Forum Discussion
SAMR Queries from specific server (not computer)
Hi,
One of my servers show in ATA multiple SAMR queries (see attached screen-shot).
It's happening at the beginning of each our as can be seen (3:13pm, 2:13pm, etc.)
Which process/network activity should I check in the server (if there is no scheduled task) ?
Thank you.
I ran into similar activity recently. The SAMR queries were only being seen on servers in Azure, so that was a bit of a clue. Using Message Analyzer and adding the Process Name column from Global Properties quickly found which process was performing that activity.
The culprit was WaAppAgent.exe which is the Azure VM agent.
Thank you,
How did you manage to solve it & stop these queries ?
- EliOfek
Microsoft
A good start would be to capture a netmon 3.4 trace during the expected time of this traffic, as netmon is usually able to show you which process generated the traffic.
By Any chance is there any software installed on this machine by Lenovo?
- I know about the Lenovo issue with SAMR, do you know which software cause these queries ?
& regarding the server - gonna check and get back on this.- EliOfek
So far I mainly seen it come from Lenovo.
I think they have some kind of messaging app that does it.
But netmon should provide you with more clues.
