Documentation forServer & Application Monitor

AppInsight for IIS requirements and permissions

Review the requirements and permissions before configuring AppInsight for IIS nodes in your environment. AppInsight for IIS data is collected at the same default 5-minute polling interval as other application monitor templates.

Following are AppInsight for IIS requirements for nodes:

  • Administrator rights or equivalent credentials to IIS servers are needed for configuration. Non-administrative permission for polling is possible if using the optional Orion Agent for Windows.
  • PowerShell 2.0 or later is installed. See Set up PowerShell on target servers in SAM.

    Your organization should internally review and assess to what extent PowerShell is incorporated into your environment. This is especially important when importing scripts from third parties, including content posted by other customers in the SolarWinds online IT community, THWACK. To learn more, see PowerShell security considerations.

  • WinRM is enabled with a startup type of Automatic. See Enable remote access for PowerShell with WinRM.
  • Starting in SAM 2020.2, AppInsight for Exchange uses WinRM as the default polling method. If upgrading from an earlier SAM version, see Configure WinRM polling on target nodes to update existing nodes.

    An alternative to using WinRM is to use AppInsight for IIS with an Orion Agent. See this THWACK blog for details.

  • Supported OS and IIS versions include:

  • Microsoft OS IIS version

    Windows Server 2008

    IIS 7.0

    Windows Server 2008 R2 and Windows 7

    IIS 7.5

    Windows Server 2012 and Windows 8

    IIS 8.0

    Windows Server 2012 R2 and Windows 8.1 IIS 8.5
    Windows Server 2016 and Windows 10 IIS 10
    Windows Server 2019 and Windows 10 IIS 10

If a prerequisite is missing, AppInsight for IIS goes into an Unknown state.

Port requirements

The IIS server must have the following TCP ports open on the managed nodes.

Technology TCP port Notes
RPC Endpoint Mapper 135 Used to establish WMI/RPC connections to the remote computer. RPC is required to gather performance counter data via the ASP.NET resource.
WMI 1025 - 5000 or 49152 - 65535 By default, Windows uses a random port from these ranges for WMI communications. The default port range differs based on the OS so you'll need to create a firewall exception on the remote computer.
PowerShell 5986 A secure listener hosted in the WinRM service.
HTTP At least one port mentioned in the bindings of a site. If the connection is not allowed, the HTTP Monitor is hidden.
HTTPS At least one port mentioned in the secure bindings of a site. If the connection is not allowed, the HTTPS Monitor is hidden.
SSL At least one port mentioned in the secure bindings of a site. If the connection is not allowed, the SSL Certificate Expiration Date Monitor is hidden.
SMB (Windows Shares) 445 Used for Site Directory Information and Log Directory Information.