AppInsight for IIS requirements and permissions
Review the requirements and permissions before configuring AppInsight for IIS nodes in your environment. AppInsight for IIS data is collected at the same default 5-minute polling interval as other application monitor templates. If a prerequisite is missing on a target server, application monitors go into an Unknown state.
Following are AppInsight for IIS requirements for nodes:
- Administrator rights to IIS servers are needed for configuration, but not required for polling if you use the optional Orion Platform Agent for Windows. When you deploy agents to target servers, they are automatically registered with the Orion server as managed nodes, polling occurs directly on the target server, and agents transmit encrypted data to the Orion server.
- Set up PowerShell on target servers in SAM.
Your organization should internally review and assess to what extent PowerShell is incorporated into your environment. This is especially important when importing scripts from third parties, including content posted by other customers in the SolarWinds online IT community, THWACK. For details, see PowerShell security considerations.
- WinRM is enabled with a startup type of Automatic. See Enable remote access for PowerShell with WinRM.
- AppInsight for IIS uses WinRM as the default polling method, but you can also use Orion Platform agents for polling. See THWACK for details.
Supported OS and IIS versions include:
|Microsoft OS||IIS version|
Windows Server 2008
Windows Server 2008 R2 and Windows 7
Windows Server 2012 and Windows 8
|Windows Server 2012 R2 and Windows 8.1||IIS 8.5|
|Windows Server 2016 and Windows 10||IIS 10|
|Windows Server 2019 and Windows 10||IIS 10|
The IIS server must have the following TCP ports open on the managed nodes.
|RPC Endpoint Mapper||135||Used to establish WMI/RPC connections to the remote computer. RPC is required to gather performance counter data via the ASP.NET resource.|
|WMI||1025 - 5000 or 49152 - 65535||By default, Windows uses a random port from these ranges for WMI communications. The default port range differs based on the OS so you'll need to create a firewall exception on the remote computer.|
|PowerShell||5986||A secure listener hosted in the WinRM service.|
|HTTP||At least one port is included in the site bindings.||If the connection is not allowed, the HTTP Monitor is hidden.|
|HTTPS||At least one port is included in the site bindings.||If the connection is not allowed, the HTTPS Monitor is hidden.|
|SSL||At least one port is included in the site bindings.||If the connection is not allowed, the SSL Certificate Expiration Date Monitor is hidden.|
|SMB (Windows Shares)||445||Used for Site Directory Information and Log Directory Information.|