This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

WMI effect on legacy servers during NPM discovery

I don't know if I'm posting this in the proper area.  I haven't used this before, but here goes...

We currently have a number of Windows Server 2003 systems running legacy apps and Windows Server 2008 servers in our environment.  We are preparing a Server 2012 R2 VM for a new installation of NPM SLX v12.0.1 and SAM (clean, new install and new database on separate server - not an upgrade).  I have been told that Server 2003 systems and "unpatched" Server 2008 systems can have major problems during the NPM network discovery process due to WMI maxing out their memory.  Here is a Technet KB post about the issue, but it does not directly relate to NPM scans: https://blogs.technet.microsoft.com/askperf/2014/08/11/wmi-high-memory-usage-by-wmi-service-or-wmiprvse-exe/.  I was advised in a SolarWinds training course some months ago that I SHOULD NOT include these systems in a network discovery scan using WMI because of the potential for problems with these production servers, but I do need to monitor them using NPM and would like to determine whether there is a way they can be safely added with a discovery scan.

I have two sets of questions:

1)  For the 2008 servers, what's the definition of "unpatched" as it relates to this issue?  Our user community runs some systems 24/7 and, although they have received some patches, we have some with patches that need to be installed once we can schedule the downtime.  Does anyone know what patch(es) resolved the WMI memory problem so we can see if we are good to go?

2)  How can we protect our Server 2003 and any "unpatched" 2008 servers during a NPM network discovery scan while still allowing the scan to add them to our NPM environment?  For example, would the solution be to simply disable WMI temporarily on the 2003 and 2008 servers and, if we did, would that be the best way to handle it?  Would NPM still add them to the environment automatically during a discovery scan (perhaps using ICMP)?  Is there a better way?

I know we need to do away with our legacy servers and patch our others.  We are working on that part of it.  In the meantime, any help/advice you could provide would be most appreciated.

Thanks.

  • I don't think I've heard of this being an issue by itself, but you can add criteria for what you do/don't want to monitor via AD, if that works. If you are concerned about WMI scans in specific you could optionally add them to NPM and scan them via SNMP for the 2003 servers unless you require something specific for WMI polling? There are differences but it depends on how you want to split the baby.