AppInsight for IIS requirements and permissions

Review the requirements and permissions before configuring AppInsight for IIS nodes in your environment. AppInsight for IIS data will be collected at the same default 5-minute polling interval as other application monitor templates.

Use the free Remote Execution Enabler for PowerShell tool to configure secure WinRM across the Orion server and target servers. See this THWACK article for details.

Following are AppInsight for IIS requirements for nodes:

  • PowerShell 2.0 or later must be installed. Ensure the WinRM service is running and the Startup Type is set to Automatic. See Use PowerShell in SAM for details.
  • Administrator rights or equivalent credentials to the IIS server being monitored are needed for configuration. Non-administrative permissions for polling and monitoring is only achievable using the optional Orion Agent.
  • IIS 7.0 or later must be installed
  • AppInsight for IIS supports the following OS and IIS versions:

  • Microsoft OS Supported IIS version

    Microsoft Server 2008

    IIS 7.0

    Microsoft Server 2008 R2 and Windows 7

    IIS 7.5

    Microsoft Server 2012 and Windows 8

    IIS 8.0

    Windows Server 2012 R2 and Windows 8.1 IIS 8.5
    Windows Server 2016 and Windows 10 IIS 10

If a prerequisite is missing, AppInsight for IIS goes into an Unknown state.

AppInsight for IIS technologies and ports

The IIS server must have the ports open on the managed nodes.

Technology Port Notes
RPC Endpoint Mapper TCP port 135 SAM uses this port to establish WMI/RPC connections to the remote computer. RPC is required to gather performance counter data via the ASP.NET resource.
WMI TCP ports 1025 - 5000 or TCP ports 49152 - 65535 By default, Windows uses a random port from this range for WMI communications. The default port range differs based on the OS so you'll need to create a firewall exception on the remote computer.
PowerShell TCP port 5986 A secure listener hosted in the WinRM service.
HTTP TCP, At least one port mentioned in the bindings of a site. If the connection is not allowed, the HTTP Monitor is hidden.
HTTPS TCP. At least one port mentioned in the secure bindings of a site. If the connection is not allowed, the HTTPS Monitor is hidden.
SSL TCP. At least one port mentioned in the secure bindings of a site. If the connection is not allowed, the SSL Certificate Expiration Date Monitor is hidden.
SMB (Windows Shares) TCP port 445 Used for Site Directory Information and Log Directory Information.