Documentation forServer & Application Monitor

Troubleshoot application monitor polling with WinRM

Following are issues you may encounter when using WinRM as the fetching method for WMI-based polling for SAM templates, application monitors, and component monitors that do not use Orion agents to collect data from target nodes. The "Attempt to use WinRM for application template polling failed" alert writes to the event log when WinRM polling fails and DCOM/RPC is used as a fallback method.

For additional troubleshooting tips, visit the SolarWinds Success Center or THWACK.

Basic WinRM troubleshooting steps include:

  • Review Configure WinRM polling in your SAM environment.
  • On target nodes:
    • Verify that the WinRM service is started and set to "Automatic".
    • If a firewall exists, allow exceptions for the Orion server on port 5985 (HTTP) and/or 5986 (HTTPS).
    • If required, check for a valid SSL certificate.
    • Confirm that a WinRM HTTPS Listener exists.
  • On the Orion server:
    • Make sure the Orion server can connect to the target node.
    • Confirm that the SAM WinRM toggle is enabled on the Orion server, at the global level
    • If a target node is in a separate domain, check the TrustedHosts list on the Orion server and update it, if necessary.

      In large environments with Additional Polling Engines (APEs), make sure that target nodes are TrustedHosts on related polling engines.

  • Review the following log files on the Orion server:
    • C:\ProgramData\Solarwinds\Logs\APM\RunWinRMConfigurator.log (WinRM configuration)
    • C:\ProgramData\Solarwinds\Logs\APM\ApplicationLogs (polling)
    • C:\ProgramData\Solarwinds\Logs\SolarWinds.APM.Probes_[*] (polling)

To confirm the WinRM configuration on a target server: 

  1. Log into the target server.
  2. Open a PowerShell session and run the following command:
    winrm get winrm/config/listener?Address=*+Transport=HTTPS
  3. Verify that the ListeningOn value lists valid IP addresses. If the value is null, add a WinRM HTTPS Listener.

To confirm that the SAM WinRM toggle is enabled on the Orion server, at the global level:

  1. Navigate to the Advanced Configuration page in the Orion Web Console:
    1. Copy the following text to the Windows Clipboard:
      /Admin/AdvancedConfiguration/Global.aspx
    2. Paste text into your browser address bar, after /Orion, as shown in this example.

      <your product server>/Orion/Admin/AdvancedConfiguration/Global.aspx

  2. On the Global tab of the Advanced Configuration page, scroll down to the APM.WMI.Settings section.
  3. Verify that the WinRemoteManagementforWmiEnabled option is selected.

    This option is enabled in fresh installations by default, starting in SAM 2020.2. If you need to enable or disable it, use the Orion Service Manager to stop the SolarWinds Job Engine v2 service beforehand, and then restart the service afterward.

If you used a GPO to configure nodes for WinRM, check the Group Policy configuration.

  1. Open your Group Policy Editor.
  2. Go to Computer > Policies > Windows Components > Windows Remote Management (WinRM) > WinRM Service.
  3. Check the configuration of the "Allow automatic configuration of listeners" policy.
  4. Verify that the Policy configuration is correct.

To add all target network nodes across a domain as trusted hosts for the Orion server:

  1. Open PowerShell as an Administrator.
  2. Run this command:
    set-item wsman:\localhost\Client\TrustedHosts *.domain.com

See Add target nodes that use WinRM polling as trusted hosts on the Orion server.

To configure trusted hosts on both the target server and the polling engine:

  1. Log into the polling engine, which may be the Orion server.
  2. Open PowerShell as an Administrator.
  3. Run this command to view the TrustedHosts value:
    Get-Item WSMan:\localhost\Client\TrustedHosts
  4. If necessary, run this command to set the TrustedHosts value:
    winrm set winrm/config/client '@{TrustedHosts="*"}'

    This command sets the TrustedHosts value to *, a wildcard character that can be replaced with comma-separated IP addresses of servers to trust. Target servers must trust the polling engine IP Address, and the polling engine must trust target server IP addresses. SolarWinds recommends setting this value to * for polling engines that gather data from multiple target servers.

  5. To confirm trust settings, run the Get-Item command from step 2 again.

"Requested HTTP URL was not available" message

The following message appears when a WinRM URL prefix is not configured correctly:

Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'. Microsoft.Management.Infrastructure.CimException:
	The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available.
	This is usually returned by a HTTP server that does not support the WS-Management protocol.

Compare the WinRM URL prefix settings with Node settings on the Manage Nodes page. Navigate to the Manage Nodes page, click Edit Node, and scroll down to the WinRM Settings section, as shown here:

"Client cannot connect" message

The following message appears if SAM cannot connect to the WinRM service:

Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'. Microsoft.Management.Infrastructure.CimException: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WSManagement service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".

This message may indicate that a target node resides in a different domain than the Orion server. See Add target nodes that use WinRM polling as trusted hosts on the Orion server.

To resolve a client connection issue:

  1. Restart the WS-Management service in the Group Policy Management Editor.
  2. Run the following PowerShell command to configure WinRM: winrm quickconfig
  3. Run the following PowerShell commands to check for a mismatch between WinRM configurations on the Orion server and the target node:
    • Get-WSManInstance -ResourceURI winrm/config/listener -SelectorSet @{Address="*";Transport="http"}
    • Get-WSManInstance -ResourceURI winrm/config/listener -SelectorSet @{Address="*";Transport="https"}
  4. Navigate to the Manage Nodes page, click Edit Node, and scroll down to the WinRM Settings section to review settings.

"Specified logon session does not exist" message

The following message appears when SAM cannot connect to the WinRM service:

Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.
	Microsoft.Management.Infrastructure.CimException: WinRM cannot process the request.
	The following error with error code 0x8009030e occurred while using Negotiate authentication:
	A specified logon session does not exist. It may already have been terminated.
	This can occur if the provided credentials are not valid on the target server, or if the server identity could not be verified.
	If you trust the server identity, add the server name to the TrustedHosts list, and then retry the request. Use winrm.cmd to view or edit the TrustedHosts list.
	Note that computers in the TrustedHosts list might not be authenticated. For more information about how to edit the TrustedHosts list, run the following command: winrm help config.

This may indicate that either:

  • The Orion Platform polling engine is not in the domain so connections to remote hosts are blocked cause the remote computer is not in the trusted host, or
  • Provided credentials are not valid on the target server.

To add all nodes across the domain to trusted hosts, run the following command:
set-item wsman:\localhost\Client\TrustedHosts *.domain.com

See Add target nodes that use WinRM polling as trusted hosts on the Orion server.

WinRM authentication issue

The following messages indicate that WinRM authentication may not be configured correctly at the component level:

The WinRM client cannot process the request. CredSSP authentication is currently disabled in the client configuration.
	Change the client configuration and try the request again. CredSSP authentication must also be enabled in the server configuration.
	Also, Group Policy must be edited to allow credential delegation to the target computer. Use gpedit.msc and look at the following policy:
	Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Delegating Fresh Credentials.
	Verify that it is enabled and configured with an SPN appropriate for the target computer.
	For example, for a target computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or WSMAN/*.domain
Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'. Microsoft.Management.Infrastructure.CimException:
	The WinRM client cannot process the request. Unencrypted traffic is currently disabled in the client configuration.
	Change the client configuration and try the request again.

Follow these steps to check the SAM WinRM toggle setting for the following types of component monitors:

  • Directory Size Monitors
  • File Count Monitors
  • Performance Counter Monitors
  • Process Monitors for Windows
  • Windows Event Log Monitor
  • Windows Service Monitors
  • WMI Monitors
  1. Navigate to the Application Details -Summary page and click Edit Application Monitor.

  2. On the application monitor page, scroll down to the Component Monitor section and expand details.
  3. Review the WinRM Authentication Mechanism setting: