Configure WinRM polling in your SAM environment

WinRM is the default fetching method for WMI-based component monitors, as listed here. SAM automatically switches to DCOM as a fallback method to collect data if WinRM fails during a polling cycle, and then works through other methods until polling succeeds.

• Directory Size Monitors
• File Count Monitors
• Performance Counter Monitors
• Process Monitors for Windows
• Windows Event Log Monitors
• Windows Service Monitors
• WMI Monitors

WinRM fallback can negatively impact polling times. Make sure WinRM polling is properly configured on target nodes or disable WinRM on specific nodes, as necessary. Otherwise, SAM will attempt to use WinRM during all future polling cycles and fallback continues until the configuration is updated. For additional tips, see SAM polling recommendations.

WinRM polling is enabled on the SolarWinds Platform server by default, regardless of whether you upgraded from an earlier version or are new to SAM. For reference, here is an overview of initial WinRM settings for SAM application polling (referred to as the "SAM WinRM toggle" below) in new and upgraded environments.

• In a new environment, created with SAM:
  • The global SAM WinRM toggle is enabled on the SolarWinds Platform server.
  • The SAM WinRM toggle is enabled for the WMI-based component monitor types listed above, including Directory Size Monitors. This toggle is also called the WinRM Authentication Mechanism setting.
  • WinRM application monitor polling is enabled on all Windows network nodes added to the SolarWinds Platform, by default.

Use the following procedures to adjust WinRM settings to suit your business needs:

• Configure WinRM polling on target nodes
• Add target nodes that use WinRM polling as trusted hosts on the SolarWinds Platform server
• Disable WinRM polling on individual nodes
• Disable WinRM polling on the SolarWinds Platform server
• Ignore certificate errors during WinRM polling
• Configure WinRM polling in your SAM environment

See also Choose a fetching method for Performance Counter Monitors in the SAM Template Reference.

If target nodes are hosted in a separate domain from the SolarWinds Platform server, adjust TrustedHost settings on the SolarWinds Platform server.

Configure WinRM polling on target nodes

WinRM polling is automatically enabled on any new Windows network nodes added to the SolarWinds Platform, but you may need to configure it on existing nodes that aren't already using WinRM to:

• Monitor AppInsight for IIS or AppInsight for Exchange, or
• Run PowerShell scripts remotely.

See Installation and configuration for WinRM (© 2021 Microsoft Corp., available at docs.microsoft.com, obtained on March 12, 2021) for details. Use PowerShell in SAM also describes how to enable WinRM.

When finished, the target node should include the following elements:

• The WinRM service to receive requests from other IP addresses.
• An SSL certificate to secure data.
• A firewall exception to allow external requests to reach the WinRM service.
• A WinRM Listener to accept external requests.

Note the following details:

• You can also use a Group Policy Object (GPO) in Active Directory to configure WinRM settings.
• If a node is not in the same domain as the SolarWinds Platform server, add it as a trusted host, as described next.

See also Set up AppInsight for Active Directory monitoring under the context of a "Least Privileges" account.

Add target nodes that use WinRM polling as trusted hosts on the SolarWinds Platform server

To use WinRM polling on target nodes that exist in a different domain than the SolarWinds Platform server, add them to the WS-Management TrustedHosts list on the SolarWinds Platform server, to support WinRM communication between the client (the SolarWinds Platform server) and the server (the target node).

The following steps assume that the SolarWinds Platform server is used as the Main Polling Engine. In large environments with Additional Polling Engines (APEs), use these steps to create trust relationships between target nodes and related polling engines.

1. On the SolarWinds Platform server, add each target node as a TrustedHost with this PowerShell command:
   Install-Module psTrustedHosts -Force

2. Use either of the following methods to add target nodes as TrustedHosts.

   • To set all hosts as trusts, enter:

     Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

   If using the method above, you can replace the * wildcard character with a specific IP address for added security. Use commas to separate multiple IP addresses, if necessary.

   • To set all remote hosts from a specific domain as trusts, enter:

     Set-Item WSMan:\localhost\Client\TrustedHosts *.yourdomain.local

3. Verify the WinRM connection from the SolarWinds Platform server to each target node by entering:

   Test-WSMan -ComputerName $TargetNodeHostName -Authentication default

   If the SolarWinds Platform server and a target node have the same credentials, results will look similar to this example:

   

Review logs on nodes for the following error. The default log location is:

C:\ProgramData\SolarWinds\Logs\APM\ApplicationLogs.

SolarWinds.APM.Probes.Management.ManagementDataFetcher - Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.
Microsoft.Management.Infrastructure.CimException: WinRM cannot process the request. The following error with error code 0x8009030e occurred while using Negotiate authentication:
A specified logon session does not exist. It may already have been terminated.
  This can occur if the provided credentials are not valid on the target server, or if the server identity could not be verified.
  If you trust the server identity, add the server name to the TrustedHosts list, and then retry the request. Use winrm.cmd to view or edit the TrustedHosts list.
  Note that computers in the TrustedHosts list might not be authenticated. To learn how to edit the TrustedHosts list, run the following command: winrm help config.
  at Microsoft.Management.Infrastructure.Internal.Operations.CimSyncEnumeratorBase`1.MoveNext()
  at SolarWinds.APM.Probes.Management.WinRM.Commands.SelectCommand.ToQueryResultLists(IEnumerable`1 cimInstances)
  at SolarWinds.APM.Probes.Management.WinRM.Commands.SelectCommand.Execute(WinRmConnection connection)
  at SolarWinds.APM.Probes.Management.ManagementCommand`2.Execute()
  at SolarWinds.APM.Probes.Management.ManagementDataFetcher.ExecuteSelectCommand(IManagementConnection connection, SelectQuery wqlQuery)
  at SolarWinds.APM.Probes.Management.ManagementDataFetcher.Fetch[TResult](Func`2 fetchingAction, Func`2 fallbackAction)

If an application log includes this error, follow the troubleshooting steps in the message. The following links may also be helpful (© 2020 Microsoft Corp., available at docs.microsoft.com and support.microsoft.com, obtained on March 11, 2020):

• Installation and Configuration for WinRM Management
• Test-WSMan
• Troubleshoot connectivity issues in MS DTC by using the DTCPing tool

The following log file contains details about the WinRM configuration process: C:\ProgramData\Solarwinds\Logs\APM\RunWinRMConfigurator.log

Disable WinRM polling on individual nodes

The WinRM feature is enabled on all Windows network nodes added to the SolarWinds Platform by default. Use the procedures in this section to disable WinRM polling, if necessary.

To disable WinRM polling on a target node: 

1. Navigate to the relevant Node Details view and click Edit Node.
2. When the Edit Properties page opens, scroll down and clear the Enable WinRM check box.
3. Click Submit to save your changes.

Disable WinRM polling on the SolarWinds Platform server

The WinRM feature is enabled on the SolarWinds Platform server by default. To disable this feature at the global level, adjust APM.WMI.Settings on the Advanced Configuration page.

1. Log in to the SolarWinds Platform server as an administrator.
2. Copy the following text: /Admin/AdvancedConfiguration/Global.aspx

3. Paste text into your browser address bar, after /Orion, as shown here:

   <your product server>/Orion/Admin/AdvancedConfiguration/Global.aspx

4. On the Global tab of the Advanced Configuration page, scroll down to APM.WMI.Settings.
   

5. Clear the WinRemoteManagementforWmiEnabled check box, and then scroll down to click Save.

   

6. Restart SolarWinds Platform services in the SolarWinds Platform Service Manager, and then wait a few minutes for changes to occur.

Ignore certificate errors during WinRM polling

By default, WinRM flags invalid certificates found during polling, including self-signed certificates over HTTPS. When this occurs, messages similar to the following appear in logs:

Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.

You can configure WinRM to ignore invalid certificates by enabling the WinRemoteManagementIgnoreCertificateErrors setting on the Advanced Configuration page.

Neither SolarWinds Platform agents nor SolarWinds Platform Remote Collectors respect centralized settings adjusted on the Advanced Configuration page.

1. Log in to the SolarWinds Platform server as an administrator.
2. Use the SolarWinds Platform Service Manager to stop all SolarWinds Platform services.
3. Copy the following text: /Admin/AdvancedConfiguration/Global.aspx

4. Paste text into your browser address bar, after /Orion, as shown here:

   <your product server>/Orion/Admin/AdvancedConfiguration/Global.aspx

5. On the Global tab of the Advanced Configuration page, scroll down to APM.WMI.Settings.
   
6. Select the WinRemoteManagementIgnoreCertificateErrors check box, and then scroll down to click Save.
   
7. Restart SolarWinds Platform services in the SolarWinds Platform Service Manager, and then wait a few minutes for changes to occur.