    Network Monitor False Down Alerts at Night


      I'm having a problem with Network Monitor under V9.  I am getting frequent down alerts (and the subsequent pages) from Network Monitor after hours, usually between 10PM and 6AM.  It seems to be limited to 3 or 4 specific servers.  I've confirmed that these servers are not actually down.  I looked at the FAQ for this problem on the solarwinds site and have done the following to troubleshoot:

      • increased the ICMP timeout to 5000 milliseconds
      • traceroute between management station and servers is low (2 hops <1ms)
      • the route from management station to suspect servers is not blocked
      • ping response from these servers is normal and in the same range as the other 30+ servers.
      • the duplex matches between the switch port and the server NIC
      • the switch ports for these machines are not reporting FCS, CRC or alignment errors

      And again, these servers do not throw alerts during the day.  This happens only after hours.  I have not noticed any unusual network activity during this time that would be a problem, though I'm not sure I know exactly what to look for.  The only significant network activity during that time is from the backup system.  I'd think if it were backups causing congestion, I'd see false down on a random assortment of monitored devices, not just the same 3 or 4 machines.

      So my working theory at this point is that Network Monitor is spiteful and just doesn't like me.

      Any other suggestions?  I'm stumped.


          I would run an extended ping from the same server that your solarwinds is running from to eliminate the monitor itself.  It's possible network congestion IS actually slowing down your network at night (some of our massive backups slow my pings to my cores to 14ms and I get the same kind of alerts, but I know to expect them at midnight).  If the pages themselves bother you setup a pskill to stop monitoring during those times and schedule a time to bring it back up.

            Hello,  I am wondering if you are/were running a network inventory job through the NCM during the time in which you are/were getting these false alerts.  I am finding that whenever this job runs, i to, get false alerts.

                Sorry to say, but no, I'm not.  I will say that I still get these false alerts periodically, but far less than before.  What changed?  I don't know.  Nothing that I can point to as a possible cause.  In a few instances I replaced the NIC at the server end, which seemed to improve things for that specific server.  In other locations, replacing the switch at the edge IDF did the trick.    I never did figure it out.