Other protocols monitoring - SMB

In the SMB section you set parameters specific to monitoring SMB-based software services.

General

Depending on the authentication methods used in the network, you may need to make configuration changes for SMB analyzer.

To configure and enable SMB monitoring:

  1. Define minimum realized bandwidth threshold. This option defines the acceptable transfer rate or throughput of server data when the transfer attempt occurred. If the monitored transfer rate falls below the specified threshold value, the operation is flagged as slow.
  2. Optional: Enable file name extensions. Enabling this option allows you to more precisely report on the path statistics by file type. The file name extensions are grouped and metrics aggregated based on discovered names. For example *.zip and *.pdf extensions produce metrics for just these types of files. If this option is not set, then all files are aggregated under a single file name of *.* . Also, files without an extension are aggregated under *.* .
  3. Set the path depth.
  4. Optional: Create a mapping of Kerberos realms to Windows domains. If you use NTLMSSP authentication, no additional configuration is required. When Kerberos authentication is used, the domain name is resolved by checking the realm field in the Kerberos command. It is possible to configure mappings between Kerberos realms and Windows domains. For this purpose, fill the table located in Global  ► Other Monitoring Settings  ► SMB.
    1. Create a new mapping entry. Right-click the conversion table and choose Add or Open.
    2. Enter the mapping values. In the dialog Kerberos Realm to Windows Domain Name Mapping, enter the name of the Kerberos realm in the Realm field and the name of corresponding Windows domain name in the Domain field. For example, a user within THECITY.COMPANY.CORP Kerberos realm is a member of THECITY Windows domain.

Example: Kerberos realm to Windows domain mapping

  1. Click OK to confirm your changes.
  2. Optional: Create a software service for the Kerberos analyzer. If you are using the Kerberos protocol to authenticate users on the network, you must create a separate software service based on the Kerberos analyzer.
  3. Initiate monitoring of SMB traffic. To activate monitoring of the SMB protocol, a dedicated software service must be active on the NAM Probe. This can be either a set of predefined services called Default Software Services or a user-defined software service.
  4. Publish the draft configuration on the monitoring device.

Availability

By configuring the availability, you can determine which attempt failures are included in the availability metric calculation.

The availability is measured and presented as the percentage of successful attempts (operations) compared to all attempts. Each attempt is counted in one metric: operation, standalone, abort, network failure, transport failure or application failure. All operations with availability problems are included in the Failures (transport) and Failures (application) metrics.

In RMI availability reporting, for each failure category, you can control the error classification by enabling or disabling options available in the list next to each of the available transport and application errors:

Failures (transport)

You can determine which of the incomplete response errors should be included in the calculation of Failures (transport) metric.

Incomplete responses

You can determine whether the following types of incomplete responses should be classified as failures (transport).

Partial response (standalone hit)

An incomplete response observed for a hit without an operation context, classified as a Dead hit. This pertains to situations when server started the response but never finished due to a timeout or other problems.

Aborted response (standalone hit)

An incomplete response observed for a hit without an operation context, classified as a Break. This pertains to situations when server started the response but aborted it before completion with TCP reset.

No response

A request hit with no response from a server. This pertains to situations when server did not respond at all or responded in unrecognizable way.

Partial response

An incomplete response with a Dead hit status. This pertains to situations when server started the response but never finished due to a timeout or other problems.

Aborted response

An incomplete response with a Break status. This pertains to situations when server started the response but aborted it before completion with the TCP reset.

Failures (application)

Enable or disable the automatically detected operation attributes to individually select which sets of operation attributes are included in the calculation of Failures (application) . The following operation attributes are available:

  • Fatal error
  • Error indicator
  • Operation attributes (3)
  • Operation attributes (4)
  • Operation attributes (5)

Errors

NAM reports the SMB errors in four categories:

  • SMB client errors
  • SMB server errors
  • SMB security errors
  • SMB hard errors

See the table below to learn the detailed mapping of the actual SMB errors to the categories reported by NAM

Name Error code NTSTATUS values Class NAM Error name Failure
Invalid Function. ERRbadfunc 0x0001 STATUS_NOT_IMPLEMENTED 0xC0000002 STATUS_INVALID_DEVICE_REQUEST 0xC0000010 STATUS_ILLEGAL_FUNCTION 0xC00000AF ERRDOS 0x01 SMB client error
File not found. ERRbadfile 0x0002 STATUS_NO_SUCH_FILE 0xC000000F STATUS_NO_SUCH_DEVICE 0xC000000E STATUS_OBJECT_NAME_NOT_FOUND 0xC0000034 ERRDOS 0x01 SMB client error
A component in the path prefix is not a directory. ERRbadpath 0x0003 STATUS_OBJECT_PATH_INVALID 0xC0000039 STATUS_OBJECT_PATH_NOT_FOUND 0xC000003A STATUS_OBJECT_PATH_SYNTAX_BAD 0xC000003B STATUS_DFS_EXIT_PATH_FOUND 0xC000009B STATUS_REDIRECTOR_NOT_STARTED 0xC00000FB ERRDOS 0x01 SMB client error
Too many open files. No FIDs are available. ERRnofids 0x0004 STATUS_TOO_MANY_OPENED_FILES 0xC000011F ERRDOS 0x01 SMB client error
Access denied. ERRnoaccess 0x0005 STATUS_ACCESS_DENIED 0xC0000022 STATUS_INVALID_LOCK_SEQUENCE 0xC000001E STATUS_INVALID_VIEW_SIZE 0xC000001F STATUS_ALREADY_COMMITTED 0xC0000021 STATUS_PORT_CONNECTION_REFUSED 0xC0000041 STATUS_THREAD_IS_TERMINATING 0xC000004B STATUS_DELETE_PENDING 0xC0000056 STATUS_PRIVILEGE_NOT_HELD 0xC0000061 STATUS_LOGON_FAILURE 0xC000006D STATUS_FILE_IS_A_DIRECTORY 0xC00000BA STATUS_FILE_RENAMED 0xC00000D5 STATUS_PROCESS_IS_TERMINATING 0xC000010A STATUS_DIRECTORY_NOT_EMPTY 0xC0000101 STATUS_CANNOT_DELETE 0xC0000121 STATUS_FILE_DELETED 0xC0000123 ERRDOS 0x01 SMB client error
Invalid FID. ERRbadfid 0x0006 STATUS_SMB_BAD_FID 0x00060001 STATUS_INVALID_HANDLE 0xC0000008 STATUS_OBJECT_TYPE_MISMATCH 0xC0000024 STATUS_PORT_DISCONNECTED 0xC0000037 STATUS_INVALID_PORT_HANDLE 0xC0000042 STATUS_FILE_CLOSED 0xC0000128 STATUS_HANDLE_NOT_CLOSABLE 0xC0000235 ERRDOS 0x01 SMB client error
Memory Control Blocks were destroyed. ERRbadmcb 0x0007 ERRDOS 0x01 SMB client error
Insufficient server memory to perform the requested operation. ERRnomem 0x0008 STATUS_SECTION_TOO_BIG 0xC0000040 STATUS_TOO_MANY_PAGING_FILES 0xC0000097 STATUS_INSUFF_SERVER_RESOURCES 0xC0000205 ERRDOS 0x01 SMB client error
The server performed an invalid memory access (invalid address). ERRbadmem 0x0009 ERRDOS 0x01 SMB hard error Y
Invalid environment. ERRbadenv 0x000A ERRDOS 0x01 SMB client error
Invalid format. ERRbadformat 0x000B ERRDOS 0x01 SMB client error
Invalid open mode. ERRbadaccess 0x000C STATUS_OS2_INVALID_ACCESS 0x000C0001 STATUS_ACCESS_DENIED 0xC00000CA ERRDOS 0x01 SMB client error
Bad data. (May be generated by IOCTL calls on the server.) ERRbaddata 0x000D STATUS_DATA_ERROR 0xC000009C ERRDOS 0x01 SMB hard error Y
Invalid drive specified. ERRbaddrive 0x000F ERRDOS 0x01 SMB client error
Remove of directory failed because it was not empty. ERRremcd 0x0010 STATUS_DIRECTORY_NOT_EMPTY 0xC0000101 ERRDOS 0x01 SMB client error
A file system operation (such as a rename) across two devices was attempted. ERRdiffdevice 0x0011 STATUS_NOT_SAME_DEVICE 0xC00000D4 ERRDOS 0x01 SMB client error
No (more) files found following a file search command. ERRnofiles 0x0012 STATUS_NO_MORE_FILES 0x80000006 ERRDOS 0x01 SMB client error
General error. ERRgeneral 0x001F STATUS_UNSUCCESSFUL 0xC0000001 ERRDOS 0x01 SMB client error
Sharing violation. A requested open mode conflicts with the sharing mode of an existing file handle. ERRbadshare 0x0020 STATUS_SHARING_VIOLATION 0xC0000043 ERRDOS 0x01 SMB client error
A lock request specified an invalid locking mode, or conflicted with an existing file lock. ERRlock 0x0021 STATUS_FILE_LOCK_CONFLICT 0xC0000054 STATUS_LOCK_NOT_GRANTED 0xC0000055 ERRDOS 0x01 SMB client error
Attempted to read beyond the end of the file. ERReof 0x0026 STATUS_END_OF_FILE 0xC0000011 ERRDOS 0x01 SMB client error
This command is not supported by the server. ERRunsup 0x0032 STATUS_NOT_SUPPORTED 0XC00000BB ERRDOS 0x01 SMB client error
An attempt to create a file or directory failed because an object with the same path name already exists. ERRfilexists 0x0050 STATUS_OBJECT_NAME_COLLISION 0xC0000035 ERRDOS 0x01 SMB client error
A parameter supplied with the message is invalid. ERRinvalidparam 0x0057 STATUS_INVALID_PARAMETER 0xC000000D ERRDOS 0x01 SMB client error
Invalid information level. ERRunknownlevel 0x007C STATUS_OS2_INVALID_LEVEL 0x007C0001 ERRDOS 0x01 SMB client error
An attempt was made to seek to a negative absolute offset within a file. ERRinvalidseek 0x0083 STATUS_OS2_NEGATIVE_SEEK 0x00830001 ERRDOS 0x01 SMB client error
The byte range specified in an unlock request was not locked. ERROR_NOT_LOCKED 0x009E STATUS_RANGE_NOT_LOCKED 0xC000007E ERRDOS 0x01 SMB client error
Maximum number of searches has been exhausted. ERROR_NO_MORE_SEARCH_HANDLES 0x0071 STATUS_OS2_NO_MORE_SIDS 0x00710001 ERRDOS 0x01 SMB client error
No lock request was outstanding for the supplied cancel region. ERROR_CANCEL_VIOLATION 0x00AD STATUS_OS2_CANCEL_VIOLATION 0x00AD0001 ERRDOS 0x01 SMB client error
The file system does not support atomic changes to the lock type. ERROR_ATOMIC_LOCKS_NOT_SUPPORTED 0x00AE STATUS_OS2_ATOMIC_LOCKS_NOT_SUPPORTED 0x00AE0001 ERRDOS 0x01 SMB client error
Invalid named pipe. ERRbadpipe 0x00E6 STATUS_INVALID_INFO_CLASS 0xC0000003 STATUS_INVALID_PIPE_STATE 0xC00000AD STATUS_INVALID_READ_MODE 0xC00000B4 ERRDOS 0x01 SMB client error
The copy functions cannot be used. ERROR_CANNOT_COPY 0x010A STATUS_OS2_CANNOT_COPY 0x010A0001 ERRDOS 0x01 SMB client error
All instances of the designated named pipe are busy. ERRpipebusy 0x00E7 STATUS_INSTANCE_NOT_AVAILABLE 0xC00000AB STATUS_PIPE_NOT_AVAILABLE 0xC00000AC STATUS_PIPE_BUSY 0xC00000AE ERRDOS 0x01 SMB client error
The designated named pipe is in the process of being closed. ERRpipeclosing 0x00E8 STATUS_PIPE_CLOSING 0xC00000B1 STATUS_PIPE_EMPTY 0xC00000D9 ERRDOS 0x01 SMB client error
The designated named pipe exists, but there is no server process listening on the server side. ERRnotconnected 0x00E9 STATUS_PIPE_DISCONNECTED 0xC00000B0 ERRDOS 0x01 SMB client error
There is more data available to read on the designated named pipe. ERRmoredata 0x00EA STATUS_BUFFER_OVERFLOW 0x80000005 STATUS_MORE_PROCESSING_REQUIRED 0xC0000016 ERRDOS 0x01 SMB client error
Inconsistent extended attribute list. ERRbadealist 0x00FF ERRDOS 0x01 SMB client error
Either there are no extended attributes, or the available extended attributes did not fit into the response. ERROR_EAS_DIDNT_FIT 0x0113 STATUS_EA_TOO_LARGE 0xC0000050 STATUS_OS2_EAS_DIDNT_FIT 0x01130001 ERRDOS 0x01 SMB client error
The server file system does not support Extended Attributes. ERROR_EAS_NOT_SUPPORTED 0x11A STATUS_EAS_NOT_SUPPORTED 0xC000004F ERRDOS 0x01 SMB client error
Access to the extended attribute was denied. ERROR_EA_ACCESS_DENIED 0x03E2 STATUS_OS2_EA_ACCESS_DENIED 0x03E20001 ERRDOS 0x01 SMB client error
More changes have occurred within the directory than will fit within the specified Change Notify response buffer. ERR_NOTIFY_ENUM_DIR 0x03FE STATUS_NOTIFY_ENUM_DIR 0x0000010C ERRDOS 0x01 SMB security error
Unspecified server error. ERRerror 0x0001 STATUS_INVALID_SMB 0x00010002 ERRSRV 0x02 SMB hard error Y
Invalid password. ERRbadpw 0x0002 STATUS_WRONG_PASSWORD 0xC000006A ERRSRV 0x02 SMB security error
DFS pathname not on local server. ERRbadpath 0x0003 STATUS_PATH_NOT_COVERED 0xC0000257 ERRSRV 0x02 SMB server error
Access denied. The specified UID does not have permission to execute the requested command within the current context (TID). ERRaccess 0x0004 STATUS_NETWORK_ACCESS_DENIED 0xC00000CA ERRSRV 0x02 SMB security error
The TID specified in the command was invalid ERRinvtid 0x0005 STATUS_NETWORK_NAME_DELETED 0xC00000C9 STATUS_SMB_BAD_TID 0x00050002 ERRSRV 0x02 SMB server error
Invalid server name in Tree Connect. ERRinvnetname 0x0006 STATUS_BAD_NETWORK_NAME 0xC00000CC ERRSRV 0x02 SMB server error
A printer request was made to a non-printer device or, conversely, a non-printer request was made to a printer device. ERRinvdevice 0x0007 STATUS_BAD_DEVICE_TYPE 0xC00000CB ERRSRV 0x02 SMB server error
Invalid Connection ID (CID). This error code is only defined when the Direct IPX connectionless transport is in use. ERRinvsess 0x0010 ERRSRV 0x02 SMB server error
A command with matching MID or SequenceNumber is currently being processed. This error code is defined only when the Direct IPX connectionless transport is in use. ERRworking 0x0011 ERRSRV 0x02 SMB server error
Incorrect NetBIOS Called Name when starting an SMB session over Direct IPX. This error code is only defined when the Direct IPX connectionless transport is in use. ERRnotme 0x0012 ERRSRV 0x02 SMB server error
An unknown SMB command code was received by the server. ERRbadcmd 0x0016 STATUS_SMB_BAD_COMMAND 0x00160002 ERRSRV 0x02 SMB server error
Print queue is full - too many queued items. ERRqfull 0x0031 STATUS_PRINT_QUEUE_FULL 0xC00000C6 ERRSRV 0x02 SMB hard error Y
Print queue is full - no space for queued item, or queued item too big. ERRqtoobig 0x0032 STATUS_NO_SPOOL_SPACE 0xC00000C7 ERRSRV 0x02 SMB hard error Y
End Of File on print queue dump. ERRqeof 0x0033 ERRSRV 0x02 SMB server error
Invalid FID for print file. ERRinvpfid 0x0034 STATUS_PRINT_CANCELLED 0xC00000C8 ERRSRV 0x02 SMB server error
Unrecognized SMB command code. ERRsmbcmd 0x0040 STATUS_NOT_IMPLEMENTED 0xC0000002 ERRSRV 0x02 SMB server error
Internal server error. ERRsrverror 0x0041 STATUS_UNEXPECTED_NETWORK_ERROR 0xC00000C4 ERRSRV 0x02 SMB hard error Y
The FID and pathname contain incompatible values. ERRfilespecs 0x0043 ERRSRV 0x02 SMB server error
An invalid combination of access permissions for a file or directory was presented. The server cannot set the requested attributes. ERRbadpermits 0x0045 STATUS_NETWORK_ACCESS_DENIED 0xC00000CA ERRSRV 0x02 SMB security error
The attribute mode presented in a set mode request was invalid. ERRsetattrmode 0x0047 ERRSRV 0x02 SMB server error
Operation timed out. ERRtimeout 0x0058 STATUS_UNEXPECTED_NETWORK_ERROR 0xC00000C4 STATUS_IO_TIMEOUT 0xC00000B5 ERRSRV 0x02 SMB server error
No resources currently available for this SMB request. ERRnoresource 0x0059 STATUS_REQUEST_NOT_ACCEPTED 0xC00000D0 ERRSRV 0x02 SMB server error
Too many UIDs active for this SMB connection. ERRtoomanyuids 0x005A STATUS_TOO_MANY_SESSIONS 0xC00000CE ERRSRV 0x02 SMB server error
The UID specified is not known as a valid ID on this server session. ERRbaduid 0x005B STATUS_SMB_BAD_UID 0x005B0002 ERRSRV 0x02 SMB server error
Write to a named pipe with no reader. ERRnotconnected 0x00E9 STATUS_PIPE_DISCONNECTED 0xC00000B0 ERRSRV 0x02 SMB server error
Temporarily unable to support RAW mode transfers. Use MPX mode. ERRusempx 0x00FA STATUS_SMB_USE_MPX 0x00FA0002 ERRSRV 0x02 SMB server error
Temporarily unable to support RAW or MPX mode transfers. Use standard read/write. ERRusestd 0x00FB STATUS_SMB_USE_STANDARD 0x00FB0002 ERRSRV 0x02 SMB server error
Continue in MPX mode.|This error code is reserved for future use. ERRcontmpx 0x00FC STATUS_SMB_CONTINUE_MPX 0x00FC0002 ERRSRV 0x02 SMB server error
User account on the target machine is disabled or has expired. ERRaccountExpired 0x08BF STATUS_ACCOUNT_DISABLED 0xC0000072 STATUS_ACCOUNT_EXPIRED 0xC0000193 ERRSRV 0x02 SMB security error
The client does not have permission to access this server. ERRbadClient 0x08C0 STATUS_INVALID_WORKSTATION 0xC0000070 ERRSRV 0x02 SMB security error
Access to the server is not permitted at this time. ERRbadLogonTime 0x08C1 STATUS_INVALID_LOGON_HOURS 0xC000006F ERRSRV 0x02 SMB security error
The user's password has expired. ERRpasswordExpired 0x08C2 STATUS_PASSWORD_EXPIRED 0xC0000071 STATUS_PASSWORD_MUST_CHANGE 0xC0000224 ERRSRV 0x02 SMB security error
Function not supported by the server. ERRnosupport 0xFFFF STATUS_SMB_NO_SUPPORT 0XFFFF0002 ERRSRV 0x02 SMB server error
Attempt to modify a read-only file system. ERRnowrite 0x0013 STATUS_MEDIA_WRITE_PROTECTED 0xC00000A2 ERRHRD 0x03 SMB client error
Unknown unit. ERRbadunit 0x0014 ERRHRD 0x03 SMB client error
Drive not ready. ERRnotready 0x0015 STATUS_NO_MEDIA_IN_DEVICE 0xC0000013 ERRHRD 0x03 SMB hard error Y
Unknown command. ERRbadcmd 0x0016 STATUS_INVALID_DEVICE_STATE 0xC0000184 ERRHRD 0x03 SMB client error
Data error (incorrect CRC). ERRdata 0x0017 STATUS_DATA_ERROR 0xC000003E STATUS_CRC_ERROR 0xC000003F ERRHRD 0x03 SMB hard error Y
Bad request structure length. ERRbadreq 0x0018 STATUS_DATA_ERROR 0xC000003E ERRHRD 0x03 SMB client error
Seek error. ERRseek 0x0019 ERRHRD 0x03 SMB hard error Y
Unknown media type. ERRbadmedia 0x001A STATUS_DISK_CORRUPT_ERROR 0xC0000032 ERRHRD 0x03 SMB hard error Y
Sector not found. ERRbadsector 0x001B STATUS_NONEXISTENT_SECTOR 0xC0000015 ERRHRD 0x03 SMB hard error Y
Printer out of paper. ERRnopaper 0x001C STATUS_DEVICE_PAPER_EMPTY 0x8000000E ERRHRD 0x03 SMB server error
Write fault. ERRwrite 0x001D ERRHRD 0x03 SMB hard error Y
Read fault. ERRread 0x001E ERRHRD 0x03 SMB hard error Y
General hardware failure. ERRgeneral 0x001F ERRHRD 0x03 SMB hard error Y
An attempted open operation conflicts with an existing open. ERRbadshare 0x0020 STATUS_SHARING_VIOLATION 0xC0000043 ERRHRD 0x03 SMB client error
A lock request specified an invalid locking mode, or conflicted with an existing file lock. ERRlock 0x0021 STATUS_FILE_LOCK_CONFLICT 0xC0000054 ERRHRD 0x03 SMB hard error Y
The wrong disk was found in a drive. ERRwrongdisk 0x0022 STATUS_WRONG_VOLUME 0xC0000012 ERRHRD 0x03 SMB hard error Y
No server-side File Control Blocks are available to process the request. ERRFCBUnavail 0x0023 ERRHRD 0x03 SMB hard error Y
A sharing buffer has been exceeded. ERRsharebufexc 0x0024 ERRHRD 0x03 SMB hard error Y
No space on file system. ERRdiskfull 0x0027 STATUS_DISK_FULL 0xC000007F ERRHRD 0x03 SMB hard error Y