List of components

FormattedHtml} ComponentsWithProblemsFormattedHtml} that are not Up
along with the
component status.
Formatted with
HTML tags for
events that appear
in the Orion Web
Console.

${ComponentsWithStatus} ${N=SwisEntity;M=ApplicationAlert. A comma-delimited

ComponentsWithStatus} list of all
components and
their current status.

${ComponentsWithStatus ${N=SwisEntity;M=ApplicationAlert. List of components

Formatted} ComponentsWithStatusFormatted} with component
status, formatted
with HTML tags.

${ComponentsWithStatus ${N=SwisEntity;M=ApplicationAlert. List of components

FormattedHtml} ComponentsWithStatusFormattedHtml} with the
component status.
Formatted with
HTML tags for
events that appear
in the Orion Web
Console.

page 253
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Application Variable Macro Definition

${ID} ${N=SwisEntity;M=Application. The numeric

ApplicationID} application ID of
the specific
application.

${LastTimeUp} ${N=SwisEntity;M=CurrentStatus. The date and time

LastTimeUp} the application was
last seen in an Up
state.

${Name} ${N=SwisEntity;M=Application. The name of the

ApplicationAlert.ApplicationName} application that is
triggering the alert.

${NodeID} ${N=SwisEntity;M=Application. The numeric node

Node.NodeID} ID of the server on
which the
application is
monitored.

${SystemSummaryFormatted} ${N=SwisEntity;M=Application. System summary.

ApplicationAlert. HTML formatting is
SystemSummaryFormatted} used for the Send
e-mail action to
improve the
appearance of the
listed components.

${SystemSummaryFormattedHtml} ${N=SwisEntity;M=ApplicationAlert. System summary.

SystemSummaryFormattedHtml} Formatted with
HTML tags for
events that appear
in the web console.

${TimeStamp} ${N=SwisEntity;M=Application. The last polling

CurrentStatus.ObservationTimestamp} date and time of an
application.

Component monitor properties for alerts

The following alert properties are available for component monitors.

page 254
Component Name

This allows you to base your alert criteria on component names.

Component Type

This allows you to base your alert criteria on component types. Specify the component monitor
type by value using the following table.

Component Monitor Type Value

DHCP User Experience Monitor 35

Directory Size Monitor 38

DNS Monitor - TCP 4

DNS Monitor - UDP 5

DNS User Experience Monitor 15

Download Speed Monitor 25

Exchange Web Services User Experience Monitor 51

File Age Monitor 36

File Change Monitor 23

File Count Monitor 39

File Existence Monitor 28

File Size Monitor 22

FTP Monitor 7

FTP User Experience Monitor 24

HTTP Form Login Monitor 27

HTTP Monitor 6

HTTPS Monitor 14

IMAP4 Monitor 13

IMAP4 User Experience Monitor 30

JMX Monitor 49

page 255
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Component Monitor Type Value

LDAP User Experience Monitor 34

Linux/Unix Script Monitor 21

Log Parsing Monitor 61

MAPI User Experience Monitor 31

Nagios Script Monitor 50

NNTP Monitor 11

ODBC User Experience Monitor 16

Oracle User Experience Monitor 18

Performance Counter Monitor 37

POP3 Monitor 12

POP3 User Experience Monitor 29

Process Monitor – SNMP 8

Process Monitor - WMI 1

RADIUS User Experience Monitor 40

SMTP Monitor 10

SOAP Monitor 58

SQL User Experience Monitor 17

SNMP Monitor 32

SQL User Experience Monitor 17

TACACS+ User Experience Monitor 41

TCP Port Monitor 2

Tomcat Server Monitor 33

Web Link Monitor 26

Windows Event Monitor 42

Windows PowerShell Monitor 45

page 256
 Component Monitor Type Value
Windows Script Monitor 20

Windows Service Monitor 9

WMI Monitor 19

Component Status

This allows you to alert on Critical, Down, Unknown, Up, and Warning status.

Response Time

This allows you to alert on response time.

Statistic Data

This allows you to alert on statistic data.

Process (Service) Name

This allows you to alert on the process or service name. For example: dns.exe, or
AlertingEngine.

Process Instance Count

This allows you to alert on the instance count of a process.

Percent CPU

This allows you to alert on the percentage of CPU in use of a monitored process or service.

Percent Physical Memory

This allows you to alert on the percentage of physical memory used for a monitored process or
service.

Percent Memory Used

This allows you to alert on the percentage of total memory used for a monitored process or
service.

Percent Virtual Memory

This allows you to alert on the percentage of virtual memory used for a monitored process or
service.

page 257
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Virtual Memory Used

This allows you to alert on the amount of virtual memory, in bytes, used for a monitored process
or service.

Component monitor variables for alerts

The following variables are available when selecting APM-Component as the property type.

Component Monitor Vari-

Macro Definition
able
${APM: ${N=SwisEntity;M=DetailsUrl} Hyperlink to the
ComponentDetailsURL} Component Details
page that triggered
the alert.

${ApplicationId} ${N=SwisEntity;M=Application. The unique numeric

ApplicationID} identifier of the
application, similar
to the node ID.

${ApplicationName} ${N=SwisEntity;M=Application. The name of the

ApplicationAlert. monitored
ApplicationName} application.

${ApplicationStatus} ${N=SwisEntity;M=Application.Status} The status of the

application.

${ComponentId} ${N=SwisEntity;M=ComponentAlert. The numeric

ComponentID} component ID of the
specific application.

${ComponentMessage} ${N=SwisEntity;M=ComponentAlert. The message sent to

ComponentMessage} alert on component
status.

${ComponentName} ${N=SwisEntity;M=ComponentAlert. The name of the

ComponentName} component, for
example, SW
Module Engine.

${ComponentStatus} ${N=SwisEntity;M=Status} The status of the

specific component.

page 258
 Component Monitor Vari-
Macro Definition
able
${ComponentType} ${N=SwisEntity;M=ComponentAlert. The numeric
ComponentType} component type.

${DisplayType} ${N=SwisEntity;M=ComponentAlert. The display type for

DisplayType} the specific monitor.
For example,
Windows Service.

${LastTimeUp} ${N=SwisEntity;M=ComponentAlert. The date and time

LastTimeUp} the component was
last seen in the Up
state.

${MemoryUsed} ${N=SwisEntity;M=ComponentAlert. The memory used

MemoryUsed} by a component, in
bytes.

${MultiValueMessages} ${N=SwisEntity;M=ComponentAlert. Message sent when

MultiValueMessages} alerting on the
Multiple Value
Chart.

${MultiValueStatistics} ${N=SwisEntity;M=ComponentAlert. Statistics sent when

MultiValueStatistics} alerting on the
Multiple Value
Chart.

${NodeID} ${N=SwisEntity;M=ComponentAlert. The numeric node

NodeId} ID of the server on
which the
application is
monitored.

${Percent ${N=SwisEntity;M=ComponentAlert. The availability of an

ApplicationAvailability} PercentApplicationAvailability} application as a
percentage.

${Percent ${N=SwisEntity;M=ComponentAlert. The availability of a

ComponentAvailability} PercentComponentAvailability} component as a
percentage.

page 259
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Component Monitor Vari-

Macro Definition
able
${PercentCPU} ${N=SwisEntity;M=ComponentAlert. The amount of CPU
PercentCPU} used by a
component as a
percentage.

${PercentMemory} ${N=SwisEntity;M=ComponentAlert. The memory used

PercentMemory} by a component as a
percentage.

${PercentVirtualMemory} ${N=SwisEntity;M=ComponentAlert. The virtual memory

PercentVirtualMemory} used by a
component as a
percentage.

${ProcessInstanceCount} ${N=SwisEntity;M=ComponentAlert. The instance count

ProcessInstanceCount} of a process.

${ProcessName} ${N=SwisEntity;M=ComponentAlert. The process name.

ProcessName}

${ResponseTime} ${N=SwisEntity;M=ComponentAlert. The response time

ResponseTime} of a component.

${StatisticData} ${N=SwisEntity;M=ComponentAlert. The statistics data

StatisticData} value of a
component.

${StatusOrError ${N=SwisEntity;M=ComponentAlert. The status of the

Description] StatusOrErrorDescription} component,
including the full text
of any error
messages.

${Threshold-CPU-Critical} ${N=SwisEntity;M=ComponentAlertThresholds. The critical threshold

ThresholdCPUCritical} for CPU.

${Threshold-CPU-Warning} ${N=SwisEntity;M=ComponentAlertThresholds. The Warning

ThresholdCPUWarning} threshold for the
CPU.

${Threshold- ${N=SwisEntity;M=ComponentAlertThresholds. The Critical

PhysicalMemory-Critical} ThresholdPhysicalMemoryCritical} threshold for
physical memory.

page 260
 Component Monitor Vari-
Macro Definition
able
${Threshold- ${N=SwisEntity;M=ComponentAlertThresholds. The Warning
PhysicalMemory-Warning} ThresholdPhysicalMemoryWarning} threshold for
physical memory.

${Threshold- ${N=SwisEntity;M=ComponentAlertThresholds. The Critical

ResponseTime-Critical} ThresholdResponseTimeCritical} threshold for
response time.

${Threshold- ${N=SwisEntity;M=ComponentAlertThresholds. The Warning

ResponseTime-Warning} ThresholdResponseTimeWarning} threshold for
response time.

${Threshold-Statistic- ${N=SwisEntity;M=ComponentAlertThresholds. The Critical

Critical} ThresholdStatisticCritical} threshold for
statistics.

${Threshold-Statistic- ${N=SwisEntity;M=ComponentAlertThresholds. The Warning

Warning} ThresholdStatisticWarning} threshold for
statistics.

${Threshold- ${N=SwisEntity;M=ComponentAlertThresholds. The Critical

VirtualMemory-Critical} ThresholdVirtualMemoryCritical} threshold for virtual
memory.

${Threshold- ${N=SwisEntity;M=ComponentAlertThresholds. The Warning

VirtualMemory-Warning} ThresholdVirtualMemoryWarning} threshold for virtual
memory.

${TimeStamp} ${N=SwisEntity;M=CurrentStatus. The last polling date

ObservationTimestamp} and time of a
component.

${UserDescription} ${N=SwisEntity;M=ComponentAlert. A description of the

UserDescription} component. Note: A
default description is
provided. Changes
you make are
automatically saved.

page 261
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Component Monitor Vari-

Macro Definition
able
${UserNotes} ${N=SwisEntity;M=ComponentAlert.UserNotes} Custom notes about
a component.
Changes you make
are automatically
saved.

${WindowsEventMessages} ${N=SwisEntity;M=ComponentAlert. Full details of the

WindowsEventMessages} corresponding
event.

${VirtualMemoryUsed} ${N=SwisEntity;M=ComponentAlert. The amount of

VirtualMemoryUsed} virtual memory used
by a component, in
bytes.

Example tasks for SAM application monitors

Here are some typical monitoring scenarios for SAM:

l Create your first application monitor and alert

l Scan for applications to monitor
l Monitor a specific URL
l Monitor VMware performance counters using an application monitor in SAM
l Monitor and restart stopped Windows services in SAM
l Monitor large directories using the Windows Script Monitor
l Monitor IIS application pools
l Create a custom JMX Monitor in SAM

Create your first application monitor and alert

After being applied to a node, a template becomes an application monitor, which is comprised of
component monitors, also known as performance counters. Application monitors created from
templates are used to report metrics based on your needs. This example provides steps for creating a
template for monitoring WMI.

You will create a template with added monitors, configure the monitors, then apply the template to
nodes for monitoring. We also provide information for creating an alert for the WMI application to send
email notices based on monitored thresholds.

You may need to log in with an administrator account to perform this action.

page 262
Create a WMI monitor template
1. In the Orion Web Console, click Settings > All Settings > SAM Settings > Create a New
Template.
2. Provide a name for the template and click Add Component Monitor.
3. Select WMI Monitor and click Add.
4. Select credentials or Inherit Credentials from Node.
5. In the Query field, enter a WQL query to return a statistic to be reported.
6. Enter thresholds or select Use thresholds calculated from baseline data.
7. Click Submit.

Apply the WMI monitor template to a node

You may need to log in with an administrator account to perform this action.

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Locate your template and click Assign to Node.
3. Select the Windows node from the left pane, click the green arrow to move it to the right pane,
and click Next.
4. Choose the credentials, click Assign Application Monitor, then click Done.

Alert on the WMI application via email

1. Click Alerts & Activity > Alerts > Manage Alerts.
2. Click Add New Alert and name the alert.

3. On the Properties tab, enter required information, and click Next.

4. For the Trigger Conditions, complete the section as shown:

page 263
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To add the second trigger condition, click [+]. The first trigger condition tests for Status
(Down); the second tests for the specific application instance (indicated by 1 Object).

5. For Trigger Actions, click Add Action, select Send an Email/Page, then click Configure Action.
6. Enter required information and click Next to advance through the wizard.
7. Review and edit the Reset Actions and the Summary, then click Submit.
The Manage Alerts page indicates the alert was created successfully.

Scan for applications to monitor

You can scan for applications to monitor as added nodes on the Application Discovery page. SAM
scans your network for applications. Select applications from the displayed list to add as monitored
nodes.

You may need to log in with an administrator account to perform this action.

1. Click Settings > All Settings > SAM Settings > Scan Nodes for Applications.
2. Select nodes by clicking [+] to expand the node groups, then select the nodes you want to scan,
and then click Next.
3. Select applications to find, and then click Next.
4. Enter the credentials for the servers you are scanning, and then click Start Scan.
5. Click View SAM Summary Page, then click View results after the SAM scan is complete.

To learn more, see Scan nodes and assign SAM templates automatically with the Application
Discovery Wizard.

Monitor a specific URL

You can add a specific URL — either internal or external — as a monitored node. SAM will ping the
node to determine its basic status, and then use the Web Link monitor to collect the number of broken
or invalid links on the web page.

1. Click Settings > All Settings > Add Node.

2. Enter the Hostname or IP Address you want to monitor (for example, www.google.com).
3. Select External Node: No Status, and then click Next.
4. From the Show only: drop-down, select Web Pages.

page 264
 5. Select the "Web Link" and "Inherit credentials from template" check boxes, and then click Next.

6. On the Change Properties page, make any changes, and then click OK, Add Node.
7. Wait 5 to 10 minutes for polling to occur.
8. To review polling results, click My Dashboards > Summary, and then drill down to the node in
the All Nodes widget.

Monitor VMware performance counters using an application monitor in SAM

To monitor VMware performance counters, used by application monitor templates and component
monitors:

1. Click Settings > All Settings > SAM Settings > Component Monitor Wizard.
2. Select a VMware Performance Counter Monitor, and then click Next.

3. Enter the IP address of the VMware node, or click Browse to select a node from a list.
4. Select or enter the appropriate credentials, then click Next.
5. Select whether you want to monitor a single system or multiple systems.
l Choosing a single system provides specific counters that apply to the target system only;
choosing Multiple systems provides more generic counters that can be applied to multiple
systems.

page 265
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Choosing Multiple systems provides only aggregate performance counters (without

instances). Therefore, the application monitor created can be considered as generic and
assigned to different ESX/vCenter target hosts. Individual monitors will contain the
${VMWARE_ENTITY_NAME} variable in the Entity Name field of the monitor. When the
monitor runs, this variable is resolved to the first available entity on a target host with the
desired Entity Type (for example, the first Host System).
6. Select a VMware Entity to monitor, then select a Performance Object (group) to monitor.
7. Select the counters to monitor for the selected Performance Object, then click Next.
8. On the Edit Properties page, modify settings as desired and click Next.

Add components to the application monitor

1. Expand the Component list to display the list of counters or counters to be added.

2. Select New Application Monitor. Then enter a name for the new Application Monitor, then click
Next, then OK, Create.
3. Click View SAM Summary Page. Your new VMware monitor appears in the tree view for the All
Applications widget. The polling results for the new monitor are updated after a few minutes.
l Cluster Compute Resource (only available if the VMware vCenter Performance Counter
Monitor type is selected) – Data object that aggregates the computation resources of its
associated Host System objects into one single computation resource for use by virtual
machines. The cluster services such as HA (High Availability), DRS (Distributed Resource
Scheduling), and EVC (Enhanced vMotion Compatibility), enhance the usefulness of this
single computation resource. This Entity Type is specific to vCenter systems.
l Host System – Managed object type that provides access to a virtualization host platform.
l Resource Pool – Represents a set of physical resources which may be a single host, a
subset of a host's resources, or resources spanning multiple hosts. You can subdivide
Resource pools by creating child resource pools. to run, a virtual machine must be
associated as a child of a resource pool. In a parent/child hierarchy of resource pools and
virtual machines, the root resource pool is the single resource pool that has no parent pool.
l Virtual Machine – Managed object type for manipulating virtual machines, including
templates that can be repeatedly deployed as new virtual machines. This object type
provides methods for configuring and controlling a virtual machine.

Monitor and restart stopped Windows services in SAM

To automate the monitoring and restarting of stopped Windows services, you can assign a Windows
Service Monitor to nodes and then set up an alert to restart services and send email.

Note the following details about creating alerts to restart stopped Windows services:

page 266
 l The action to restart the service uses the credentials which the component is currently being
monitored with.
l WMI requires administrator privileges on the target machine by default; permission issues can
occur if the accounts have limitations.

SolarWinds Support cannot assist with creating a least-privileged Windows user account
or assigning permissions. Click here to learn about creating a non-administrator user for
SAM polling.

l If polling the service via Windows agent, the agent runs under the context of the LocalSystem
account on the target machine so it requires sufficient privileges to restart the service.
l The action to restart the service will only work with a component monitor-based alert. If the alert
is set up as an "I want to alert on an application monitor" on the Trigger Condition tab, the restart
service alert action will not function.

Click here to learn more about alerts, or watch a SolarWinds Lab episode, All About Alerts.

To create the monitor:

1. Click Settings > All Settings > SAM Settings > Component Monitor Wizard.
2. Select Windows Service Monitor, and then click Next.
3. Enter the IP address of the Windows node you want to monitor, or click Browse to select the
node from a list.
4. Enter or select the appropriate credentials, choose a Platform type, and then click Next.
5. Select services to monitor and click Next.
6. Select component monitors and edit properties as necessary, and then click Next.

7. On the Add to Application Monitor or Template tab, type a name for the new template and click
Next.
8. On the Assign to Nodes tab, select the desired nodes to monitor and click Next.
9. On the Confirm tab, click OK, Create.

To create an alert to restart stopped Windows services and then send emailL

1. Click Alerts & Activity > Alerts.

2. On the All Active Alerts page, click Manage Alerts.
3. On the Manage Alerts page, click Add New Alert.
4. In the Add New Alert wizard, provide alert details on the Properties tab and click Next.
5. On the Properties tab, provide alert details.

page 267
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

6. On the Trigger Condition page:

a. For "I want to alert on", select Component.
b. Choose an alert scope.
c. Configure a trigger condition as follows: Component > Component Name (Component
Alerting Properties) > Is equal to > Windows Service Monitor, as shown here:

d. Click Next to advance to the Reset Condition tab.

7. Enter values on the Reset Condition and Time of Day tabs, as necessary.
8. On the Trigger Actions tab, add an action to send email.
a. Click Add Action.
b. Select Send an E-Mail / Page and click OK.
c. Complete the e-mail info and click OK.
d. Click OK.
9. On the Trigger Actions tab, add an action to restart the service:
a. Click Add Action.
b. Select Execute an External Program, and then select Configure Action.

c. Provide a name for the action.

d. Under Network path to external program, insert the following:
APM\APMServiceControl.exe ${N=SwisEntity;M=ComponentAlert.ComponentID}
-c=RESTART

e. Click Add Action.

10. Provide alert details on the Reset Action and Summary tabs, and then click Submit to save the
alert.

See also Create an alert for monitored components in SAM.

page 268
Monitor large directories using the Windows Script Monitor
Before coding and testing your script, review Windows scripting details in the SAM Custom
Template Guide and Best Practices for SAM templates.

1. Click Settings > All Settings > SAM Settings > SAM Settings > Create a New Template.
2. Name the template, click Add Component Monitor, select Windows Script Monitor, and click
Add.
3. Provide a brief Description.
4. Select credentials with appropriate permissions to run the script on the target server.
5. In the Script Arguments field, type the Universal Naming Convention (UNC) path name for the
directory to monitor.

Use the variable ${IP} for the IP address of the target node to which the monitor is
assigned when the Windows Script Monitor runs.

6. Copy the following Visual Basic script, which retrieves the directory size, into the Script Body
field:

Dim folderPath
folderPath = WScript.Arguments(0)
Set fs=WScript.CreateObject ("Scripting.FileSystemObject")
Set folder= fs.GetFolder(folderPath)
WScript.Echo "Message: Folder " &folderPath & " is " & folder.Size & "
bytes large"
WScript.Echo "Statistic: " & folder.Size

7. Specify the critical and warning thresholds for the desired directory size, and then click Submit.

8. Create an assigned Application Monitor by assigning the Large Directory Monitor template to the
node.

a. In the Orion Web Console, click Settings > All Settings > SAM Settings > Manually Assign
Application Monitors.
b. Select All in the Show only list, click Large Directory Monitor, and then click Next.
c. Click Manually Assign Application Monitors and Select All in the Show only list.
d. Click Large Directory Monitor and then click Next.
e. Locate and select the desired node, and then click Next.

page 269
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

f. Enter itadmin in the Credential Name field and then enter your credentials.
g. Click Test, click Assign Application Monitors, and then click Done.

When monitoring occurs, the Visual Basic code in the template will:

1. Read the first argument passed to the UNC path name for the directory to monitor and store it in
FolderPath.
2. Create the Scripting.FileSystemObject and store it in fs.
3. Retrieve the folder name from the saved command line argument and store it in FolderPath.
4. Display the folder name and folder size as output.
5. Display the folder size, measured in bytes.

The script does not perform error checking.

Monitor IIS application pools

SolarWinds SAM can monitor five instances (for example, w3wp.exe), differentiated by application
pools separately if you specify the application pool names in the component monitors.

1. Click Settings > All Settings.

2. Add the web server to the Orion database.
a. Click Add Node then enter the hostname or IP address of the Intranet web server.
b. Check the ICMP (Ping only) check box and then click Next.
c. From the Add Application Monitors page, click Next.
d. From the Change Properties page, Click OK, Add Node.

3. Find the wp3w.exe process on the web server.

a. In the Orion Web Console, click Settings > All Settings > SAM Settings > Component
Monitor Wizard.
b. Select Process Monitor - WMI as the monitor type, and then click Next.
c. Click Browse, select the web server, and then click Select.
d. Enter WebServerAdmin in the Credential Name field.
e. Enter your credentials in the fields provided, then click Next.
f. Click the last page button to view the last page, then check the check box next to
w3wp.exe, and then click Next.

page 270
 g. Change Monitor Name to Webpool1, then enter webpool1 in the Command Line Filter
field.
h. Change the CPU Warning Threshold to greater than 40, then Change the CPU Critical
Threshold to greater than 50.
i. Click Add Another Component. After creating the monitors for all five w3wp.exe instances,
click Next.
j. Select New Application Monitor and enter Web Server Application Pools as the
Application Monitor Name, and then click Next.
k. Select the web server node, and then click Next, then click OK, Create.

Create a custom JMX Monitor in SAM

In addition to out-of-the-box application monitoring templates, SAM includes predefined component
monitors, including aJMX Monitor that's included in several templates, such as the JBoss (JMX)
template.

Although you can customize JMX Monitors at the template level, that's not always practical because
MBeans can vary so much in different environments.

Instead, consider using the Component Monitor Wizard to create a custom JMX Monitor that you can
assign to a node to poll managed beans (MBeans) on target Java application servers and JVMs. The
wizard walks you through each step of the process and provides a list of available MBeans.

Before proceeding, note the following details:

l To set up nodes for monitoring, see Configure Java application servers and JVMs.
l The JMX Monitor supports Orion agents for Windows, Linux, and AIX. Note that agentless and
Orion agent for Windows polling use the JMX Bridge Service but Linux-based JMX queries run
locally through the Orion agent itself. For details, see this THWACK post.
l The following Orion Platform features do not support JMX monitoring:
o Orion Remote Collectors (ORCs)

o FIPS mode

l Only numeric values are monitored. To monitor string data, consider using a custom script.
Supported data types include:
o java.lang.Byte

o java.lang.Short

o java.lang.Integer

o java.lang.Long

o java.lang.Double

o java.lang.Float

page 271
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l To monitor Apache Tomcat servers, SolarWinds recommends using the Tomcat Server monitor.

SolarWinds recommends testing JMX components individually. Testing large numbers of JMX
component monitors can impose heavy loads on agents and return incorrect results.

Prerequisites

Target nodes are set up, as described in Configure Java Virtual Machines for JMX monitoring in
SAM.

Credentials

You may or may not need JMX credentials or none at all, depending on the target server
configurationcredentials required by your Java application server.

To create a custom JMX Monitor in the Component Monitor Wizard:

1. Click Settings > All Settings > SAM Settings > Component Monitor Wizard.
2. On the Select Monitor Type tab of the wizard, select Java JMX Monitor as the component
monitor type and click Next.
3. On the Select Target tab, provide details about the target server, and then click Next.
4. On the Select Components tab, a list of available MBeans appears, as shown here. Expand the
folders by clicking the arrows (or [+]) to expand the tree view folder structure. Drill down to select
the attributes you want to monitor.

5. After selecting MBeans to monitor, click Next to complete the remaining tabs in the wizard.
6. When finished, click OK, Create to save your new component monitor.

page 272
After creating a JMX monitor, add it to templates and application monitors, as necessary. When polling
occurs, monitored data appears on Node Details views and related widgets on other pages.

The following figure shows how polled MBeans look when successfully monitored within SAM:

An alternative method: Customize a JMX Monitor manually

If you decide not to use the Component Monitor Wizard to build a custom JMX Monitor, you can adjust
values for an JMX Monitor in a template or application monitor manually, as shown in the illustration
below.

Entering the correct information can be complicated and cumbersome. This method is best
suited for an administrator who is very familiar with the Java environment.

page 273
Monitor with AppInsight applications
SolarWinds SAM includes several specially designed out-of-the-box templates that you can use to
monitor virtually every aspect of key business tools, such as Microsoft Active Directory, to get relevant
performance information from the server level. They also enable you to drill down into the data store
layer for performance data. Collectively, these templates are called the AppInsight™ templates.

Offering a level of detail and expert knowledge far beyond what standard templates provide, you can
assign AppInsight templates to nodes in many ways, including automatically with the Orion Platform's
Discovery process. Just as standard SAM templates convert to application monitors after being
assigned to nodes, AppInsight templates become AppInsight applications that monitor nodes.

The following AppInsight applications are available to monitor business-critical functions in your
SAM environment:

l AppInsight for Active Directory

l AppInsight for Exchange
l AppInsight for IIS
l AppInsight for SQL

The following figure shows some of the data provided by AppInsight for IIS:

page 274
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Note the following details about using AppInsight templates and applications:

l WMI is the preferred polling method because some node data, such as disk I/O, is only available
via WMI monitoring.
l Starting in SAM 2020.2, WinRM is the default transport method used to collect data for WMI-
based component monitors. See Use WinRM for application monitor polling in SAM.
l All AppInsight templates support the Orion agent for Windows. See Monitor with Orion agents in
SAM.
l Due to the complexity of these templates:
o You cannot add component monitors to AppInsight templates or application monitors.

o Some component monitors have default settings that you cannot modify due to

dependencies.
o Some component monitors cannot be disabled.

o You cannot import or export AppInsight templates in the Orion Web Console.

Unlike standard SAM templates that you can update by importing the latest version
from THWACK, AppInsight templates are updated automatically during product
upgrades.

l If you're using component-based SAM licensing, AppInsight applications consume licenses at

flat rates. See the SAM licensing model for details.

To learn more about SAM's AppInsight applications, see:

l Monitor with AppInsight for Active Directory

l Monitor with AppInsight for Exchange
l Monitor with AppInsight for IIS
l Monitor with AppInsight for SQL

Additional learning resources include:

l Deep Dive on using AppInsight Templates (webcast)

l What else can SAM Do? Getting the most from AppInsight templates (THWACK discussion)

page 275
Monitor with AppInsight for Active Directory
Key aspects of monitoring Active Directory involve keeping a close watch on the application and
service availability, and ensuring various performance metrics are checked against accepted
thresholds.

AppInsight for Active Directory monitors physical and virtual Active Directory environments to identify
issues about domain controllers, replication, and more. You can use it to track many key aspects of
Active Directory by getting relevant performance data from the server level. You can also drill down
into the data store layer for performance data.

After you assign the AppInsight for Active Directory template to a node, it becomes an application on
the node that reports data to SAM through a predefined set of component monitors, including:

l The Windows Event Log Monitor, that scans Windows event logs for server-related events.
l The Performance Counter Monitor, that collects Windows Performance Counter data.

For component-based SAM licenses, AppInsight applications consume licenses at flat rates. To
learn more, see the SAM licensing model.

page 276
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Here are some ways you can use the status and metrics provided by AppInsight for Active Directory:

l File replication service: Identify failures on replications or issues with the network leading to
slow replication rates between websites.
l Directory services: Watch critical directory services to ensure your email and phone contacts
are always synchronized.
l Service outages: Monitor domain controllers continuously to prevent service outages. Diagnose
performance issues by tracking CPU usage, connected users, failed logins, account lockouts,
and more. Discover domain controllers on unmonitored nodes.
l Dependencies: Troubleshoot Active Directory dependencies with widgets that show in-depth
details about issues impacting performance.

Note the following details about AppInsight for Active Directory:

l Multiple instances of this database-intensive feature can impact performance. Consider limiting
usage to a few key domain controllers. You can also adjust Advance settings on individual
nodes to boost performance.
l When AppInsight for Active Directory is assigned to a specific node, SAM creates a
DCApplication entity for the domain controller. Each DCApplication is grouped by the domain
entity to which it belongs. SAM uses .NET Framework to poll data via a secure LDAP protocol
for each domain. Gathered data includes the number of controllers, users, computers,
replications, and site statistics.
l AppInsight for Active Directory uses domain controller IP addresses instead of domain names for
polling. LDAP components do not include the $DomainName parameter in configuration fields.
This use of IP address enables different applications to get data from all monitored domain
controllers in a single domain.
l Like the other AppInsight templates, the AppInsight for Active Directory template includes
several component monitors with default settings that cannot be modified due to dependencies.
Also, you cannot add component monitors to this template.

To start using AppInsight for Active Directory:

l Review the following topics:

o Best practices for AppInsight for Active Directory

o AppInsight for Active Directory and component-based licensing

o AppInsight for Active Directory requirements and permissions

l Assign AppInsight to monitored domain controllers running Active Directory Domain Services.
l Configure AppInsight for Active Directory for specific domain controllers. For example, adjust
component monitor thresholds, certificate handling, and Global Catalog or LDAP ports.

page 277
To further refine AppInsight monitoring, you can:

l Customize widgets that appear in views.

l Configure alerts to receive notifications about domain controller usage, issues, and thresholds.

To learn more about AppInsight applications, see Monitor with AppInsight applications and
watch Deep Dive on using AppInsight templates.

Best practices for AppInsight for Active Directory

When using and configuring AppInsight for Active Directory, SolarWinds recommend the following
best practices:

l SolarWinds recommends the following limits for AppInsight for Active Directory monitoring:
o Up to 150,000 users and computers per domain controller.

o Starting in SAM 2020.2.1, up to 200 domain controllers.

In earlier SAM versions, 50 domain controllers.
l
Click here to learn how Advanced settings can impact domain controller performance and
scalability.

l When adding nodes for domain controllers, select Windows Servers: WMI and ICMP as the
polling method so AppInsight for Active Directory widgets can display node status and names
properly via WMI. ICMP-only nodes cannot supply DNS or SysName values required to compute
replications for destination domain controller FQDN names. See this article in the SolarWinds
Success Center for details.
l Consider limiting usage to a few key domain controllers for this database-intensive feature. For
general visibility, applying AppInsight for Active Directory to one domain controller per site is
sufficient. However, to track replication status between domain controllers, assign AppInsight for
Active Directory to all domain controllers within a site to ensure visibility into the replication
status across the site.

SolarWinds recommends using Active Directory accounts with limited permissions (for
example, read-only administrators) for AppInsight for Active Directory monitoring.

l Several "Total" performance counters (for example, Total Inactive Users) are initially disabled in
the AppInsight for Active Directory template to avoid performance issues in environments with
large quantities of users and computers, especially on clients. You can enable those component
monitor for individual nodes, as necessary. See Configure AppInsight for Active Directory on
nodes.

page 278
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Starting in SAM 2020.2.1, you can configure AppInsight for Active Directory on individual nodes
to poll for replication details without collecting domain configuration data, such as sites and
trusts. This can improve performance in large environments. Click here to learn more about the
Enable Domain Components option, available in Advanced settings for application monitors.
l
Starting in SAM 2020.2, you can use WinRM as the transport method for AppInsight
polling via WMI. To learn more see, Use WinRM for application monitor polling in SAM.

l When first testing alerts, only assign the alerts to your own or other tester email addresses.
Watch and monitor the alerts for two weeks to generate stable baselines that you can use to
refine monitoring and alert actions for the usage and performance in your specific environment.
Your environment's baseline and performance expectations may vary, as compared to the
default thresholds.
l Create custom views with different AppInsight for Active Directory widgets for user groups in
your organization. See the Orion Platform Administrator Guide for details.

AppInsight for Active Directory and component-based licensing

Per the SAM licensing model, when using AppInsight for Active Directory in environments with
component-based licenses, 50 component monitors count against your licensed number of
component monitors for each domain controller you decide to monitor.

AppInsight applications provide tremendous value within SAM while consuming a fixed number
component monitor licenses. However, they cannot be partially unlicensed because the way they
collect data differs significantly from traditional application monitor templates.

For example, if you have an active license for 1,500 component monitors and use AppInsight for
Active Directory to monitor 5 domain controllers, 250 component monitors count against your total
license. The amount of licenses used is strictly per monitored AppInsight for Active Directory
application. The number of Active Directory instances you have on domain controllers affects the
number of elements.

50 component monitors X 5 domain controllers = 250 component monitors used.

This leaves you with 1,000 component monitors available for use elsewhere.

1,500 component monitors – 250 component monitors used for AppInsight for Active
Directory = 1,250 component monitors remaining.

If you choose not to use AppInsight for Active Directory, you are not penalized any number of
component monitors.

page 279
AppInsight for Active Directory requirements and permissions
Operating systems

Domain controllers should already be running Active Directory Domain Services (AD DS) on:

l Windows Server 2012 R2,

l Windows Server 2016, or
l Windows Server 2019.

Nodes

Nodes should already be running Active Directory Domain Services.

If you plan to use the Discovery to add AppInsight for Active Directory to nodes, enable WMI on
domain controllers so they can be detected during Discovery.

When adding nodes to the Orion Platform for domain controllers, select Windows Servers: WMI and
ICMP as the polling method so AppInsight for Active Directory widgets can display node status and
names properly via WMI. ICMP-only nodes cannot supply DNS or SysName values required to
compute replications for destination domain controller FQDN names.

Obtain the IP address or fully-qualified domain name (FQDN) of each domain controller.

To access FQDN details, open a Windows command prompt on a computer on the correct
network and type nslookup.

Ports

Following are the default ports for AppInsight for Active Directory. If necessary, you can adjust settings
for individual domain controllers later. See Configure AppInsight for Active Directory on nodes.

l LDAP: 389
l LDAPS: 636
l Global Catalog (GC): 3268

Starting in SAM 2020.2, WinRM is the default transport method for data polled by WMI-based
component monitors. If that functionality is disabled, WMI uses DCOM/RPC communication to allocate
ports within a dynamic port range, typically between 1025 and 65536. Enable the Inbound Rules in
the WMI group and create firewall exceptions to allow TCP/UDP traffic on ports 1024 — 65535 so
monitored objects that use WMI can be mapped.

l WMI TCP ports 1025 — 5000

l TCP ports 49152 — 65535

page 280
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Encryption

Active Directory does not support encryption so the encryption method to connect to domain
controllers is set to None, by default. To use SSL or StartTLS, add an LDAP certificate to the server
manually.

Authentication

By default, authentication is set to Negotiate so SAM can use Kerberos or NT LAN Manager (NTLM)
authentication.

Permissions

Use domain credentials for an account that SAM can use to log into Active Directory.

l The account does not need elevated privileges.

l Local admin permissions are required to add AppInsight to nodes, but are not needed for
monitoring later.
l Application credentials must be from the domain of the monitored node with proper read/write
permission for Active Directory services.
l Domain credentials used for monitoring must have read/write access to monitored Active
Directory instances.

SolarWinds recommends using Active Directory accounts with limited permissions (for
example, read-only administrators) to monitor domain controllers with AppInsight for Active
Directory.

Assign the AppInsight for Active Directory template to domain controllers

After reviewing best practices and then requirements and permissions, gather the key information
you'll need to add AppInsight for Active Directory to domain controller nodes, including:

l Either the IP address or FQDN of each domain controller.

l The port details, encryption method, and authentication method for each domain controller.
l An Active Directory account with domain credentials and local admin permissions.

Like other AppInsight applications, there are several ways to assign AppInsight for Active Directory to
nodes:

l Use the Discovery Wizard.

l Assign the AppInsight for Active Directory template to nodes.
l Add AppInsight for Active Directory via the Node Details view.

page 281
Regardless of the method used, an application monitor (also called an "application") is created for
each node, based on the AppInsight for Active Directory template. In the Orion Web Console, the
default name displayed for the application monitor is "Active Directory," as shown in this example from
the Node Details page:

Add nodes with the Discovery Wizard

Use the Discovery Wizard (also called Network Sonar Discovery) to add a new node and select
AppInsight for Active Directory for monitoring. Credentials are inherited from the node automatically.

Enable WMI on domain controllers so they can be detected during Discovery.

1. Click Settings > All Settings > Add Node.

2. When the Add Node wizard appears, enter information on the Define Node tab and click Next.
3. On the Choose Resources tab, select AppInsight Applications > Active Directory.

4. Click Next and follow onscreen instructions to complete the wizard.

5. To confirm the node was added:
a. Click My Dashboards > Applications > Active Directory.
b. Navigate to the All Application widget, expand the tree, and click the Active Directory
application.

page 282
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

6. To customize AppInsight for Active Directory for a domain controller, see Configure AppInsight
for Active Directory on nodes.

Add AppInsight for Active Directory to nodes via the Manage Templates page

You can add AppInsight for Active Directory monitoring to a domain controller already being monitored
as a node via the Manage Templates page.

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. On the Manage Templates page, switch to the Application Monitor Templates tab.
3. In the Template Name column, select the AppInsight for Active Directory check box.
4. Click Assign to Node.
5. Complete fields on the Set up AppInsight for Active Directory page and click Assign Application
Monitor.
6. Proceed to Configure AppInsight for Active Directory on nodes.

Add AppInsight for Active Directory to nodes via the Node Details view

Follow these steps to add AppInsight for Active Directory to a domain controller already monitored as
a WMI node in SAM.

1. Click My Dashboards > Home > Summary.

2. Expand and select the domain controller node in the All Nodes - Tree View widget.
3. On the Node Details view, click List Resources in the Management widget.
The list may take a few minutes to generate.

4. Select Microsoft Active Directory to enable AppInsight for Active Directory data collection. When
done, click Submit.

page 283
 5. Click My Dashboards > Applications > SAM Summary.
6. Locate the All Applications widget, and click the Active Directory application on the specific
node.
7. When prompted, enter credentials and select the port used to communicate with the domain.
8. Click Test to verify the credentials and configured permissions.

9. Click Assign Credential to save the configuration.

After assigning AppInsight for Active Directory to nodes, customize settings for individual domain
controllers. For example, you can enable "Total" performance counters or adjust certificate handling.
See Configure AppInsight for Active Directory on nodes.

Configure AppInsight for Active Directory on nodes

After assigning AppInsight for Active Directory to individual domain controllers, you can customize the
settings in the application monitor for each node. Some settings can impact domain controller
performance in large environments.

1. Click Settings > All Settings > SAM Settings > Manage Application Monitors.
2. Select the node, which will list "Active Directory" as the Assigned Application Monitor, and then
click Edit Properties.

page 284
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

3. (Optional) Click Advanced to display settings for credentials, ports, encryption, and more.

When working with component monitors, note that AppInsight uses domain controller IP
addresses instead of domain names for polling; LDAP components do not include the
$DomainName parameter in configuration fields. This use of IP address enables different
applications to get data from all monitored domain controllers in a single domain. Click
here to learn more about component monitors in this template.

4. Adjust values and settings, as necessary, and then click Submit to save changes.
5. If you changed settings for an existing domain controller, use the Orion Service Manager to
restart the SolarWinds Collector Service.

Options in Advanced settings include:

l LDAP Port Number: The default port to connect to domain controller LDAP services is 389.
l Global Catalog Port Number: AppInsight can collect trust data for domain controllers configured
as Global Catalog (GC) servers on port 3268, as displayed in the Trust Summary widget. To use
port 3269 instead, update that setting here.

page 285
 To determine if a domain controller is a GC server, use PowerShell to check the
IsGlobalCatalog flag:
Get-ADDomainController-Filter {Site-eq 'Default-First-Site-
Name'}} | FT Name,IsGlobalCatalog
Get-ADDomainController | ft Name,IsGlobalCatalog

l Encryption Method: Active Directory does not support encryption so this value is set to None, by
default. To use SSL or StartTLS, add an LDAP certificate to the server manually.
l Ignore Certificate Errors: By default, the AppInsight ignores certificate errors encountered
during polling. Enable this setting if you want users to verify a server connection when
SAM encounters an invalid certificate during polling.
l Authentication Method: By default, authentication is set to Negotiate so SAM can use Kerberos
or NT LAN Manager (NTLM) authentication.
l Enable Domain Components: Available since SAM 2020.2.1, this setting determines if SAM
polls LDAP domain configuration components, such as sites and trusts. Enabled by default, you
can disable this setting to reduce redundant LDAP polling in your environment; only replication
details are polled. See below for details.

o Use the Orion Service Manager to restart the SolarWinds Collector Service if you
change this setting later. Otherwise, the status of the Active Directory application
displays as Down in the Orion Web Console and warnings appear in application
logs.
o Domain Controller Details and Site Details widgets are hidden on the Application
Details page if this setting is disabled.

l Enable Total Counters: By default, some component monitors are disabled in the AppInsight for
Active Directory template to avoid performance issues when setting up domain controllers in
environments with large quantities of users and computers. After adding AppInsight to individual
nodes, you can enable the following counters for a node.
o Total User Accounts

o Total Disabled User Accounts

o Total Computer Accounts

o Total Inactive Users

o Total Inactive Computers

o Total Expired Password User Accounts

Restart the SolarWinds Collector Service if you change this setting later. Otherwise, the
status of the Active Directory application displays as Down in the Orion Web Console and
warnings appear in application logs.

page 286
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Customize AppInsight for Active Directory on individual domain controllers to boost performance

As described in Best practices, adding AppInsight for Active Directory to one domain controller per site
is sufficient for general visibility. However, if you want to track replication status between domain
controllers across a site, you may decide to assign AppInsight to all domain controllers. In earlier
versions of SAM, the amount of polling involved could strain available resources.

Starting in SAM 2020.2.1, you can turn off the Enable Domain Components setting for individual
domain controllers to reduce polling; only replication details will be polled. LDAP data (for example,
sites and trusts) won't be collected.

By limiting that data that AppInsight need to poll on most domain controllers, you can:

l Reduce redundant LDAP data collection.

l Improve performance, especially in large customer environments with numerous Active Directory
domain controllers in each domain.
l Enhance scalability. Instead of only 50 domain controllers — the recommended limit in SAM
2020.2 and earlier, you can monitor up to 200 domain controllers.

Remember to restart the SolarWinds Collector Service if you change polling options. Otherwise,
the Active Directory application appears as Down in the Orion Web Console and warnings
appear in application logs.

Edit the AppInsight for Active Directory template

The AppInsight for Active Directory template includes numerous component monitors to provide data
about domain controllers and Active Directory services; click here for a list. If you modify the template,
child application monitors already assigned to servers update to match.

The primary reason to edit most SAM templates is to configure polling frequency, polling method, and
thresholds for warning and critical states for monitored metrics before assigning templates to nodes.
Like the other AppInsight templates, the AppInsight for Active Directory template includes component
monitors with default settings that cannot be modified due to dependencies. Also, you cannot add
component monitors to this template.

When working with component monitors, note that AppInsight for Active Directory uses domain
controller IP addresses instead of domain names for polling; LDAP components do not include
the $DomainName parameter in configuration fields. This use of IP address enables different
applications to get data from all monitored domain controllers in a single domain.

To edit this template:

1. Navigate to the Manage Application Monitor Templates page.

2. Click Edit to display component monitor details.

page 287
 3. Make your changes.
4. Click Submit.

When you assign this template to individual nodes that represent domain controllers, you create
individual application monitors (also called "applications") that have additional Advanced settings,
including:

l LDAP Port Number

l Global Catalog Port Number
l Ignore Certificate Errors
l Enable Domain Components
l Enable Total Counters

To learn about these settings and how they can impact domain controller performance, see Configure
AppInsight for Active Directory on nodes

AppInsight for Active Directory alerts and reports

SAM includes the following predefined alert for AppInsight for Active Directory:

Alert Trigger
Replication from [SourceDomainControllerName] to Replication
[DestinationDomainControllerName] failed on [NamingContextName] - last success of a domain
time [LastSuccessTime] consecutive number of failures controller
[consecutiveNumberOfFailures] last attempt time [LastAttemptTime]" fails

AppInsight for Active Directory alerts appear in the Active Alerts widget on the following pages:

l Active Directory Summary page

l Application Details view
l Domain Details page

Trigger conditions related to AppInsight for Active Directory that you can use in alerts include:

l AppInsight for Active Directory: Application

l AppInsight for Active Directory: Naming Context
l AppInsight for Active Directory: Site

To learn about using alerts, see the Orion Platform Administrator Guide or watch Managing
Existing Alerts.

page 288
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The following AppInsight for Active Directory reports are included in SAM:

l Active Directory Summary shows all domains monitored by AppInsight for Active Directory.
l Active Directory Summary: Trusts shows all domain trusts monitored by AppInsight for Active
Directory.

Troubleshoot AppInsight for Active Directory

This topic describes issues you may encounter when using AppInsight for Active Directory in SAM.

Be sure to review AppInsight for Active Directory requirements and permissions. Click here for
details on the AppInsight for Active Directory template. You can also search the Success
Center and THWACK for troubleshooting tips.

Issue: AppInsight for Active Directory widgets do not display polled data.

After configuring AppInsight for Active Directory, you may not see active data in widgets or receive
alerts immediately because polling may occur at different intervals, ranging from minutes to hours.
After 24 hours, widgets and alerts should start reporting data.

The default polling interval for AppInsight for Active Directory is 10 minutes.

You can also check AppInsight for Active Directory logs located in this default location:
c:\ProgramData\SolarWinds\Logs\APM\ApplicationLogs.

Issue: Domain Controller Details and Site Details widgets do not appear on the Application Details
page.

Check settings in the application monitor for the domain controller. These widgets are hidden when
the Enable Domain Components option is disabled.

Issue: Node status does not appear in AppInsight for Active Directory widgets, and Active Directory
widgets display IP addresses instead of node names.

To ensure that node status appears in AppInsight for Active Directory widgets with proper node
names, configure nodes to support both WMI and ICMP polling. ICMP-only nodes cannot supply DNS
or SysName values required to compute replications for destination domain controller FQDN names.
Alternatively, edit the name of an ICMP node on the Node Details > Edit Properties page.

Issue: Domain controllers display "Unknown" for several custom performance counters.

Check the server to make sure the Windows NT Directory Service (NTDS) category of performance
counters is present. If the base set of performance counter libraries was corrupted, you may need to
rebuild it. Click here for details. See also Performance Counter Monitor - Bad Input Parameter in
THWACK.

page 289
Issue: Components display Unknown status after initial poll.

Generic application monitors like Windows Event Log Monitor and Performance Counter Monitor may
have an Unknown status after the first round of polling. Wait 10 minutes for the next successful poll.

If the status of a domain controller remains Unknown after polling, make sure that a node exists for the
domain controller and that AppInsight for Active Directory is assigned to the node. See Configure
AppInsight for Active Directory on nodes.

Issue: After enabling Total counters in the AppInsight for Active Directory template, the AppInsight
for Active Directory application appears Down and warnings occur in SAM logs.

Enabling and disabling components for AppInsight applications can also place the Orion Collector
service in an unsynchronized state. Use the Orion Service Manager to restart the SolarWinds
Collector Service to clear its cache, as described in Configure AppInsight for Active Directory on
nodes.

Issue: Domain Controllers display Unknown status in AppInsight for Active Directory widgets.

Make sure the node is being monitored and that the AppInsight for Active Directory template is
assigned to the node. See Assign the AppInsight for Active Directory template to domain controllers.

page 290
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Windows SQL Server locking causes the Orion database to grow after assigning the AppInsight for
Active Directory to nodes.

SQL Server locks may occur if you exceed recommended limits for AppInsight for Active Directory
monitoring; see Best practices for AppInsight for Active Directory. Locks can prevent rows from being
deleted during daily database maintenance jobs, so the number of rows grows as polling continues.

Delete rows from the database manually, or remove AppInsight for Active Directory from nodes, wait
for daily database maintenance to finish, and then add AppInsight back to the nodes. Click here for
details.

Issue: The Replication widget shows only a few domain controllers.

The Replication widget displays domain controllers (shown on the right, below) that replicate with the
monitored domain controller (shown on the left) in the same domain, by design.

Issue: The Trust Summary widget does not display expected data.

If expected data does not appear in the Trust Summary widget, here are some ways to investigate:

l Navigate to My Dashboards > Applications > Active Directory to check the status of the
AppInsight for Active Directory application.

page 291
 l Verify that domain controllers are assigned the Global Catalog (GC) role. You can use
PowerShell to check if the IsGlobalCatalog flag is set to True:
Get-ADDomainController-Filter {Site-eq 'Default-First-Site-Name'}} | FT
Name,IsGlobalCatalog

Get-ADDomainController | ft Name,IsGlobalCatalog

l Verify that domain controllers configured as GC servers use port 3268, the default port to collect
trust data. If domain controllers use port 3269 instead, update that setting. See Configure
AppInsight for Active Directory on nodes.
l Check SAM logs and AppInsight for Active Directory logs located in this default location:
c:\ProgramData\SolarWinds\Logs\APM\ApplicationLogs.

Monitor with AppInsight for Exchange

Designed exclusively for the Exchange Mailbox role, AppInsight for Exchange provides visibility into
storage issues, mail queues, mailbox database status and growth, events, and critical processes and
services. With AppInsight for Exchange you can get a single view of all relevant current and historical
Exchange performance metrics.

You can add AppInsight for Exchange automatically through Discovery or add it to nodes manually via
the Node Details view. After it is applied to a node, AppInsight for Exchange is considered an
application and reports data to SAM through a set of component monitors.

AppInsight uses the Exchange credentials you provide to directly access the servers, complete
configuration, and collect data during polling. Before adding AppInsight to nodes, review
requirements and account permissions.

AppInsight for Exchange recommendations

When using and configuring AppInsight for Exchange, SolarWinds recommend the following best
practices:

l Manually configure AppInsight for Exchange on target servers in SAM provides additional
configuration and usage options. Manual configuration is recommended for experienced
Exchange administrators.

You cannot edit component monitors in the AppInsight for Exchange template to exclude
or include specific databases. To monitor specific databases, and not the entire Database
Availability Group (DAG), consider using Exchange templates that provide a starting point
for PowerShell scripts that monitor metrics for specific databases.

page 292
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l After configuring AppInsight for Exchange, you may not see active data in widgets or receive
alerts immediately because polling may occur at different intervals, ranging from minutes to
hours. After 24 hours, widgets and alerts should start reporting data.
l Configure alerts to be notified about Exchange server usage and issues. Monitor alerts for two
weeks to generate stable baselines. Your environment's baseline and performance expectations
may vary, as compared to the default thresholds.
l Create custom views with different AppInsight for Exchange widgets for user groups in your
organization.
l Download the free Exchange Monitor tool to check the status and performance of Exchange
servers.

To gain insight into metrics, services and Database Availability Group (DAG) status for
Microsoft Exchange Server 2013 and 2016, see Monitor your Microsoft Exchange Server with a
free tool, Exchange Monitor in the SolarWinds online IT community, THWACK.

Additional learning resources include:

l Deep Dive on using AppInsight templates (webinar)

l AppInsight for Exchange: Two Geeks and a Goddess (SolarWinds Lab episode)
l Q & A: AppInsight for Exchange (SolarWinds Lab episode)
l 5 Tips to Optimize Exchange Server for Improved Performance (THWACK)

Navigate AppInsight for Exchange

AppInsight for Exchange can be found in the All Applications widget on the Application Summary
view.

To view the AppInsight for Exchange Details page:

1. In the Orion Web Console, locate the All Applications widget by clicking My Dashboards >
Applications > SAM Summary.
2. Expand the AppInsight for Exchange tree and click [+].
3. Expand the node tree, click [+], and then click the application.

page 293
The AppInsight for Exchange Details view provides a customizable view of widgets for monitoring
your Exchange servers and services. Widgets on the view offer access to more Exchange details
pages including performance counter, database, and mailbox details.

l Click any performance counter in a widget to view the Exchange Performance Counter Details
page.

l Click any database within a Database widget to view the AppInsight for Exchange Database
Details page.

page 294
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Click any user name within a Mailbox widget to view the AppInsight for Exchange Mailbox
Details page.

AppInsight For Exchange and component-based licensing

Per the SAM licensing model, when using AppInsight for Exchange in environments with component-
based licenses, 50 component monitors count against your licensed number of component monitors
per Exchange Server.

AppInsight applications provide tremendous value within SAM while consuming a fixed number
component monitor licenses. However, they cannot be partially unlicensed because the way they
collect data differs significantly from traditional application monitor templates. You can disable some
components within AppInsight applications but they will not reclaim component monitor licenses
because AppInsight applications typically monitor far greater than 50 components.

For example, if you have an active license for 1,500 component monitors and use AppInsight for
Exchange to monitor 88 mailboxes over ten Exchange servers, 500 component monitors count against
your total license. The amount of licenses used is strictly per Exchange server instance. The number
of mailboxes you have on these servers affects the number of elements. For details on scalability, see
the Scalability Engine Guidelines for SolarWinds Orion Products.

(50 component monitors X 10 Exchange Servers = 500 component monitors used.)

This leaves 1,000 component monitors available for use elsewhere.

(1,500 component monitors – 500 component monitors used for AppInsight for Exchange =
1,000 component monitors remaining).

Also note that if you choose not to use this application, you are not penalized any number of
component monitors.

page 295
The example below illustrates a situation where you have 40 available component monitors available,
but surpassed your allowed number of 300 monitors by 60. AppInsight applications are licensed as 50
monitors per application and cannot be partially licensed, as described above. Although you may be
able to disable some components in an AppInsight application, they will not reclaim component
monitor licenses because AppInsight applications typically monitor far greater than 50 components.

See also SAM licensing model.

AppInsight for Exchange requirements and permissions

Exchange hybrid versions are not supported.

AppInsight for Exchange works only with the Mailbox Role, which is used for data storage. All other
Exchange servers running different roles should use the Exchange application monitor templates
included with SAM if you intend to monitor them. Data is collected at the same default five-minute
polling interval as traditional application monitor templates.

Supported Microsoft Exchange Server versions

l Microsoft Exchange Server 2010

l Microsoft Exchange Server 2013
l Microsoft Exchange Server 2016
l Microsoft Exchange Server 2019

AppInsight for Exchange permissions

The following permissions are required to modify Exchange and WinRM settings on the server, as
well as poll performance counters:

l Local administrator permissions are needed for automatic configuration, but are not needed for
monitoring after configuration is complete.

page 296
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l To provide organization-wide capability, the service account (Domain User) must be a member
of the View-Only Organization Management group. Membership to this group gives the user
object read-only access to the entire Exchange environment, without providing any domain or
local access on the Exchange server. It also prevents unauthorized access to the account.
l To gather data, the user object must be assigned the Mailbox Search management role within
Exchange. The account must be a member of the Local Administrators group.
Note: Users without this role can access Exchange, but the additional level of permission is
required modify Exchange and WinRM settings on the server, or poll performance counters.
l For Mailbox statistics, Hub Transport Servers need to be accessed via RPC.

PowerShell requirements

l PowerShell 2.0 or later must be installed. See Use PowerShell in SAM.

l Permissions must be granted for PowerShell to be accessed. See Set PowerShell permissions
for Exchange.

Common configuration issues

l To add local administrative privileges to an Active Directory account, see Manually configure an
Exchange server for AppInsight for Exchange.
l To determine Exchange URL settings, see Find Exchange URL settings.
l To install PowerShell on the Exchange server, see Manually configure an Exchange server for
AppInsight for Exchange.
l If you don't want to configure WinRM to remotely monitor Exchange servers, you can use
AppInsight for Exchange in conjunction with the Orion Agent for Windows.

Edit the AppInsight for Exchange template

The AppInsight for Exchange template includes numerous component monitors to provide data about
Exchange servers in your environment. If you modify these settings and configurations in the template,
the details in AppInsight application monitors already assigned to servers update to match.

The primary reason to edit most SAM templates is to set general configurations such as polling
frequency, polling method, and thresholds for warning and critical states for monitored metrics before
assigning templates to nodes. The AppInsight for Exchange template includes several component
monitors with default settings that cannot be modified due to dependencies. Also, you cannot add
component monitors to this template.

You may need to log in with an administrator account to edit templates.

See the SAM Template Reference for a list of component monitors included in this AppInsight
template. You can also select the template on the Manage Application Monitor Templates page and
click Edit to display component monitor details, and then make any necessary changes.

To begin gathering metrics, assign the template to Exchange servers.

page 297
Configure AppInsight for Exchange on nodes
To configure and monitor Exchange servers in SAM, add AppInsight for Exchange to an existing node
manually. You can also add it to a new node when using the Discovery Wizard.

Review the Exchange requirements and permissions first:

l Local administrator permissions are required for automatic configuration. You do not need these
credentials for monitoring Exchange.
l To provide organization-wide capability, the service account (Domain User) must be a member
of the View-Only Organization Management group to give the user object read-only access to
the entire Exchange environment, without providing any domain or local access on the
Exchange server. It also prevents unauthorized users from modifying the environment (for
example, by creating or deleting users).
l To gather information, the user object must be assigned the Mailbox Search management role
within Exchange. To configure the account, it must be a member of the Local Administrators
group.
l Each target server requires IIS, as well as PowerShell 2.0 or later so SAM can run custom
PowerShell scripts to configure target servers for Exchange monitoring. See also Use
PowerShell in SAM.

Note the following details about AppInsight for Exchange nodes:

l Starting in SAM 2020.2, AppInsight for Exchange uses WinRM as the default polling method. If
upgrading from an earlier SAM version, see Configure WinRM polling on target nodes to update
existing nodes.
l SAM does not support multiple instances of Exchange on the same server.
l Nodes that are not added via WMI do not display in the List Resources dialog box.
l Monitoring an Exchange Database Availability Group (DAG) by way of a Virtual IP address (VIP)
is not supported. AppInsight for Exchange should only be applied to the physical IP address of
each mailbox server in the DAG, individually.

Add through the Discovery Wizard

Use the Discovery Wizard to add a new node and select AppInsight for Exchange for monitoring.

1. Click Settings > All Settings > Add Node.

2. Complete the information on the Define Node step, and then click Next.
3. On the Choose Resources step in the Add Node Wizard, select AppInsight for Exchange.
4. Click Next and complete the wizard as instructed.
5. Click My Dashboards > Applications > SAM Summary.

page 298
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

6. In the All Applications widget, expand the listed servers to locate the new node, and then click
the added Exchange application and node.
7. Enter Exchange credentials when prompted, and then click Configure Server.

Add to an existing node via the Node Details page

You can add AppInsight for Exchange to an Exchange server already monitored as a node in SAM.

1. Click My Dashboards > Home > Summary.

2. Expand and select the monitored Exchanger server node in the All Nodes - Tree View widget.
The details page for the node displays.
3. From the Management widget, click List Resources.
The list may take a few minutes to generate.

page 299
 4. Select Microsoft Exchange to enable AppInsight for Exchange data collection. When done, click
Submit.

5. Click My Dashboards > Applications > SAM Summary.

6. Locate the All Applications widget, and click the Microsoft Exchange application on the specific
node you modified.
7. Enter Exchange credentials when prompted, and click Configure Server.

page 300
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

When you click Configure Server, SAM runs custom PowerShell scripts to:

l Add the Mailbox Search Role to the Exchange server with the credentials provided.
l Enable the WinRM service to provide the Orion server with remote access to target servers.

The custom PowerShell scripts make the following configuration changes:

l Enable Windows Authentication for PowerShell's web site

l WinRM and Windows Authentication configurations are performed remotely from SAM

The process initiated when you click Configure Server is sometimes called "Zero Config."

See also:

l Manually configure AppInsight for Exchange on target servers in SAM

l Troubleshoot AppInsight for Exchange
l Troubleshoot permissions

Manually configure AppInsight for Exchange on target servers in SAM

SAM uses an automated configuration tool to add AppInsight for Exchange to nodes during Discovery,
or when nodes are added via the Add Node wizard. If that tool fails or you want to manually configure
custom settings, permissions, and so on, follow these steps to set up AppInsight for Exchange on
target servers.

Manual configuration is only recommended for experienced Exchange administrators.

1. Verify Microsoft Exchange credentials

2. Manually configure an Exchange server for AppInsight for Exchange

3. Set PowerShell permissions for Exchange

4. Find Exchange URL settings
5. Use the Add New Application Monitors Wizard to manually assign AppInsight for Exchange to
the node. An application monitor (also called an "application") is created for the node, based on
the AppInsight for Exchange template. In the Orion Web Console, the default name displayed for
the application monitor is "Microsoft Exchange."
6. Navigate to the Manage Assigned Application Monitors page, select the application monitor on
the node, and customize settings, as necessary.

See also:

l Troubleshoot AppInsight for Exchange

l Troubleshoot permissions

page 301
Verify Microsoft Exchange credentials
Here are requirements for accounts used to access Exchange:

l The account must be a domain account.

l To modify IIS and PowerShell settings on the Exchange server, the account must be a Local
Administrator.
l SolarWinds recommends using accounts that are not part of the Domain Administrators group.
You can add a custom domain security group to define a specific type of administrator with
specific permissions to the Local Administrators group. In large environments, use Group Policy
Objects (GPOs). For smaller environments, you can perform create security groups manually.

To verify Exchange credentials, run this PowerShell cmdlet in the Exchange Management Shell
(EMS): Get-ManagementRoleAssignment -RoleAssignee “USER_IDENTITY”

Manually configure an Exchange server for AppInsight for Exchange

Manual configuration is only recommended for experienced Exchange administrators. SAM

includes an automated way to configure Exchange servers, as described in Configure
AppInsight for Exchange on nodes.

Before manually configuring an Exchange server for AppInsight for Exchange:

l Review AppInsight for Exchange requirements and permissions.

l Make sure you have valid credentials for an Exchange account.
l Review the configuration changes to enable AppInsight for Exchange.

Use the following instructions to configure an Exchange server:

l Define Exchange credentials

l Grant Exchange access
l Set mailbox search access
l Install PowerShell 2.0 or later
l Set PSLanguageMode to FullLanguage for the PowerShell website
l Create a self-signed certificate
l Configure WinRM on the Exchange server
l Create a firewall rule
l Configure IIS
l Test the application

page 302
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Define Exchange credentials

Use domain accounts to access Exchange Management interfaces; AppInsight for Exchange does not
support local accounts. Select an existing Active Directory account or create one to use with
AppInsight for Exchange. See Verify Microsoft Exchange credentials.

1. On the server where you are granting local administrative privileges, open the Computer
Management console.

On Windows Server 2012, use the Active Directory console to manage administrative
privileges.

2. Navigate to the Administrators group.

3. Add the type in the Active Directory user name of the account. (Ensure the location is set to
either the domain where the account is located or Entire Directory.)

4. Save your changes.

Alternatively, add an Active Directory group to the local administrators group and add Active
Directory user accounts to that group.

To verify the account and local group membership was configured properly, run the following in a
PowerShell session:

$Recurse = $true

$GroupName = 'Administrators'

Add-Type -AssemblyName System.DirectoryServices.AccountManagement

$ct = [System.DirectoryServices.AccountManagement.ContextType]::Machine

$group =
[System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity
($ct,$GroupName)

$LocalAdmin = $group.GetMembers($Recurse) | select @{N='Domain'; E=

{$_.Context.Name}}, samaccountName, @{N='ObjectType'; E=
{$_.StructuralObjectClass}} -Unique

$LocalAdmin = $LocalAdmin | Where-Object {$_.ObjectType -eq "user"}

page 303
Grant Exchange Access

To grant Least Privilege access to the Exchange Organization:

1. Open Active Directory Users and Computers (ADUC) and find the Microsoft Exchange Security
Groups OU.
2. From the View-Only Organization Management group, add the user name of the account you
want to grant access to the Exchange organization.

Set Mailbox Search Access

Mailbox Search access is required to determine attachment counts and sizes.

1. From the Start menu, open the Exchange Management Shell (EMS).
2. Type: New-ManagementRoleAssignment -Role "Mailbox Search" -User <Username of
account being granted access> and then press Enter.

3. To verify the management role has been properly assigned, enter the following command:
Get-ManagementRoleAssignment -RoleAssignee <Username of account>

Install PowerShell 2.0 or later

PowerShell 2.0 or later is usually installed with Microsoft Server. Install it, if necessary (see Use
PowerShell in SAM). You may also need to Set PowerShell permissions for Exchange.

page 304
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Set PSLanguageMode to FullLanguage for the PowerShell website

Use IIS Manager on the Exchange server to configure application settings for the default website and
PowerShell virtual directory, and then recycle the MSExchangePowerShellAppPool application pool.

See Microsoft.com for detailed instructions.

Create a self-signed certificate

You can download a PowerShell script to create a self-signed certificate suitable for AppInsight for
Exchange from the SolarWinds Success Center. See Create a self-signed certificate for AppInsight for
Exchange with a PowerShell script.

Alternatively, follow these steps to create your own certificate.

1. Using PowerShell and CertEnroll, open PowerShell in the Run as Administrator context.

2. Enter the following code:

Use this format in the CN (Subject): "<IP Address of Server>_Solarwinds_

Exchange_Zero_Configuration"
For example: “10.199.15.106_Solarwinds_Exchange_Zero_Configuration”

$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"

$name.Encode("CN=TestServer", 0)

$key = new-object -com "X509Enrollment.CX509PrivateKey.1"

$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
$key.KeySpec = 1
$key.Length = 1024
$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)
(A;;0x80120089;;;NS)"
$key.MachineContext = 1
$key.Create()

$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"

$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
$ekuoids.add($serverauthoid)
$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
$ekuext.InitializeEncode($ekuoids)

$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"

$cert.InitializeFromPrivateKey(2, $key, "")

page 305
 $cert.Subject = $name
$cert.Issuer = $cert.Subject
$cert.NotBefore = get-date
$cert.NotAfter = $cert.NotBefore.AddDays(3650)
$cert.X509Extensions.Add($ekuext)
$cert.Encode()

$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"

$enrollment.InitializeFromRequest($cert)
$certdata = $enrollment.CreateRequest(0)
$enrollment.InstallResponse(2, $certdata, 0, "")

Configure WinRM on the Exchange server

1. Open a command prompt in the Run as Administrator context.

2. Type: winrm create winrm/config/listener?Address=*+Transport=HTTPS @
{Port="5986";CertificateThumbprint="<Thumbprint value of
certificate>";Hostname="<IP Address of Server>_Solarwinds_Exchange_Zero_
Configuration"} and press Enter.

3. Verify the configuration by typing: winrm get

winrm/config/listener?Address=*+Transport=HTTPS.

page 306
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Create a firewall rule

1. Open PowerShell using Run as Administrator.

2. Create a function for adding firewall rules using the following code:

function Add-FirewallRule {
param(
$name,
$tcpPorts,
$appName = $null,
$serviceName = $null
)
$fw = New-Object -ComObject hnetcfg.fwpolicy2
$rule = New-Object -ComObject HNetCfg.FWRule
$rule.Name = $name
if ($appName -ne $null) { $rule.ApplicationName = $appName }
if ($serviceName -ne $null) { $rule.serviceName = $serviceName }
$rule.Protocol = 6 #NET_FW_IP_PROTOCOL_TCP
$rule.LocalPorts = $tcpPorts
$rule.Enabled = $true
$rule.Grouping = "@firewallapi.dll,-23255"
$rule.Profiles = 7 # all
$rule.Action = 1 # NET_FW_ACTION_ALLOW
$rule.EdgeTraversal = $false
$fw.Rules.Add($rule)
}

page 307
 3. Run the function to create the firewall exception for WSMAN with this command:Add-
FirewallRule "Windows Remote Management" "5986" $null $null

4. Verify the rule was created.

Configure IIS

1. Open a command prompt in the Run as Administrator context.

2. Change to the C:\Windows\System32\Inetsrv directory.
3. Type: appcmd.exe unlock config -
section:system.webServer/security/authentication/windowsAuthentication and
press Enter.

4. Open PowerShell in the Run As Administrator context.

5. Type: Import-Module WebAdministration and press Enter.
6. Type: (Get-WebConfiguration
system.webServer/security/authentication/windowsAuthentication
'IIS:\sites\Default Web Site\PowerShell').enabled and press Enter.

7. If the return value is True, Windows Authentication is configured. If the value returned is False,
follow these steps:
i. Type: Set-WebConfiguration
system.webServer/security/authentication/windowsAuthentication
'IIS:\sites\Default Web Site\PowerShell' -value True and then press Enter.

page 308
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

ii. Type: (Get-WebConfiguration

system.webServer/security/authentication/windowsAuthentication
'IIS:\sites\Default Web Site\PowerShell').enabled to verify the setting
changed.

iii. Close PowerShell.

iv. In the open command prompt, type: appcmd.exe lock config -
section:system.webServer/security/authentication/windowsAuthentication
and then press Enter.

v. Close the command prompt.

page 309
Test the application

Navigate to the Application Edit page and click Test. Your screen should look like the following
illustration.

Set PowerShell permissions for Exchange

Your organization should internally review and assess to what extent PowerShell is
incorporated into your environment. This is especially important when importing scripts from
third parties, including content posted by other customers in the SolarWinds online IT
community, THWACK. To learn more, see Use PowerShell in SAM.

Certain PowerShell permissions are required for AppInsight for Exchange and the Exchange server.

1. On the remote computer, open the PowerShell console.

2. Execute this command: Set-PSSessionConfiguration Microsoft.Powershell -
ShowSecurityDescriptorUI -Force

3. When the Permissions dialog box appears, enable Full Control under the Permissions for
Everyone group, and select Allow.

page 310
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

4. Ensure that the group containing the polling user can access PowerShell, and click OK.
5. Verify all permissions are set and saved.

Resolving errors after a reinstall

If PowerShell was installed on Windows Server 2012 with Exchange 2013 and subsequently
uninstalled, a Microsoft error removes the required registry key for remote PowerShell to work
properly. Security patches or updates may also cause this issue. You can download PowerShell 2.0
or later from https://docs.microsoft.com/en-us/powershell (@2018 Microsoft Corp. Link obtained on
July 23, 2018.)

SolarWinds strongly recommends that you back up your registry before editing it. Only edit the
registry if you are experienced and confident in doing so. Using a registry editor incorrectly can
cause serious issues with your operating system, which could require you to reinstall your OS
to correct them. SolarWinds cannot guarantee resolutions to any damage resulting from making
registry edits.

To recreate the required registry key:

1. In Notepad, copy and paste the following text:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine]

"ApplicationBase"="C:\\Windows\\System32\\WindowsPowerShell\\v1.0"

"PSCompatibleVersion"="1.0, 2.0"

"RuntimeVersion"="v2.0.50727"

"ConsoleHostAssemblyName"="Microsoft.PowerShell.ConsoleHost,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35,
ProcessorArchitecture=msil"

"ConsoleHostModuleName"="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Mi
crosoft.PowerShell.ConsoleHost.dll"

"PowerShellVersion"="X.0"

2. Update the PowerShellVersion variable in the last line.

3. Save the file as PowerShellv1.reg and then double-click it to add it to the registry. (A reboot
may be required.)

page 311
Find Exchange URL settings
As part of the AppInsight for Exchange configurations, you should verify the PowerShell Exchange
and WinRM URLs are correct. By default, AppInsight for Exchange uses the following URLs for the
Exchange and WinRM sessions, where ${IP} is the IP address of the server node being added.

l Exchange: https://${IP}/powershell/
l WinRM: https://${IP}:5986/wsman/

Verify the PowerShell instance used by Exchange on a server:

1. Open the IIS Manager and navigate to the default website then to the PowerShell virtual
directory.
2. Verify the Virtual Path value (typically in the Advance Settings).

Verify a server's WinRM PowerShell instance:

1. Open a command prompt using Run as Administrator.

2. Enter the command winrm get winrm/config/listener?Address=*+Transport=HTTPS to
get the current configuration for the HTTPS protocol.

The two items of interest for the URL are Port and URLPrefix. If either of these have been modified,
and do not match the default values, edit the AppInsight for Exchange application with the correct
values:

l PowerShell Exchange URL: https://${IP}/powershell/

l PowerShell Windows URL: https://${IP}:9886/Custom_wsman/

page 312
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Additionally, the value of Hostname must match the CN of the certificate listed in the Certificate
Thumbprint property:

page 313
For more information, see:

l Manually configure an Exchange server for AppInsight for Exchange

l Set PowerShell permissions for Exchange

Attachment extensions acknowledged by AppInsight for Exchange

The following table lists the default attachment extensions that are acknowledged by AppInsight for
Exchange:

.accdb .doc .inf .mmp .ppt .swf .xml

.arj .dot .ini .mobi .ps1 .tar .xps

.avi .eml .iso .mov .pst .tmp .zip

.bak .epub .jar .mp3 .pub .txt

.bat .flv .jpg .mpeg .psd .vbs

.bin .gif .jpeg .msg .rar .wav

.bmp .gzip .lnk .pdf .reg .wks

.cab .hta .log .png .rtf .wma

.cmd .htm .mdb .pot .sql .wmv

.csv .img .mid .pps .svg .xls

page 314
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Monitor with AppInsight for IIS

AppInsight for IIS is an AppInsight application in SAM that you can use to monitor your IIS
environment to identify IIS server, website, and application pool performance issues. The dashboard
provides ease of monitoring with at-a-glance performance metrics for sites and applications pools,
updated through access to the IIS. As sites and application pools change through the IIS Manager, the
information and connections update in SAM. As you find and fix issues, stop or restart servers and
pools as required.

To start using AppInsight for IIS, review the following topics:

l AppInsight for IIS requirements and permissions

l AppInsight For IIS and component-based licensing
l Configure AppInsight for IIS on nodes in SAM

When finished with configuration, see Alerts and reports for AppInsight for IIS.

page 315
Here are some tips for using AppInsight for IIS:

l For advanced managing of IIS sites, disable sites when unused instead of deleting them.
l To reduce alert noise, disable any alerts associated with those disabled sites.
l Enable sites anytime you need them through the Site Details pages in AppInsight for IIS. This
option and others are available in the Management widget per ISS server, site, and application
pool.
l Use SolarWinds AppOptics to get advanced performance metrics from IIS nodes. See Integrate
SolarWinds AppOptics with IIS nodes in SAM.
l Four AppInsight for IIS reports are available:
o IIS SSL Certificate Expiration Report

o Site Connections Report

o Site Log Size by File

o Site Size by File

To learn more about AppInsight for IIS, see:

l Deep Dive on using AppInsight Templates (webinar)

l How To: AppInsight for IIS (SolarWinds YouTube video)
l IIS Web Server Monitoring: Best Practices (THWACK)
l IIS Web Server Monitoring Tool: AppInsight for IIS (SolarWinds YouTube video)
l Monitoring & Alerting on IIS Server Performance (THWACK)
l Monitoring Microsoft IIS (SolarWinds YouTube video)
l Troubleshoot AppInsight for IIS (SAM online help)

Navigate to the AppInsight for IIS Details view

Access AppInsight for IIS metrics through the All Applications widget in the SAM Summary page.

To access the AppInsight for IIS Details view:

1. Click My Dashboards > SAM Summary.

2. Locate the All Applications widget and expand the AppInsight for IIS tree by clicking [+].
3. Click an IIS application to view it.

page 316
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The Sites widget lists the sites (both front and backend) for the IIS server. Click a site to view more
details such as response time, connections, and requests.

The Application Pools widget lists up to 5 instances of IIS application pools. You can use application
pools to separate out applications from one another. If an issue occurs with an application, it may only
affect other applications in the pool, not all applications in your environment.

Click a pool to view additional worker process details.

To view the Performance Counter Details view, click a performance monitor in any widget.

AppInsight for IIS requirements and permissions

Review the requirements and permissions before configuring AppInsight for IIS nodes in your
environment. AppInsight for IIS data is collected at the same default 5-minute polling interval as other
application monitor templates.

Following are AppInsight for IIS requirements for nodes:

l Administrator rights or equivalent credentials to IIS servers are needed for configuration. Non-
administrative permission for polling is possible if using the optional Orion Agent for Windows.
l PowerShell 2.0 or later is installed. See Set up PowerShell on target servers in SAM.

Your organization should internally review and assess to what extent PowerShell is
incorporated into your environment. This is especially important when importing scripts
from third parties, including content posted by other customers in the SolarWinds online IT
community, THWACK. To learn more, see PowerShell security considerations.

l WinRM is enabled with a startup type of Automatic. See Enable remote access for PowerShell
with WinRM.

page 317
 l Starting in SAM 2020.2, AppInsight for Exchange uses WinRM as the default polling method.
If upgrading from an earlier SAM version, see Configure WinRM polling on target nodes to
update existing nodes.

An alternative to using WinRM is to use AppInsight for IIS with an Orion Agent. See this
THWACK blog for details.

l Supported OS and IIS versions include:

Microsoft OS IIS version

Windows Server 2008 IIS 7.0

Windows Server 2008 R2 and Windows 7 IIS 7.5

Windows Server 2012 and Windows 8 IIS 8.0

Windows Server 2012 R2 and Windows 8.1 IIS 8.5

Windows Server 2016 and Windows 10 IIS 10

Windows Server 2019 and Windows 10 IIS 10

If a prerequisite is missing, AppInsight for IIS goes into an Unknown state.

Port requirements
The IIS server must have the following TCP ports open on the managed nodes.

Technology TCP port Notes

RPC Endpoint 135 Used to establish WMI/RPC connections to the remote

Mapper computer. RPC is required to gather performance counter data
via the ASP.NET resource.

WMI 1025 - 5000 or By default, Windows uses a random port from these ranges for
49152 - 65535 WMI communications. The default port range differs based on
the OS so you'll need to create a firewall exception on the
remote computer.

PowerShell 5986 A secure listener hosted in the WinRM service.

HTTP At least one port If the connection is not allowed, the HTTP Monitor is hidden.
mentioned in the
bindings of a site.

page 318
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Technology TCP port Notes

HTTPS At least one port If the connection is not allowed, the HTTPS Monitor is hidden.
mentioned in the
secure bindings
of a site.

SSL At least one port If the connection is not allowed, the SSL Certificate Expiration
mentioned in the Date Monitor is hidden.
secure bindings
of a site.

SMB 445 Used for Site Directory Information and Log Directory
(Windows Information.
Shares)

AppInsight For IIS and component-based licensing

Per the SAM licensing model, when using AppInsight for IIS in environments with component-based
licenses, 30 component monitors count against your licensed number of component monitors for each
IIS server you decide to monitor.

For example, if you have an active license for 1,500 component monitors and use AppInsight for IIS to
monitor 10 IIS servers, 300 component monitors count against your total license. The number of sites
and application pools you have on these servers is irrelevant.

(30 component monitors X 10 IIS servers = 300 component monitors used.)

This leaves you with 1,200 component monitors available for use elsewhere.

(1,500 component monitors - 300 component monitors used for AppInsight for IIS = 1,200
component monitors remaining).

The example below illustrates a situation where 40 component monitors are available, but
surpassed the allowed number of 300 monitors by 60. The discrepancy is due to the fact that
AppInsight applications cannot be partially licensed, as is the case with typical applications.

page 319
Configure AppInsight for IIS on nodes in SAM
SAM offers two automated ways to configure AppInsight for IIS on nodes:

l For new nodes, use the Add Node wizard.

l For existing nodes, navigate to the Node Details view.

When you allow SAM to set up target servers (a process often called "Zero Config"), SAM runs custom
PowerShell scripts on target servers to:

l Configure PowerShell execution policies.

l Create a self-signed certificate for AppInsight for IIS.]
l Add a firewall rule for WinRM and WSMan.
l Enable the WinRM service to provide the Orion server with remote access to target servers.
l Create a WinRM listener.

You can also configure AppInsight for IIS manually.

To use the Add Node wizard to set up AppInsight for IIS on a new node:

1. Review AppInsight for IIS requirements and permissions.

2. (Optional) Watch this video.
3. Click Settings > All Settings > Add Node.
4. Complete the information on the Define Node step, and then click Next.
5. On the Choose Resources step in the Add Node Wizard, select AppInsight for IIS.
6. Click Next and complete the wizard as instructed.
7. Navigate to the SAM Summary page.
8. In the All Applications widget, expand the AppInsight for IIS tree view to display the new node.

page 320
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

9. Click Microsoft IIS to open the Configure IIS Server for Monitoring dialog box.

10. Enter Exchange credentials and click Configure Server to start the automated process. A
confirmation message appears when the process is complete.

If the node enters an Unknown state, check AppInsight for IIS requirements and
permissions for the target server.

To add AppInsight for IIS to an existing node via the Node Details view:

1. Navigate to the Node Details view for the node.

2. In the Management widget, click List Resources.

page 321
 3. Select the Microsoft IIS check box and click Submit.

If the Microsoft IIS option does not appear, review AppInsight for IIS requirements and
permissions.

4. Navigate to the SAM Summary page.

5. In the All Applications widget, expand the AppInsight for IIS tree view to display the node.
6. Click Microsoft IIS to open the Configure IIS Server for Monitoring dialog box.

7. Enter Exchange credentials, and then click Configure Server to start the automated process. A
confirmation message appears when the process is complete.

If the node enters an Unknown state, check AppInsight for IIS requirements and
permissions for the target server.

page 322
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

About the AppInsight for IIS template

The AppInsight for IIS template includes numerous component monitors to provide data about IIS
servers in your environment. If you modify these settings and configurations in the template, the details
in AppInsight application monitors already assigned to servers update to match.

The primary reason to edit most SAM templates is to set general configurations such as polling
frequency, polling method, and thresholds for warning and critical states for monitored metrics before
assigning templates to nodes. The AppInsight for Exchange template includes several component
monitors with default settings that cannot be modified due to dependencies. Also, you cannot add
component monitors to this template.

See the SAM Template Reference for a list of component monitors included in this AppInsight
template. You can also select the template on the Manage Application Monitor Templates page and
click Edit to display component monitor details, and then make any necessary changes.

To begin gathering metrics, assign the template to IIS servers.

Alerts and reports for AppInsight for IIS

AppInsight for IIS includes three alerts:

l Restart Failed IIS Application Pool

l Restart Failed IIS Site
l Alert me when the Average Server Execution Time for any URL exceeds an acceptable limit

For alert details such as macros and variables, click here. See also Manage thresholds in SAM.

Reports available for use with AppInsight for IIS include:

l IIS SSL Certificate Expiration Report

l Site Connections Report
l Site Log Size by File
l Site Size by File

To learn more about alerts and reports in general, see Explore alerts and reports.

Manually configure AppInsight for IIS on target servers in SAM

SAM uses an automated configuration tool to add AppInsight for IIS to nodes during Discovery, or
when nodes are added via the Add Node wizard. If that tool fails or you want to manually configure
custom settings, permissions, and so on, follow these steps to set up AppInsight for IIS on target
servers.

Manual configuration is only recommended for experienced IIS administrators.

page 323
 1. Review AppInsight for IIS requirements and permissions.
2. Set up PowerShell on target servers in SAM, if necessary.
3. Set the execution policy on target servers.
4. Create a self-signed certificate for AppInsight for IIS.
5. Create a firewall rule.
6. Update WSMan limits for AppInsight for IIS.
7. Create a WinRM listener for AppInsight for IIS.
8. Use the Add New Application Monitors Wizard to assign AppInsight for IIS to the node. An
application monitor (also called an "application") is created for the node, based on the
AppInsight for IIS template. In the Orion Web Console, the default name displayed for the
application monitor is "Microsoft IIS."
9. Navigate to the Manage Assigned Application Monitors page, select the application monitor on
the node, and customize settings, as necessary.

Set up PowerShell on target servers in SAM

PowerShell is included in most versions of Windows Server but you can install it, if necessary. To
ensure that the Orion server can execute PowerShell commands against remote, target servers
configured as managed nodes in SAM, you'll need to verify that:

l PowerShell 2.0 or later is installed. It's included in Windows Server but you can download and
install it, if necessary. See Installing PowerShell on Windows (© 2020 Microsoft Corp., link
available at docs.microsoft.com, obtained on May 21, 2020).
l WinRM is enabled. See Enable remote access for PowerShell with WinRM.
l The Startup Type is set to Automatic.

Depending on how it's configured in your environment, PowerShell can make your system
vulnerable to unauthorized access. For details, see Use PowerShell in SAM.

The easiest way to set up a target server for PowerShell is to configure AppInsight for IIS on the node,
which you can do in several way such as:

l For an existing node currently managed via WMI, click List Resources on the Node Details view
and select Microsoft IIS directly beneath AppInsight Applications. See Add AppInsight for IIS to
an existing node.
l For a new node added via the Add Node Wizard, you'll see the same Microsoft IIS option as
provided for existing nodes.
l For multiple nodes, add them via the Discovery Wizard or assign AppInsight for IIS to nodes on
the Manage Application Monitor Templates page.

page 324
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Set the execution policy on target servers

For AppInsight, the Execution Policy needs to be set to RemoteSigned on target servers.

1. Open a PowerShell session in the Administrator context.

2. Enter the following command: Set-ExecutionPolicy RemoteSigned

Create a self-signed certificate for AppInsight for IIS

You can download a PowerShell script to create a self-signed certificate suitable for AppInsight for IIS
here. To execute it, right-click it in Windows Explorer, select Run with PowerShell, and use the
following parameters:

l IP address: Mandatory
l Certificate lifetime in days: Optional

You can run this script with the default arguments from the PowerShell console or specify each one. In
the following example, 192.168.2.69 is the IP address of the node to be monitored by AppInsight for
IIS and 3650 is 3,650 days (10 years).
& '.\Create self-signed certificate script.ps1' 192.168.2.69 3650

See also Update WSMan limits for AppInsight for IIS.

Your organization should internally review and assess to what extent PowerShell is
incorporated into your environment. This is especially important when importing scripts from
third parties, including content posted by other customers in the SolarWinds online IT
community, THWACK. To learn more, see PowerShell security considerations.

Create a firewall rule for AppInsight for IIS

SolarWinds offers a PowerShell script that you can use to create firewall rules for IIS, available here.
Download, unpack, and execute the script by right-clicking it and selecting, Run with PowerShell. The
following parameters apply:

l Without parameters: The rule is created with the default name, "Windows Remote Management
HTTP/SSL" for port 5986.
l With one parameter: Non-default custom port.
l With two parameters: Non-default custom port and rule name

Run this script with the default arguments from the PowerShell console or specify each one, as shown
in this example:
& '.\Add firewall rule.ps1' 5988 "My custom firewall rule name"

page 325
 The default port for this rule is 5986 and does not need to be specified. Custom ports, as in the
example above that uses port 5988, must be specified.

Update WSMan limits for AppInsight for IIS

The WSMan provider for Windows PowerShell lets you add, change, clear, and delete WS-
Management configuration data on local or remote computers. SolarWinds provides a PowerShell
script to update the WSMan limits suitable for AppInsight for IIS, available for download here.

To execute the script, right-click and select Run with PowerShell.

The following parameters apply:

l maxConcurrentUsersDefaultValue - Default value is 5

l maxShellsPerUserDefaultValue - Default value is 5
l maxMemoryPerShellMBDefaultValue - Default value is 150
l serviceRestartRequired - Default value is $false

You can run this script with the default arguments from the PowerShell console or specify each one.

For example:
& '.\Update WsMan Limits.ps1'

Additional helpful commands include:

l To view the WinRM configuration, use winrm get winrm/config

l To view WinRM HTTPS Listener settings, use winrm get
winrm/config/listener?Address=*+Transport=HTTPS
l To check if the server is listening to port 5986, use netstat -an | findstr "5986"
l To remove WinRM HTTPS Listener settings, use ​winrm delete
winrm/config/listener?Address=*+Transport=HTTPS

See also Create a self-signed certificate for AppInsight for IIS.

Disclaimer: Your organization should internally review and assess to what extent PowerShell
is incorporated into your environment. This is especially important when importing scripts from
third parties, including content posted by other customers in the SolarWinds online IT
community, THWACK. To learn more, see PowerShell security considerations.

Create a WinRM listener for AppInsight for IIS

When AppInsight for IIS is configured for target servers, port 5968 is used as the WinRM HTTPS
listening port, by default. If you receive an "HTTPS listener currently exists on port 5986" message,
follow these steps to switch the listening port to an available port.

page 326
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

1. To configure WinRM on an IIS server, open an elevated Windows PowerShell command prompt;
run PowerShell as an administrator.
2. Copy the following text to a text editor:
winrm create winrm/config/listener?Address=*+Transport=HTTPS @
{Port="5986";CertificateThumbprint="<Thumbprint value of
certificate>";​Hostname="<IP Address of Server>_Solarwinds_Zero_
Configuration"}

This statement binds the certificate to the WinRM listener, using a wildcard symbol ("*") for
Address to allow listening on all available local addresses. Syntax may vary based on usage
inside of PowerShell or the Administrative Command prompt.
Port is the port number for the listener. The default port for WinRM is 5986, but you can change
it, if necessary.

For <Thumbprint value of certificate>, paste the self-signed certificate thumbprint, without
spaces. See Retrieve the Thumbprint of a Certificate (© 2020 Microsoft Corp, available at
docs.microsoft.com, obtained on October 29, 2020.)

The scripts are not supported under any SolarWinds support program or service. The scripts are
provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties
including, without limitation, any implied warranties of merchantability or of fitness for a particular
purpose. The risk arising out of the use or performance of the scripts and documentation stays
with you. In no event shall SolarWinds or anyone else involved in the creation, production, or
delivery of the scripts be liable for any damages whatsoever (including, without limitation,
damages for loss of business profits, business interruption, loss of business information, or other
pecuniary loss) arising out of the use of or inability to use the scripts or documentation.

Important: Quotation mark characters (") can change during copying and pasting. Using a
text editor such as Notepad should prevent that from happening, but if you don't get the
desired results, check the quotation marks to make sure they did not change.

3. Copy the text, paste it into the PowerShell command line, and press Enter. Results should look
something like this:

4. To verify the configuration, type winrm get

winrm/config/listener?Address=*+Transport=HTTPS.

page 327
 5. Press Enter.
Results should look something like this:

The following log file contains information and errors related to the WinRM configuration
process: C:\ProgramData\Solarwinds\Logs\APM\RunWinRMConfigurator.log

See also:

l Use PowerShell in SAM

l Troubleshoot application monitor polling with WinRM
l Create a WinRM HTTPS listener in Orion (Success Center)

Find IIS URL settings for AppInsight for IIS

By default, AppInsight for IIS uses the following URL for the IIS and WinRM sessions, where ${IP} is
the IP address of the server node being added.
https://${IP}:5986/wsman/

Verify a server's WinRM PowerShell instance

1. Open a command prompt in the Run as Administrator context.

page 328
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

2. Type: winrm get winrm/config/listener?Address=*+Transport=HTTPS to get the current

configuration for the HTTPS protocol.

page 329
The Hostname must match the CN of the certificate listed in the Certificate Thumbprint property.

Integrate SolarWinds AppOptics with IIS nodes in SAM

SolarWinds AppOptics is a Software-as-a-Service (SaaS)-delivered product that you can integrate
with IIS nodes to extend the application monitoring capabilities of SolarWinds SAM. By combining the
advanced performance metrics that AppOptics provides with SAM's capabilities to monitor application
dependencies, transaction times, and overall user experiences, you can better understand why
transactions in your applications are slow or failing.

This integration adds an extra layer of information to nodes that you can use to:

l Gain a code-level look into your AppInsight for IIS applications.

l Monitor the performance of custom IIS-based, .NET applications.
l Cross-reference application, server, and infrastructure metrics side-by-side in the same
dashboard

page 330
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

l Check the status of application stacks and see how tiers of applications interact with each other.
l Determine the databases and users that applications send information to.
l Identify if issues are network-, server-, or application-related so you can route them to the right
team.

Here are some benefits of integrating AppOptics with IIS nodes monitored in SAM:

SAM AppOptics

Custom application performance monitoring

Deep application performance visualization and tracing

Application dependency mapping

Hyper-V and ESX health and performance metrics

Server volume monitoring and capacity planning

Server hardware health and performance monitoring

Built-in alerts and reporting

After adding AppOptics to an IIS node, visualizations of key metrics — such as a breakdown of
response time into applications, remote calls, and database queries — appear on the subview of the IIS
Application Pool Details page, as shown in this example.

page 331
AppOptics integration requirements for IIS nodes in SAM
To integrate AppOptics with nodes monitored by AppInsight for IIS in SAM:

l Use SAM 6.7 or later.

l Configure AppInsight for IIS on nodes in SAM.
l Review AppOptics documentation for additional requirements, including supported languages
and operating systems.

This AppOptics integration is not compatible with FIPS mode. If FIPS is enabled on the Orion
server, SAM stops retrieving metrics for AppInsight IIS nodes from the AppOptics API.

This feature is not supported on nodes monitored via Orion Remote Collectors.

Integrate AppOptics with IIS nodes monitored by AppInsight in SAM

The first time you integrate SolarWinds AppOptics with an IIS node monitored in the Orion Platform by
SAM, you're prompted to create an AppOptics account or provide credentials for an existing account.

When you add AppOptics to a node, IIS services restart and related websites go down.

To integrate AppOptics with an IIS node for the first time:

1. Navigate to Settings > All Settings.

2. Under Product Specific Settings, click AppOptics Settings.
3. On the AppOptics Settings page, click Add.

page 332
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

4. When the Add an Integration wizard appears, click Create a new account.

If you already have an AppOptics account, click Go to AppOptics Login and follow steps in
Retrieve an AppOptics API token to integrate AppOptics with an IIS node in SAM.

5. On the Log In page, provide account details and click Sign Up.
The Orion Platform generates a unique API token that provides access to AppOptics data and
adds it to the Orion database.

page 333
 6. On the Select Nodes page, select the IIS node(s) and click Deploy.

If no nodes appear, check that AppInsight for IIS is configured correctly on the target
server. See Configure AppInsight for IIS on nodes and Troubleshooting AppInsight for IIS.

SAM deploys AppOptics agents to nodes and IIS services restart on remote machines. Related
websites go down. After a few minutes, AppOptics performance metrics appear in relevant SAM
widgets such as Top IIS Pools.

Retrieve an AppOptics API token to integrate AppOptics with an IIS node in

SAM
AppOptics uses unique API tokens to handle secure requests for data sent over HTTPS. The first time
you integrate AppOptics with an IIS node and create an AppOptics account, an API token is generated
and added to the Orion database automatically.

You can use these steps to retrieve a token for the SolarWinds AppOptics Monitored Services
API poller template, or a standard API poller that monitors values via the AppOptics API.

page 334
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To retrieve an API token for AppOptics that can be used in SAM:

1. Log into AppOptics.

2. Navigate to Settings > API Tokens.

3. Click the API Token you want to use.

4. On the Edit API Token page, click the clipboard icon to copy the token to the Windows
Clipboard.
5. Return to the Add an Integration wizard and copy the token into the API token field.

6. Click Apply Token and follow onscreen instructions to finish adding AppOptics to nodes.

page 335
Use the AppOptics subview in SAM
For IIS pools on nodes integrated with SolarWinds AppOptics, an extra subview is accessible from the
AppInsight for IIS Application Pools Details page. Hover over the left menu and click the Subview icon
to display the following default widgets:

l Average Response Time

l HTTP (5xx) Error Rate
l HTTP Methods
l HTTP Status Codes
l Requests per second

Within these widgets, you can:

l Hover over points on graphs to display specific information.

l Click the time period hyperlink to select a different range (for example, the Last 12 hours) or
configure a specific time and date range. Graphs show data for the last hour, by default.

page 336
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Click Full Data View at the top of the subview to open a browser and log into SolarWinds AppOptics to
display additional data, as shown in the following example:

To learn more about using AppOptics, click here.

Remove AppOptics from IIS nodes in SAM

When you remove AppOptics integration from a node in SAM, the Orion Platform:

l Uninstalls the AppOptics agent from the node,

l Removes the agent listing from the Orion database,
l Removes the AppOpticsInstrumentation module from the IIS server, and
l Restarts Microsoft IIS services.

When IIS services restart on the node, related websites go down.

To remove AppOptics integration from a node:

1. Navigate to Settings > All Settings.

2. Under Product Specific Settings, click AppOptics Settings.
3. On the AppOptics Settings page, select the nodes for which you want to remove from AppOptics.

page 337
 4. Click Delete.

If you receive exception errors about loading the AppOptics.Agent file or assembly on the IIS
server after removing AppOptics integration, you may need to remove the
AppOpticsinstrumentation module from the server in IIS Manager. See Troubleshoot AppOptics
integrations with SAM.

Troubleshoot AppOptics integrations with SAM

Following are issues you may encounter when integrating AppOptics with a node monitored by
AppInsight for IIS. For more troubleshooting tips, search in the Success Center or THWACK.

The AppOptics integration is not compatible with FIPS mode. If FIPS is enabled on the Orion
server, you cannot add a new integration for an IIS node in SAM. For existing integrations, SAM
stops retrieving metrics from the AppOptics API.

AppOptics cannot be integrated on nodes monitored via Orion Remote Collectors.

Error Description Solution

No IIS nodes do not appear on the Check the AppInsight for IIS configuration on the target
nodes Select Nodes page of the Add an server. See Configure AppInsight for IIS on nodes and
appear Integration wizard. Troubleshoot AppInsight for IIS.
in
wizard

Agent Error deploying the AppOptics Check the AppOptics agent logs stored in
failure agent. C:\ProgramData\SolarWinds\Logs\Remoting.

Internal Error accessing the Orion Redeploy the AppOptics agent on the Manage Agents
error database, which may occur if page.
agent deployment fails.

page 338
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Packag The AppOptics agent package Run the Orion Configuration Wizard and make sure
e does was not found. the package is in the default location,
not exist \Orion\Remoting\RemoteExecutionPackage\SAM.
AppOptics.

Timeout Installation took too long. Examine logs in

C:\ProgramData\SolarWinds\Logs\SAM.AppOptic
s, and
C:\ProgramData\SolarWinds\Logs\Remoting.

Install Error during remote installation of Examine logs in

error the AppOptics agent. C:\ProgramData\SolarWinds\Logs\Remoting

Failed Error copying files from Orion Examine logs in

to copy server to the target server. C:\ProgramData\SolarWinds\Logs\Remoting
files

Missing Admin share on target server is Enable an Admin share on the target server.
admin disabled.
1. Ensure that the Orion server and the target server
share
belong to the same Workgroup.
2. Specify which user(s) can access Administrator
Shares (Disk Volumes).
3. Enable File and Print Sharing through the
Windows firewall.
4. Check to see if you can access the Admin share
from another computer.
5. Add AppInsight for IIS to the node via the Node
Details view, or run the Discovery Wizard.

Access Unauthorized access to the target Examine logs in

denied server. C:\ProgramData\SolarWinds\Logs\Remoting

Unknow Possible invalid API token or Verify the API token. Reenter if necessary.
n error another unrecognized error.
Examine logs in
C:\ProgramData\SolarWinds\Logs\SAM.AppOptic
s, and
C:\ProgramData\SolarWinds\Logs\Remoting.

No WMI WMI on the target server is Enable WMI polling on the target server.
support disabled, or the target server is
turned off.

page 339
App No application pools exist on the Check that AppInsight for IIS is configured correctly on
Pool IIS server. the target server. See Configure AppInsight for IIS on
Error nodes and Troubleshoot AppInsight for IIS.

IIS A Could not load file or Follow steps in Uninstall the Agent. If that does not
website assembly 'AppOptics.Agent, work, try this workaround:
error Version=3.3.3.0,
Culture=neutral,
1. Start IIS Manager:
PublicKeyToken=9195cde59f6 2. Click the computer name of your IIS server.
d12e5' or one of its
dependencies. The system 3. Click the Modules icon in the IIS category.
cannot find the file 4. Select the AppOpticsInstrumentation module,
specified message appears if and then click Remove.
the Orion Platform could not
remove AppOptics from the IIS 5. Restart IIS services.
server.
If exception errors continue after removing the
AppOpticsInstrumentation module from the IIS
server, remove the module from the website
also.

AppOpti When you integrate AppOptics Make sure the service name for the AppOptics
cs data with an IIS node, SAM generates integration in SAM matches the service name used in
does a service name (for example, jr- AppOptics. To learn more about service names, see
not orbit-01-01-microsoft-iis- the AppOptics documentation.
appear 2-solarwinds-orion-
in the application-pool). If FIPS mode is enabled on the Orion server,
Orion SAM stops displaying AppOptics metrics.
If you change the service name
Web
(also called a "service key") in
Console
AppOptics later, the connection
breaks.

page 340
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Monitor with AppInsight for SQL

Identify performance and troubleshoot issues for SQL databases and queries with AppInsight for SQL.
This feature provides consolidated resource views into over 100 performance metrics across all SQL
servers monitored by SAM. These metrics include read and write latency, index fragmentation,
expensive queries (based on CPU time), SQL agent job status with logs, capacity, and resource
consumption for CPU, memory, and drive space.

With AppInsight for SQL, you can monitor resource consumption, respond to alerts, and monitor
expensive queries on a single page. Investigate issues and performance trends without hunting
through numerous views into the SQL servers in your environment. AppInsight for SQL provides a
level of detail and expert knowledge far beyond what a SQL template can provide, allowing you to
monitor virtually every aspect of your SQL instances and databases. The feature polls and reports
metrics without use of agents, directly accessing the SQL server using configured access permissions
and credentials via SNMP and WMI.

To get started with AppInsight for SQL:

l Review AppInsight for SQL requirements and permissions.

l Add AppInsight for SQL to nodes, either via Discovery or assigning a template. The node may
represent either:
o A named SQL instance, based on a server's Virtual IP (VIP) address, or

o A SQL cluster, such as those used with SolarWinds High Availability (HA).

When you add AppInsight for SQL to a node, an application (also called an "application monitor")
based on the AppInsight for SQL template is created on the node. In the Orion Web Console, the
default name for the application is "MSSQLSERVER" but can be customized. The Node Details view
is replaced by the following views:

l SQL Server Application Summary view: Click My Dashboards > Applications > SQL Server to
display a list of all SQL server instances monitored by AppInsight for SQL. From here, you can
click an instance to open its Application Details view.

page 341
 l AppInsight for SQL Application Details view: Click My Dashboards > Applications > SAM
Summary. In the All Application widget, expand AppInsight for SQL, and then click an instance
to display details on the Application Details view.

page 342
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

The SQL Server Application Summary view provides widgets you can use to monitor overall data for
all SQL servers including alerts, events, and consumed resources, including:

l All Applications view of all currently managed SQL servers as nodes, expandable to locate
specific nodes
l Active Application Alerts for specific alerts affecting SQL servers
l Top Processes by CPU Load, Physical Memory, Virtual Memory and more to gauge applications
consuming resources
l Top Monitored Processes by I/O Total Operations, Reads, and Writers for highest bandwidth
consumption, reads, and write latency

page 343
Expand rows in the All Applications widget to drill down into details about performance counters and
status. Click a metric to learn more about it.

page 344
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Click an instance to open its AppInsight for SQL Application Details view. The following example
shows an MSSQLSERVER instance in the Orion demo with a critical alert:

The AppInsight for SQL Application Details view consolidates all data for the selected SQL server,
including:

l An AppStack view for troubleshooting, alerts, events, expensive queries, capacity usage, and
other metrics.
l A list of the top 10 expensive Queries by CPU time.
l WPM transaction monitor results, if SolarWinds Web Performance Monitor is installed.
l Database performance data, if SolarWinds Database Performance Analyzer is installed. See
also Use the DPA Integration Module with SAM.

page 345
To review database data in the this view, select a database in the All Databases widget. The
Database Details view lists all databases on the node, alerts, AppStack, and more. To drill down to
see performance counter details in the AppInsight for SQL Application Details view, click a
performance counter in any widget.

To learn more about AppInsight for SQL, watch these videos:

l Deep Dive on using AppInsight Templates

l Introducing AppInsight for SQL Server
l SQL Server Performance: AppInsight for SQL

Did you know that when SAM alerts you about an application failure, you can use SolarWinds
IPAM to quickly determine if a broken or missing DNS record is at fault? You can then use SAM
to troubleshoot the service further.

AppInsight For SQL and component-based licensing

Per the SAM licensing model, when using AppInsight for SQL in environments with component-based
licenses, 50 component monitors count against your licensed number of component monitors per
SQL instance.

AppInsight applications provide tremendous value within SAM while consuming a fixed number
component monitor licenses. However, they cannot be partially unlicensed because the way they
collect data differs significantly from traditional application monitor templates. You can disable some
components within AppInsight applications but that will not reclaim component monitor licenses
because AppInsight applications typically monitor far greater than 50 components.

For example, AppInsight for SQL monitors over 120 individual metrics even if there is only one
database running on the server. If you don't want to monitor certain metrics, remove the warning and
critical thresholds for those components by editing the application. You will not be alerted or notified
about those components again and the components will not appear in a warning or critical state in the
Orion Web Console.

page 346
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

AppInsight for SQL requirements and permissions

AppInsight for SQL supports the following versions of Microsoft SQL Server:

l Microsoft SQL Server 2008, SP1, SP2, SP3

l Microsoft SQL Server 2008 R2, SP1, SP2 SP3
l Microsoft SQL Server 2012 SP1
l Microsoft SQL Server 2014
l Microsoft SQL Server 2014 SP1
l Microsoft SQL Server 2014 SP2
l Microsoft SQL Server 2016
l Microsoft SQL Server 2016 SP1
l Microsoft SQL Server 2017
l Microsoft SQL Server 2019 (Windows only)

AppInsight for SQL does not require named pipes but does use TCP connections to discover
SQL Server instances. As a result, you may encounter error messages about named pipes that
relate to the last time SAM used TCP to connect to SQL Server.

AppInsight for SQL permissions

Following are required permissions needed for AppInsight for SQL. See also SAM port requirements.

l Administrator permission at the host level.

l Be a member of the db_datareader role in the msdb database
l VIEW SERVER STATE permissions
l View any definition
l Connect permission to all databases, including Master and msdb
l Execute permission on the Xp_readerrorlog stored procedure

If utilizing a domain user for AppInsight for SQL, the domain user must be a member of the SQL
server's local admin group.

Review the following information regarding monitoring SQL servers with AppInsight for SQL:

l AppInsight for SQL supports SNMP and WMI protocols and uses SQL to gather application data.
Additional data is available for nodes managed via WMI.
l All AppInsight templates support the Orion agent for Windows. However, the agent is not
supported for when SQL server is monitored in a cluster.
l SQL clusters cannot be polled with domain credentials via the Orion agent because agents do
not work with AppInsight for SQL if the SQL server is monitored in a cluster.

page 347
SQL account permissions

The following script configures permissions for a SQL account. You must connect to the SQL
database server as "sa" or equivalent to create an account.

This script makes changes directly to the database. Create a database backup before running
either script.

USE master
GRANT VIEW SERVER STATE TO AppInsightUser
GRANT VIEW ANY DEFINITION TO AppInsightUser
GRANT VIEW ANY DATABASE TO AppInsightUser
EXEC sp_adduser @loginame = 'AppInsightUser' ,@name_in_db = 'AppInsightUser'
GRANT EXECUTE ON xp_readerrorlog TO AppInsightUser
USE msdb
EXEC sp_adduser @loginame = 'AppInsightUser' ,@name_in_db = 'AppInsightUser'
EXEC sp_addrolemember N'db_datareader', N'AppInsightUser'

Windows Authentication

The following script configures permissions for a SQL account with Windows Authentication:

This script makes changes directly to the database. Create a database backup before running
either script.

USE master
GRANT VIEW SERVER STATE TO "Domain\AppInsightUser"
GRANT VIEW ANY DEFINITION TO "Domain\AppInsightUser"
EXEC sp_adduser @loginame = 'Domain\AppInsightUser' ,@name_in_db =
'Domain\AppInsightUser'
GRANT EXECUTE ON xp_readerrorlog TO "Domain\AppInsightUser"
USE msdb
EXEC sp_adduser @loginame = 'Domain\AppInsightUser' ,@name_in_db =
'Domain\AppInsightUser'
EXEC sp_addrolemember N'db_datareader', N'Domain\AppInsightUser'
EXECUTE sp_MSforeachdb 'USE [?]; EXEC sp_adduser @loginame =
''Domain\AppInsightUser'', @name_in_db = ''Domain\AppInsightUser'''

page 348
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Domain account with Orion agent

To use a domain account with an Orion agent, the domain account needs to have “Log on as a batch
job” policy enabled for the default batch execution mode. Set this permission either locally on the
monitored SQL server or as a domain policy, which enforces the policy to all machines within the
domain.

This policy is only enabled for a LocalSystem account by default and explicitly needs to be
added for the domain account.

This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local
security policy of workstations and servers. The location for the policy is Computer
Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.

See also Use a domain user to monitor AppInsight for SQL through an agent.

Add AppInsight for SQL to nodes

With the credentials and permissions configured on the target SQL server, you can easily add
AppInsight for SQL to SQL servers through the Discovery Wizard or manually. An application monitor
(also called an "application") is created for the node, based on the AppInsight for SQL template. In the
Orion Web Console, the default name displayed for the application monitor is "MSSQLSERVER."

After AppInsight for SQL is assigned to a node, SAM polls for metrics including read and write latency,
index fragmentation, expensive queries (based on CPU time), SQL agent job status with logs,
capacity, and resource consumption for CPU, memory, and drive space.

To view monitored nodes, access the SQL Server page and specific SQL Server Details pages. See
Monitor with AppInsight for SQL for details.

The instance becomes enabled after the first poll, which may take a few minutes.

Add through the Discovery Wizard

Use the Discovery Wizard to add a new node and select AppInsight for SQL for monitoring.

1. Click Settings > Discovery Wizard.

2. In the Network panel, enter the IP addresses to scan and follow the onscreen instructions.
3. On the Applications panel, select the servers that you want to monitor. Only nodes with
supported versions of Microsoft SQL appear.
4. Click Next and complete the wizard as instructed.
5. Navigate to the All Applications widget and click your AppInsight for SQL application.

page 349
 The Enter Credentials page appears.

6. Enter your SQL credentials and select a port (or use default port).
7. Click Test to verify the credentials and configured permissions.
8. Click Assign Credential to save and complete configuration.

Add an SQL server as a node manually

When added, you need to select the appropriate Microsoft SQL server version from the AppInsight
Applications list.

1. Click Settings > All Settings > Add Node.

2. Enter the IP address or hostname for the SQL server. Select the polling method and continue.
3. On the Choose Resources panel, check the appropriate AppInsight Application for the SQL
server you will monitor.

4. Complete the steps, specifying metrics, custom polling engines, and other options, as desired.
5. Review and adjust any settings and click Add Node.

page 350
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

6. Navigate to the All Applications widget and click your AppInsight for SQL application.
The Enter Credentials page appears.

7. Enter your SQL credentials and select a port (or use the default port).
8. Click Test to verify the credentials and configured permissions.
9. Click Assign Credential to save and complete configuration.

Apply AppInsight for SQL to an existing node

For existing nodes, you can add AppInsight for SQL to a node by assigning the AppInsight for SQL
template to the node. See Assign templates to nodes manually to create application monitors.

Add AppInsight for SQL to a named SQL instance

A named SQL instance is a SQL server given a name consisting of the network name of the server
plus the instance name specified during installation. To monitor SQL named instances in SAM with
AppInsight for SQL, you need the Virtual IP (VIP) of the SQL server and the full name.

Before adding the server as a node, verify that credentials and permissions are configured on the
target SQL server.

To view monitored nodes, access the SQL Server page and specific SQL Derver Details pages. See
Monitor with AppInsight for SQL for details.

The instance becomes enabled after the first poll, which may take a few minutes.

Locate the VIP for the server

If you do not know the VIP, follow these steps to ping the server:

page 351
 1. Open a command prompt.
2. Ping the server name: ping NAME.
3. Make note of the returned IP address so you can use it to add the server as a monitored node.

4. Close the command prompt.

Add the node manually with AppInsight for SQL

With the VIP, add the named SQL instance as a node for monitoring. These instructions manually add
the node. You can also use the Discovery Wizard. For details, see Add AppInsight for SQL to nodes.

1. Click Settings > All Settings > Add Node.

2. Enter the VIP address for the SQL named instance for the Polling Hostname or IP Address.
3. Select a polling method, then select the polling engine for that node.
4. On the Choose Resources panel, check the appropriate AppInsight Application for the SQL
server you will monitor.

page 352
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

5. Complete the steps making selections as desired such as specific metrics or custom polling
engines.
6. Review and adjust any settings and click Add Node.
7. Navigate to the All Applications widget and click your AppInsight for SQL application.
The Enter Credentials screen displays.

8. Enter your SQL credentials and select a port (or use the default port).
9. Click Test to verify the credentials and configured permissions.
10. Click Assign Credential to save and complete configuration.

Add AppInsight for SQL to an active SQL Server cluster node

If your SAM environment includes clustered SQL servers, perhaps for high availability purposes, you
can use AppInsight for SQL to monitor active cluster nodes.

Before you begin, review AppInsight for SQL requirements and note these details about the Orion
agent for Windows:

l Agents do not work with AppInsight for SQL if the SQL server is monitored in a cluster.
l SQL clusters cannot be polled with domain credentials via the Orion agent because agents do
not work with AppInsight for SQL if the SQL server is monitored in a cluster.

page 353
First, identify the IP address of the cluster.

1. Use SQL Management Studio to connect to the instance that you want monitor .
2. Execute the following query to verify the target node and instance name:
SELECT SERVERPROPERTY('ServerName')

3. Determine the IP address of the target node.

Open a command prompt and ping the server: ping NAME. In the following example, ping
P111SQLV23 determined that the IP address was 10.1.70.123.

Next, add the node to the Orion Platform and assign AppInsight for SQL.

1. Click Settings > All Settings > Add Node.

2. Enter the IP address for the SQL cluster for the Polling Hostname or IP Address.
If the IP address represents a cluster, the node name of the active cluster member populates.

SolarWinds recommends changing the node name to something more easily understood
during the final step of the Add Node Wizard. For example, for this cluster you could enter
the name and (cluster): P111SQLV23 (cluster).

3. Select a polling method, then select the polling engine for that node.
4. In the Choose Resources step, select the AppInsight Application for the SQL server to monitor.

page 354
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

5. Complete the wizard to add the node for monitoring. The instance becomes enabled after the
first poll, which may take a few minutes.
6. Navigate to the All Applications widget and click your AppInsight for SQL application to display
the Enter Credentials page.

7. Enter your SQL credentials and select a port (or use default port).
8. Click Test to verify the credentials and configured permissions.
9. Click Assign Credential to save and complete configuration.

Edit the AppInsight for SQL template

The AppInsight for SQL template includes numerous component monitors to provide data about
monitored SQL instances. If you modify these settings and configurations in the template, the details in
AppInsight application monitors already assigned to instances update to match.

page 355
The primary reason to edit most SAM templates is to set general configurations such as polling
frequency, polling method, and thresholds for warning and critical states for monitored metrics before
assigning templates to nodes. The AppInsight for SQL template includes several component monitors
with default settings that cannot be modified due to dependencies. Also, you cannot add component
monitors to this template.

To monitor specific instances without using AppInsight for SQL, SolarWinds recommends
Monitor with other SQL application monitor templates.

See the SAM Template Reference for a list of component monitors included in this AppInsight
template. You can also select the template on the Manage Application Monitor Templates page and
click Edit to display component monitor details, and then make any necessary changes.

You may need to log in with an administrator account to edit templates.

To begin gathering metrics, assign the template to a SQL instance.

Customize AppInsight for SQL monitoring

In addition to editing the AppInsight for SQL template, there are many ways to customize AppInsight
for SQL monitoring, as described here.

l Customize widgets on the AppInsight for SQL Details page

l Set custom properties for a node
l Remove a database from an active AppInsight for SQL node
l Monitor with other SQL application monitor templates

Customize widgets on the AppInsight for SQL Details page

With administrator privileges, you can change the widgets that appear on an AppInsight for SQL
Details page. Each widget provides data configuration and display options, consuming data provided
by the template application and component monitors. Click here for details.

Set custom properties for a node

You can also set custom properties for the AppInsight for SQL application monitor assigned to a
specific node.

1. Navigate to the AppInsight for SQL Details page for a node.

2. Click Edit Application Monitor in the upper right-hand corner of the page.
3. Edit the Application Monitor as necessary and click Select resources as needed, then click
Submit.

Consider adding the node ID in the Application Monitor Name field so you can easily identify
this monitor later.

page 356
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Remove a database from an active AppInsight for SQL node

If you need to remove a database from an active AppInsight for SQL node, one way to do it is to
"unmanage" the node to halt polling and related alerts. To do so, navigate to the Node Details view,
click Unmanage in the Application Details widget, and specify an interval for the assigned application
monitor during which no statistics will be collected. For another workaround, see Hide Databases from
Appinsight for SQL via the All Databases widget.

When a database, node, or interface is "Unmanaged" in SAM, the element is not polled and
alerts are not triggered because the alert engine does not detect any change on the object.
However, if you create a new alert or edit conditions for an existing alert for an unmanaged
database/node/interface, the alert will be triggered and alert actions will occur because the
Orion Platform does not check to see if the element is unmanaged before running the alert, by
design.

To learn about continuing to gather statistics about a database, node, or interface while
blocking a flood of alerts, visit the SolarWinds online IT community, THWACK, and read Tips &
Tricks: Stop the Madness — Avoiding alerts but continuing to pull statistics.

Monitor with other SQL application monitor templates

To monitor specific nodes without using AppInsight for SQL, SolarWinds recommends using SQL
templates. For example, you may have a large amount of SQL database instances to monitor such as
a service provider with SQL instances per customer. To avoid performance issues, you may not want
an AppInsight for SQL running for each of these instances.

To monitor a SQL named instance, first add it as a standard node by navigating to the Manage Nodes
view, clicking Add Node, and providing required details.

Do not select the option for AppInsight for SQL for the node yet — you can apply a SQL Server
template on the Manage Templates page, as described next.

After adding the SQL named instance as a standard node, follow these steps to assign a SQL Server
template to the node.

1. Click Settings > All Settings > SAM Settings > Manage Templates.
2. Search or browse for SQL Server templates.
3. Select the SQL Server template you want to assign to SQL named instances to monitor. You
may want to assign multiple templates to the node. Assign these one at a time.
4. Once assigned, you can edit one or more templates by checking the boxes and selecting
MultiEdit.
5. Enter the SQL named instance for the SQL Server Instance.

page 357
 6. You can further modify the templates and application monitors as needed. Data captured
through the templates should display on the Node Details for those monitored nodes.

All component or application monitors in a template relate to the SQL named instance, not the
server. In Microsoft, the SQL server is a series of instances. These instances are default,
unnamed instances or specifically named SQL instances. An instance is an installed Microsoft
SQL in a specific directory path.

For a list of available templates, see the SAM Template Reference. See also SQL Named Instance
Monitoring.

Hide databases from AppInsight for SQL in the All Databases widget
These steps do not "unmanage" the database. They hide the database from appearing in the All
Databases widget, but the Orion Platform will continue alerting on the database. To prevent a
database from triggering alerts, unmanage the database on the Database Details page's
Management widget instead.

Follow these steps to prevent databases from appearing in the All Databases widget that is part of
AppInsight for SQL.

1. Navigate to the Management widget on the Database Details page and confirm that the
database is currently being managed.
2. Navigate to the AppInsight for SQL Details page for your SQL instance.
3. Record the last few digits of the applicationID in the browser URL. You'll need it for a later step.
Example: http://Solarwinds/Orion/APM/SqlBlack...NetObject=ABSA:168
4. On the Orion server, open Database Manager by clicking Start > All Programs > SolarWinds
Orion > Advanced Features > Database Manager

5. When the application loads, click Add Default Server

6. Expand the Orion Database to view tables for installed SolarWinds applications.
7. Locate the table 'APM_SqlBbDatabase'
8. Run the following query:
SELECT TOP 1000 * FROM [dbo].[APM_SqlBbDatabase] where applicationId = 168

9. Update the ApplicationID to match your Application ID you recorded during step 3.
10. Click "Enable table editing" above the Query text box.
11. Clear the check box in the Visible column for each database you want to hide in the All

page 358
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Databases widget on the AppInsight for SQL Details page.

12. Click 'Enable table editing' again to finish the editing session.

Use the DPA Integration Module with SAM

If your environment includes both SAM and SolarWinds Data Performance Analyzer (DPA), you can
use the DPA Integration Module (DPAIM) to:

l Visualize DPA data in AppStack.

l Establish relationships between applications monitored by SAM and database instances
monitored by DPA.
l Leverage SAM application monitor templates for DPA monitoring.

With SAM, you can monitor resources and other health aspects of a database, as well as track how
long queries take to execute. If queries are slow, you can use DPA to track what is happening within
the DBMS. For example, is it waiting on I/O, CPU, VM scheduling, or is it blocked by another query?
With this knowledge, you can resolve the problem instead of just knowing you have a slow query.

DPAIM is automatically installed with SAM, but is not active until it's configured. See Set up the
DPA Integration Module.

To learn more, see:

l View DPA data in the Orion Platform

l DPA and SAM integration with DPAIM
l SQL Server Two Ways: SAM AppInsight for SQL and Database Performance Analyzer

AppInsight for SQL alerts

AppInsight for SQL includes two predefined alerts:
l Alert me when my database file disk I/O latency is high
l Alert me when my database file is running low on space

page 359
Manage Asset Inventory in SAM
As you add hardware, software, and applications to your environment, your assets increase along with
the need to adjust the existing setup to expand and scale your infrastructure. To keep up, you must
proactively monitor hardware and application health, while at the same time maintaining an up-to-date
inventory of all your IT assets.

To handle these demands, you can use the Asset Inventory feature to maintain a current and detailed
inventory of a node's hardware and software, including both physical and virtual assets. This
information can also benefit those interested in tracking asset depreciation, gathering information for
insurance purposes, or managing and maintaining your infrastructure.

Additional benefits of the Asset Inventory feature include:

l Gain visibility into current hardware and software on a node.

l Track warranty information for critical hardware components.
l Be notified about important software, OS, and firmware updates.
l Monitor overall hardware life cycles and maintenance timelines.
l Determine when OS updates were applied to servers.

Data collected depends on the polling method used to collect data from nodes.

Here are some examples of Asset Inventory data displayed in the Orion Web Console:

page 360
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

SolarWinds SCM also supports Asset Inventory polling.

To start collecting Asset Inventory data:

1. Review Asset Inventory polling requirements.

2. Download and configure third-party agent software on servers. Click here for details.
3. Run Discovery to detect agent software and enable Asset Inventory polling across multiple
nodes automatically.

When you enable Asset Inventory polling for nodes, hardware health monitoring is also enabled for
those nodes automatically, although either feature can be used independently. Polling starts
immediately and results appear Asset Inventory subview of the Node Details view, and on other
pages. See Display Asset Inventory data in SAM or SCM for details.

Polling continues daily at the same time for all nodes initially. The next time you stop and restart Orion
services with the Orion Service Manager, the Orion Platform reschedules polling jobs at random times
throughout the day to avoid CPU spikes and reduce polling engine loads. You can adjust the polling
frequency, if necessary.

See also:

l Enable Asset Inventory polling for individual nodes

l Configure SSL certificate validation for target systems during Asset Inventory polling
l Remove Asset Inventory data collection
l Troubleshoot Asset Inventory polling issues in SAM
l Display the warranty status for physical servers in SAM

Asset Inventory polling requirements

This topic also applies to SolarWinds SCM, which supports Asset Inventory polling.

To configure SAM to collect Asset Inventory data, you need to:

l Download and install third-party software on supported servers. SAM uses standard protocols
such as SNMP and WMI to collect Asset Inventory data, but not all data is available natively from
an OS without installing the hardware vendor's required agent software. For example, if
Windows cannot recognize the serial number of a machine, SAM cannot determine the
machine's warranty status unless the vendor updates its agent software to extend APIs and
gather additional data.
l Enable the Asset Inventory feature for nodes.

SAM can also collect warranty data, display it on the SAM Summary page, and notify you about
pending expiration dates, see Display the warranty status for physical servers in SAM.

page 361
Supported physical servers

SAM supports Asset Inventory data collection for the following systems. Additional servers may be
supported with a limited amount of data returned by polling.:

l Dell servers with OpenManage Server Administrator Managed Node 7.2 or later
o Including Dell M1000e and Dell PowerEdge M610, R210, R610, R710, R900, 1950, 2850,

2950, 2970, and 6850

l HPE BladeSystem servers with HP System Insight Manager 6.2 or higher
o Including HP C3000 and HP C7000

l HPE ProLiant Gen10 servers with SIM 8.0 or later (via SNMP protocol only)
o Including DL320 G4, DL360 G3, DL360 G4, DL380 G4, DL380 G6, and ML570 G3

HP WBEM providers are required for HP servers polled via WMI.

l IBM servers with IBM Director (Common Agent, 6.3 or higher)

o Including System x3550, System x3550 M2, System x3550 M3, System x3650, System

x3650 M2, System x3650 M3, x3850, and eServer 306m

IBM ServeRAID Manager software must be installed on IBM X-Series servers to

display storage hardware health information.

Supported operating systems and protocols

Operating system Protocol

Windows SNMP, WMI

Linux SNMP

AIX v7 and higher SNMP

Supported versions of VMware CIM, VMware API

Use ICMP for VMware nodes not polled via CIM

or VMware API.

VMware API for ESX/ESXi hosts polled via HTTPS

vCenter

Ports used during Asset Inventory polling

Port Protocol Service/Process Direction Notes

page 362
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

135 TCP Microsoft EPMAP Bidirectional WMI agentless polling. WMI uses port 135 to
(DCE/RPC initiate communication with a remotely managed
Locator service) host, then switches to random port between
1024 and 65535. Click here for details.

161 UDP SolarWinds Job Outbound SNMP agentless polling

Engine v2

445 TCP File and Printer Bidirectional WMI agentless polling. Used to copy VBScript to
Sharing (SMB-In) check for Windows updates.

Enable Asset Inventory polling for multiple nodes in bulk

This topic also applies to SolarWinds SCM, which supports Asset Inventory polling.

As described in Manage Asset Inventory in SAM, Asset Inventory polling is automatically enabled for
any node that meets Asset Inventory requirements during Discovery. You can also enable Asset
Inventory polling for individual nodes.

To enable Asset Inventory polling for a large group of nodes (for example, after you set up third-party
software on a group of nodes), run a Discovery to "re-import" the nodes. This will not affect anything
currently monitored, but Asset Inventory will be enabled on all hosts it's applicable to during the import
process. See Enable Asset Inventory in bulk for details.

To disable Asset Inventory polling across all nodes, see Remove Asset Inventory data
collection in the Success Center.

Enable Asset Inventory polling for individual nodes

This topic also applies to SolarWinds SCM, which supports Asset Inventory polling.

As described in Manage Asset Inventory in SAM, Asset Inventory polling is automatically enabled
during Discovery for nodes that meet Asset Inventory requirements. Polling begins immediately.

You can also enable this feature when adding a single node for monitoring.

1. Click Settings > Manage Nodes.

2. Click Add Node.
3. Provide information on the Define Node page, and then click Next.

page 363
 4. On the Choose Resources tab of the Add Node wizard, select the Asset Inventory check box.

5. Complete the remaining pages in the wizard to finish adding the node.

To enable Asset Inventory for an existing node:

1. Navigate to the Node Details view by clicking a node.

2. In the Management widget, click List Resources.
3. Select the Asset Inventory check box, and then click Submit

To disable Asset Inventory data collection for a node later, clear the Asset Inventory check box.
To disable Asset Inventory across all nodes, see Remove Asset Inventory data collection in the
Success Center.

Display Asset Inventory data in SAM or SCM

This topic also applies to SolarWinds SCM, which supports Asset Inventory polling.

After you set up third-party software on supported servers and enable the Asset Inventory feature for
nodes, polling occurs and collected data appears in several areas of the Orion Web Console,
including the Asset Inventory subview of the Node Details view.

page 364
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

To display Asset Inventory data gathered for an individual node:

1. Navigate to the Node Details view for the node.

2. Click the Asset Inventory option in the left menu.

page 365
Display the warranty status for physical servers in SAM
This topic also applies to SolarWinds SCM, which supports Asset Inventory polling.

After you set up third-party software on supported servers and enable the Asset Inventory feature for
nodes, polling occurs and collected data appears in several areas of the Orion Web Console, such as
the Asset Inventory subview of the Node Details view. You can also collect warranty status of physical
servers in your environment for Asset Inventory-enabled nodes.

Periodically, SAM sends API queries to Dell, HP, and IBM warranty validation servers to collect data
for display on the SAM Summary page. You can also enable an optional predefined alert, "Alert me
when a node warranty expires in 30 days".

Unlike daily Asset Inventory polling, warranty data is polled on various schedules, via API queries, to
avoid overtaxing polling engines. When you first enable Asset Inventory polling for a node, SAM polls
for warranty data immediately. After that, SAM follows these schedules:

For nodes with warranties that... SAM polls for data every...
Expire after 1 year 60 days

Expire within 1 year 30 days

Expire in 45—90 days 15 days

Expire in 30—45 days 7 days

Expired up to 10 days ago, or are due to expire within 30 days 24 hours

Expired between 10 to 60 days ago 30 days

No polling occurs if node warranty remains expired for more than 60 days.

To display the latest warranty data for servers:

1. Click My Dashboards > Applications > SAM Summary.

2. Scroll down to the Server Warranty Summary widget, as shown here.
3. If a warranty expiration date crosses a Warning or Critical threshold, progress bars appear as
yellow and red, respectively. Click Edit to customize threshold values as well as filter the
warranties to display.

page 366
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Adjust the Asset Inventory polling frequency in SAM

This topic also applies to SolarWinds SCM, which supports Asset Inventory polling.

After you set up third-party software on supported servers and enable the Asset Inventory feature for
nodes, the Orion Platform executes polling jobs immediately and then continues polling at the same
time each day until you restart Orion services, at which point polling jobs are rescheduled at random
times throughout the day to reduce loads on polling engines.

Polling uses less than 100 KB of database space per node. For an environment with 1,000 servers,
that translates to just under 100 MB of disk space. If you find that Asset Inventory polling strains your
polling engine(s), you can adjust the polling interval to suit your needs. Generally, Asset Inventory
data does not need to be collected with the same degree of regularity as status information because
data doesn't change often.

Another alternative is to add an Additional Polling Engine (APE), as described in the Scalability
Guidelines for SolarWinds products.

To change the frequency of Asset Inventory polling:

1. Click Settings >All Settings.

2. Under Thresholds & Polling, click Polling Settings.

page 367
 3. Adjust the Default Asset Inventory Poll Interval.

The minimum value is 1 day.

4. Click Submit.

Configure SSL certificate validation for target systems

during Asset Inventory polling
This topic also applies to SolarWinds SCM, which supports Asset Inventory polling.

By default, SAM ignores warnings that occur when validating SSL certificates on target systems
during Asset Inventory polling. You can update that setting so users are prompted to verify untrusted
connections before proceeding.

1. Log into the Orion Web Console as an administrator.

2. Use the Orion Service Manager to stop the SolarWinds Collector Service.

3. Navigate to the following default folder: C:\Program Files

(x86)\SolarWinds\Orion\AssetInventory\

4. In a text editor, open SolarWinds.AssetInventory.Collector.dll.config

5. Under <appSettings>, change the AssetInventoryVerifyServerCertificate value to
"true":
<add key="AssetInventoryVerifyServerCertificate" value="true" />

6. Save your changes.

7. Restart the SolarWinds Collector Service.

page 368
ADMINISTRATOR GUIDE: SERVER & APPLICATION MONITOR

Troubleshoot Asset Inventory polling issues in SAM

This topic also applies to SolarWinds SCM, which supports Asset Inventory polling.

This section provides additional information about the Asset Inventory feature.

l The Orion Platform uses standard protocols such as SNMP and WMI to collect Asset Inventory
data, but not all information is available natively from an OS without installing the hardware
vendor's required agent software. For example, if Windows cannot recognize the serial number
of a machine, then SAM cannot determine the machine's warranty status unless the vendor
updates its agent software to extend APIs and gather additional data. See Third-party software
required to collect Asset Inventory information in SAM.
l If expected asset data does not appear for a node that hosts an Orion agent, check the agent
configuration.
l Internet Information Services (IIS) use drivers and other “non-software” records that may cause
duplicate records to be displayed in the Orion Web Console and saved to the Orion SQL
database.
l If multiple registry keys share the same display name, filter by display name, version, and related
Windows updates so only records for a specific asset appear in the Software Inventory widget
and are saved in the Orion database.
l WMI polls many WMI classes and registers for asset data. For the Software Inventory widget,
SAM polls information from the following registry branches:
o SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
o SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

The following Success Center articles contain additional tips:

l Asset Inventory polling of Windows updates via WMI may stop processes on monitored
machines
l Asset Inventory polling does not show all installed software on Linux hosts
l Asset Inventory does not provide manufacturer, model or serial number
l Warranty status displays as Unknown for HP servers in the Asset Inventory widget
l Object Identifiers (OIDs) used by SAM to poll for Asset Inventory data via SNMP

The SolarWinds online IT community, THWACK, also includes information about Asset Inventory
polling.

page 369