Documentation forServer & Application Monitor
Monitoring your applications and environment is a key capability of Hybrid Cloud Observability and is also available in a standalone module, Server & Application Monitor (SAM). Hybrid Cloud Observability and SAM are built on the self-hosted SolarWinds Platform.

Troubleshoot application monitor polling with WinRM

Following are issues you may encounter when using WinRM as the fetching method for WMI-based polling for SAM application monitor templates, application monitors, and component monitors that do not use SolarWinds Platform agents to collect data from target nodes.

When WinRM polling fails, a predefined "Attempt to use WinRM for application template polling failed" alert is sent to the NetPerfMon Event Log, and SAM uses DCOM/RPC as the fallback method instead.

Basic WinRM troubleshooting steps include:

  • Review Configure WinRM polling in your SAM environment.
  • On target nodes:
    • Verify that the WinRM service is started and set to "Automatic".
    • If a firewall exists, allow exceptions for the SolarWinds Platform server on port 5985 (HTTP) and/or 5986 (HTTPS).
    • If required, check for a valid SSL certificate.
    • Confirm that a WinRM HTTPS Listener exists.
  • On the SolarWinds Platform server:
    • Make sure the SolarWinds Platform server can connect to the target node.
    • Confirm that the SAM WinRM toggle is enabled on the SolarWinds Platform server, at the global level
    • If a target node is in a separate domain, check the TrustedHosts list on the SolarWinds Platform server and update it, if necessary.

      In large environments with Additional Polling Engines (APEs), make sure that target nodes are TrustedHosts on related polling engines.

  • Review the following log files on the SolarWinds Platform server:
    • C:\ProgramData\Solarwinds\Logs\APM\RunWinRMConfigurator.log (WinRM configuration)
    • C:\ProgramData\Solarwinds\Logs\APM\ApplicationLogs (polling)
    • C:\ProgramData\Solarwinds\Logs\APM\SolarWinds.APM.Probes_[*] (polling)

Confirm the WinRM configuration on a target server

  1. Log in to the target server.
  2. Open a PowerShell session and run the following command:
    winrm get winrm/config/listener?Address=*+Transport=HTTPS
  3. Verify that the ListeningOn value lists valid IP addresses. If the value is null, add a WinRM HTTPS Listener.

To confirm that the SAM WinRM toggle is enabled on the SolarWinds Platform server, at the global level:

  1. Navigate to the Advanced Configuration page in the SolarWinds Platform Web Console:
    1. Copy the following text to the Windows Clipboard:
      /Admin/AdvancedConfiguration/Global.aspx
    2. Paste text into your browser address bar, after /Orion, as shown in this example.

      <your product server>/Orion/Admin/AdvancedConfiguration/Global.aspx

  2. On the Global tab of the Advanced Configuration page, scroll down to the APM.WMI.Settings section.
  3. Verify that the WinRemoteManagementforWmiEnabled option is selected.

    This option is enabled in fresh installations by default, starting in SAM 2020.2. If you decide to disable it, use the SolarWinds Platform Service Manager to stop the SolarWinds Job Engine v2 service, and then restart the service afterward.

Check the Group Policy configuration

If you used a GPO to configure nodes for WinRM, check the Group Policy configuration.

  1. Open your Group Policy Editor.
  2. Go to Computer > Policies > Windows Components > Windows Remote Management (WinRM) > WinRM Service.
  3. Check the configuration of the "Allow automatic configuration of listeners" policy.
  4. Verify that the Policy configuration is correct.

Add all target network nodes across a domain as trusted hosts for the SolarWinds Platform server

  1. Open PowerShell as an Administrator.
  2. Run this command:
    set-item wsman:\localhost\Client\TrustedHosts *.domain.com

See Add target nodes that use WinRM polling as trusted hosts on the SolarWinds Platform server.

Configure trusted hosts on both the target server and the polling engine

  1. Log in to the polling engine, which may be the SolarWinds Platform server.
  2. Open PowerShell as an Administrator.
  3. Run this command to view the TrustedHosts value:
    Get-Item WSMan:\localhost\Client\TrustedHosts
  4. If necessary, run this command to set the TrustedHosts value:
    winrm set winrm/config/client '@{TrustedHosts="*"}'

    This command sets the TrustedHosts value to *, a wildcard character you can replace with comma-separated IP addresses of servers to trust. Target servers must trust the polling engine IP address, and the polling engine must trust target server IP addresses. SolarWinds recommends setting this value to * for polling engines that gather data from multiple target servers.

  5. To confirm trust settings, run the Get-Item command from step 2 again.

Troubleshoot specific scenarios

WinRM application alert: Attempt to use WinRM for application template polling failed

If WinRM polling fails, the following predefined alert is sent to the NetPerfMon Event Log, and SAM uses DCOM/RPC as the fallback method instead:

Attempt to use WinRM for application template polling failed

Note the following details about this alert:

  • It appears once for each application monitor that attempts WinRM polling but fails.
  • It will not repeat in consecutive failed polling cycles.
  • It will not appear for nodes where WinRM polling is disabled, or if WinRM polling is disabled on the SolarWinds Platform server. See Configure WinRM polling in your SAM environment.

"Requested HTTP URL was not available" message

The following message appears if a WinRM URL prefix is not configured correctly:

Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'. Microsoft.Management.Infrastructure.CimException:
	The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available.
	This is usually returned by a HTTP server that does not support the WS-Management protocol.

Compare the WinRM URL prefix settings with Node settings on the Manage Nodes page. Navigate to the Manage Nodes page, click Edit Node, and scroll down to the WinRM Settings section.

"Client cannot connect" message

The following message appears if SAM cannot connect to the WinRM service:

Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'. Microsoft.Management.Infrastructure.CimException: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WSManagement service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".

This message may indicate that a target node resides in a different domain than the SolarWinds Platform server. See Add target nodes that use WinRM polling as trusted hosts on the SolarWinds Platform server.

To resolve a client connection issue:

  1. Restart the WinRM service with either of the following methods:
    • Open the Run windows, type Services.msc, and click OK.
    • Use the Restart-Service cmdlet in PowerShell.
  2. Run the following PowerShell command to configure WinRM: winrm quickconfig
  3. Run the following PowerShell commands to check for a mismatch between WinRM configurations on the SolarWinds Platform server and the target node:
    • Get-WSManInstance -ResourceURI winrm/config/listener -SelectorSet @{Address="*";Transport="http"}
    • Get-WSManInstance -ResourceURI winrm/config/listener -SelectorSet @{Address="*";Transport="https"}
  4. Navigate to the Manage Nodes page, click Edit Node, and scroll down to the WinRM Settings section to review settings.

"Specified logon session does not exist" message

The following message appears when SAM cannot connect to the WinRM service:

Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.
	Microsoft.Management.Infrastructure.CimException: WinRM cannot process the request.
	The following error with error code 0x8009030e occurred while using Negotiate authentication:
	A specified logon session does not exist. It may already have been terminated.
	This can occur if the provided credentials are not valid on the target server, or if the server identity could not be verified.
	If you trust the server identity, add the server name to the TrustedHosts list, and then retry the request. Use winrm.cmd to view or edit the TrustedHosts list.
	Note that computers in the TrustedHosts list might not be authenticated. For more information about how to edit the TrustedHosts list, run the following command: winrm help config.

This may indicate that either:

  • The SolarWinds Platform polling engine is not in the domain so connections to remote hosts are blocked cause the remote computer is not in the trusted host, or
  • Provided credentials are not valid on the target server.

To add all nodes across the domain to trusted hosts, run the following command:
set-item wsman:\localhost\Client\TrustedHosts *.domain.com

See Add target nodes that use WinRM polling as trusted hosts on the SolarWinds Platform server.

WinRM authentication issues

The following messages indicate that WinRM authentication may not be configured correctly at the component level:

The WinRM client cannot process the request. CredSSP authentication is currently disabled in the client configuration.
	Change the client configuration and try the request again. CredSSP authentication must also be enabled in the server configuration.
	Also, Group Policy must be edited to allow credential delegation to the target computer. Use gpedit.msc and look at the following policy:
	Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Delegating Fresh Credentials.
	Verify that it is enabled and configured with an SPN appropriate for the target computer.
	For example, for a target computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or WSMAN/*.domain
Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'. Microsoft.Management.Infrastructure.CimException:
	The WinRM client cannot process the request. Unencrypted traffic is currently disabled in the client configuration.
	Change the client configuration and try the request again.

Follow these steps to check the SAM WinRM toggle setting for the following types of component monitors:

  • Directory Size Monitors
  • File Count Monitors
  • Performance Counter Monitors
  • Process Monitors for Windows
  • Windows Event Log Monitor
  • Windows Service Monitors
  • WMI Monitors
  1. Navigate to the Application Details -Summary page and click Edit Application Monitor.

  2. On the application monitor page, scroll down to the Component Monitor section and expand details.
  3. Review the WinRM Authentication Mechanism setting: