As a new user to Orion, I slowly but surely trying to implement Orion in our (industrial control) environment. When I want to monitor a particular process, I can't seem to get it to work as I would expect it to. Maybe I am doing something wrong, but this is the process I've tried a few times now:

We have a number of machines added and monitoring using WMI credentials. These credentials have been hardened (e.g. no remote desktop and/or write permissions). Using these credentials I can start the Real-Time Process Explorer and select the application/process I want to monitor:

Selecting the Start Monitoring option I create a component monitor:

and subsequently an application monitor:

The application monitor gets created successfully, but after it's initial poll, the application monitor will go into a Down state. I've kept one of these monitors running for a week and the best I got is a warning going into Unknown state and then again a Down state. In the above setup, this is the result I get (stating the process was not found) with the Real-Time Process Explorer alongside showing the same process running multiple times, including the original PID (4620) I selected:

I've erased the hostname from the screenshots, but all actions were performed on the same hosts. What am I doing wrong here? I was looking into the direction of the credentials, but these point to the inherited credentials as per default:

Some additional info:

• When I switch to RPC polling, I get the following error: Network connection failed. HResult: The specified object is not found on the system. Error: Unable to connect to the specified computer, or the computer is offline.
• We are not using DNS. For this particular host, the hostname was either resolved through WMI or I have changed it manually.
• Hosts (including Orion) are in a restricted network environment with no access to Internet.

Hopefully someone can point me in the right direction..

Small update, when switching back to WMI, I get the following (more descriptive) error for the component monitor: Server unavailable using WMI. Unable to connect to "10.11.13.37" for WMI access. Unable to connect to server "10.11.13.37" as user "mon_admin".  (I changed the IP address for anonimity)

The real-time process explorer however still works fine with the same inherited credentials.

Is there any way to monitor the accessibility of a shared folder in Windows and Alert if it becomes inaccessible, I can't currently find a SAM Template for this,

Thanks in advance,

John

Hi there,

I'm part of a health organization that uses Orion to manage our PC endpoints. We have a number of "cart" PCs that are meant to be available in perpetuity and run a specific UI program to ensure ease of use. SolarWinds handles monitoring both of these things capably (we assign each cart PC a node and use SAM to keep tabs on the UI program process).

Currently, however, we're running a custom WMI script through Windows task scheduler to keep track of USB devices - the carts have some telecom functionality and need USB audio and video peripherals. The script runs every 5 minutes or so and fires off an email if the specified USB devices aren't discovered. This works, but we'd prefer if all aspects of our device monitoring were handled through one interface. So we were wondering if SolarWinds had either the capability to incorporate the recurring WMI query or if it had an innate function that achieved the same effect. Any clarification you could provide would be helpful. Thanks in advance!

Hi everyone,

I just noticed something odd in one of our Solarwinds logs (APM.BusinessLayer). I don't know if this is normal behavior or if there is an underlying issue. The following message shows up all throughout the log:

2018-02-24 00:39:20,434 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 00:39:20,450 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 00:40:13,153 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 00:45:11,053 [168] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 00:50:13,235 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 00:55:12,582 [167] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:00:13,309 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:05:13,125 [161] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:09:20,470 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:09:20,470 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:09:20,470 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:09:20,470 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:09:20,470 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:10:13,392 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:15:13,439 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:20:13,487 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:25:13,534 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:30:13,582 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:35:13,629 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:39:20,505 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:39:20,505 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:39:20,505 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

2018-02-24 01:39:20,505 [Scheduler] INFO  SolarWinds.Orion.Core.Common.ModuleLicense - Licensing was reset.

Does anyone know if this is normal?

Hi,

i know how to monitor and alert on 2 windows services across 2 servers, then I can start or stop a service on one of the servers depending on what the scenario is.

But how do i get it to start one service on one server wait a poll then if it hasnt manged to start it, start the service on the other box.

executing an external program using the below is very specific

APM\APMServiceControl.exe 681069 -c=STOP

can i use the escalation levels in the alert or is that just for if noone acknowledges it.

Is there a way to populate Statistic data from multiple components into one 1 email alert?

I currently have an application monitor monitoring two components. One is a WMI monitor monitoring the number of blocked processes of a SQL DB, and the other is custom SQL that outputs the block and blocker. I would like one have 1 email alert, with all the information in this screenshot.

Thank you!

I'm looking for an SQL/SWQL query or Report that will  show all muted and/or unmanaged entities in Orion with from and to dates and the user name that has made this configuration.  Currently I have two separated reports. One provides all the audit events for unmanaged and muted entities for the last year.  The other report identifies all unmanaged nodes, interfaces and applications from Orion.  What is really needed is a way to create a single view / join to take the current unmanaged / muted inventory an add the user detail from audit to output.  If this report exists already somewhere in Orion, or if someone has solved this already please point me in the right direction.  It would seem that a report showing all muted entities and by whom. would be something all Orion Admins would find beneficial.  Thanks!  As a side note, my current unmanaged device and application report has my entities grouped by the custom field Department.  

We have several monitors that won't let us look at the Component Details because it just sits on Loading.  Has anyone had this issue and are there possible solutions around this?

We're currently on SAM 6.3.0

Orion Platform 2016.2.100

The SAM engineering team is currently researching Cisco UCS Monitoring, but we need your help. There are numerous different models and countless hardware configuration variations and there's simply no way SolarWinds can test them all without your help.

We're currently seeking volunteers willing to perform SNMP MIB walks against their Cisco UCS chassis. These MIB walks will be used internally for research and validation purposes exclusively. As we get closer to development, these will also ensure that any UCS hardware monitoring features developed will work properly with your servers! If you have Cisco UCS equipment in your environment and would like to see improvements in Orion's UCS monitoring, we strongly encourage your participation.

What we need:  An SNMP MIB walk using the tool provided from any/all your Cisco UCS chassi(s). That's right! If you have multiple UCS Chassis, we would welcome MIB walks from each of them.  The tool is fairly simple and straightforward to use. Enter the IP address of the Server running the agent as well as the community string and click "scan".

Alternate method: If you'd prefer to use NET-SNMP instead of the tool provided above you can download and install NET-SNMP from http://net-snmp.sourceforge.net/

• Win32 binaries are available here: http://sourceforge.net/projects/net-snmp/files/net-snmp%20binaries/5.5-binaries/net-snmp-5.5.0-1.x86.exe/download

• Run this command from “installation directory/bin/”: snmpwalk -v 2c -c public -O netU 127.0.0.1 1 > output.txt
(change the IP address and community string accordingly, and don’t forget there is 1 after IP address. It means it will scan whole SNMP tree)

What Now: Both methods will generate a single file per server containing a complete MIB walk of the device. We recommend naming this file the model of the UCS chassis that was scanned. For example "UCS5108.txt".

These files can then be posted here in this thread in response to this posting as an attachment. If you're concerned about the potentially sensitive information contained in the MIB file I recommend zipping the files and password protecting them before posting. You can then PM me the password. All posted MIB walks in this thread will be deleted after being collected.

Alternatively, if you're not comfortable posting the MIB walks here or if they're too large, please PM me and I'll provide you instructions for sending them to me directly or you can email them directly to me at the email address below. The more people who participate, and the more UCS chassis we receive MIB Walks for, the more likely we will be able to deliver improvements to Orion's UCS monitoring capabilities. We encourage everyone who owns a Cisco UCS chassis to participate and appreciate your willingness to help.

THWACK team, and Forum members,

I have several severs across a large area. I am using WMI to monitor them and have several things that I track, but the other day I was asked to track uptime on all of the servers so that service owners can be notified at a particular time that their system(s) have reach a threshold for restart (Yellow status light) and if it continues to go past another specified amount of time, it will be determined to be critical (Red status light).  There may be requests down the road to group by service.  I am curious as I have done some research of the Thwackknowledge base and the all-knowing Google in general, but I have not seen an easy way just to add that to a dashboard as a module, or seen a way to create it.

Just for a bit of background, I currently monitor the 'up/down' status of most of my systems and appliances by location, by program, & by connection.  On my servers I also monitor CPU Load, Memory, Volume Usage, & down nodes. my current system  is running: Orion Platform 2015.1.3 / NPM 11.5.3 / SAM 6.2.3 / NTA 4.0.3 / IPAM 4.1 / UDT 3.0.2 / QoE 2.0 / VNQM 4.1 / IVIM 2.1.1 / DPA 10.0.1.  I have only been doing this for a little over half a year (still a newbie), and would like some help or advice on how I can accomplish either by creating a module, or if it is out there finding one that is already created.

I appreciate any assistance you all can offer.

I'm running the query below to return the number of times an eventlog has appeared in the last 5 minutes. This will return an accurate number. I've tested this from the Orion server's powershell terminal against all my servers and it works. However when I run it via the integrated powershell monitor in APM (4.0.1) I get the error below. The issue is that I've done all the steps necessary. I got that error locally in the terminal until I enabled PSRemoting and added the computer to the trustedhosts. Anyone have any idea:

Get-EventLog Application -ComputerName <remote-server-ip-address> -message *someString* -entrytype Error | where {$_.eventID -eq ####} | where {$_.TimeGenerated -gt (get-date).AddMinutes(-5)} | Group-Object EntryType | Format-Table Count -HideTableHeaders

I put my server's IP address in the monitor
I put my real string I'm searching for after "-message"
I put the real eventid I'm searching on

Below is the error I'm getting when I test the Application Monitor via the web console:

---------------------------------------------
Testing on node N1G6DB2 WAN (0.117): failed with 'NotAvailable' status
Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
---------------------------------------------

I've tried checking the https box and not checking it. I'm using V2. I confirmed my servers use that version ($host.version). the Orion server and the others are both Windows Server 2008 R2 x64. If I run either of the following queries I can see that TrustedHosts is set to "local" which means all servers in the same workgroup will work (this is our case as there's no domain). And it does work now if I run locally on the Orion server's powershell terminal.

(A) Set-Item WSMan:\localhost\Client\TrustedHosts

or

(B) winrm get winrm/config

If you haven't noticed, yes this is my attempt to find a script that can query for the exact number of times an event has occured since the last polling cycle. So far it works great if I run it directly on the server, just not via the web.

I am trying to monitor  task scheduler jobs on windows server. How can I do that. I tried using tempalate windows task scheduled tasks but somehow it doesnot lead me to the application and component monitor. I am using SAM 6.2.2.

Please asssist.

  I have scoured the form and have read several great BGP discussions around alerting, however, I have yet to find my answers.  The problem today is when BGP changes our NOC gets the syslog alert.  Because the information is limited in the alert they have opened tickets with the wrong carrier.  To prevent this from happening we want to include the circuit ID we have on all our router interfaces that peer with our BGP providers.

  We use syslog alerting and love the instant emails we get when BGP flaps.  The problem with syslog alerting is the limited macro ability to include more detailed information.  Our thoughts were to have a trail email come in from the triggered BGP event, but not sure if this is the right route to go. 

  One of the postings I read by alexslvKnow Your Routing Neighbours has a great sql piece for a BGP report we could add to our NOC page, but I don't know how I can add my interface descriptions for the BGP interface.  Since I am not the greatest at SQL I was hoping someone could help.  All our routers have the same description with a different circuit ID, like "MPLS".  It would be great if I could use superfly's SQL piece to include the interface description of the neighbor whose BGP status changed.  So if router x with interface Gi0/0/0 and peering IP of 192.168.2.1 state changes, add it to the table with the status.

  If the above isn't possible has anyone worked any voodoo to get there interface descriptions included in their BGP alerts.  This will be very helpful for when our NOC has to open tickets if BGP status changes

Thanks in advance,

Bret

So I think I am just being dumb here.  I am looking for what has to be done to a node to allow WMI to communicate between the node and Solarwinds but can't find the requirements page - kind of like the steps to add IIS.  We are working on on-boarding some new servers and just need this information that I can't seem to find.   Thanks Thwackers!!! - Dave

How to monitor application like Novelvox/JCP/in10s  which monitoring template not created by default  in solarwind.?

What language support solarwind for monitoring templates?

Thanks

Nikunj

I have been noticing a lot of EventID 2006 entries in the Application Event Logs of our 40 core Dell R910 servers.  These machines run Windows 2008 R2 Enterprise SP1.

"Unable to read Server Queue performance data from the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information."

I believe these are coming from the Orion polling engine, as it seems to be a 32-bit process.  This KB article from Microsoft seems to explain what I'm dealing with: 32-bit application cannot query performance "Server Work Queues" counters on Windows Server 2008 R2-based computer that has more than 32 processors

My guess would be that Orion encounters this issue when doing the individual CPU core polling for the machine view in Managed Nodes.  For these systems, SAM only finds data for the first 32 cores.  I thought at first that it was some limitation of the chart type and forgot about it a long time ago, but now I'm not so sure.

Is this a known issue with Orion SAM and many-core machines? 

I work in an environment where we deploy McAfee HBSS on our servers. It seems like the application put a lot of load on my SolarWinds servers. How can I monitor this and provide reports for my VM and Security teams.

Thanks

Hi All,

I'm trying to use HTTP POST to post a few variables from an alert, but the URL that I am trying to post to requires authentication. Can someone please tell me how to pass the credentials n the post message here?

Hello,

I would like to change volume (disk) status when the free space available of a volume is less than 5%. Is there any way to do this ?

When I configure an alert for this purpose, I cannot used "set custom status" in "trigger actions" tab as it seems to be dedicated to node objects. Is that correct ?

Thank you for your help.

Nolan