Configure WinRM polling in your SAM environment
Starting in SAM 2020.2, WinRM is the default fetching method for WMI-based component monitors, as listed here. SAM automatically switches to DCOM as a fallback method to collect data if WinRM fails during a polling cycle, and then works through other methods until polling succeeds.
- Directory Size Monitors
- File Count Monitors
- Performance Counter Monitors
- Process Monitors for Windows
- Windows Event Log Monitors
- Windows Service Monitors
- WMI Monitors
WinRM fallback can negatively impact polling times. Make sure WinRM polling is properly configured on target nodes or disable WinRM on specific nodes, as necessary. Otherwise, SAM will attempt to use WinRM during all future polling cycles and fallback continues until the configuration is updated. For additional tips, see SAM polling recommendations.
WinRM polling is enabled on the Orion server by default, regardless of whether you upgraded from an earlier version or are new to SAM. For reference, here is an overview of initial WinRM settings for SAM application polling (referred to as the "SAM WinRM toggle" below) in new and upgraded environments.
- In a new environment, created with SAM 2020.2 or later:
- The global SAM WinRM toggle is enabled on the Orion server.
- The SAM WinRM toggle is enabled for the WMI-based component monitor types listed above, including Directory Size Monitors. This toggle is also called the WinRM Authentication Mechanism setting.
- WinRM application monitor polling is enabled on all Windows network nodes added to the Orion Platform, by default.
- In an existing environment, originally installed with SAM 2019.4 or earlier:
- The SAM WinRM toggle is enabled on the Orion server, at the global level.
- The SAM WinRM toggle is enabled as the primary fetching method for all WMI-based component monitors.
- WinRM application monitor polling will be enabled on new Windows network nodes added to the Orion Platform moving forward.
- WinRM application monitor polling is not enabled on existing Windows network nodes in an upgrade scenario, but may already be enabled on some nodes. See Configure WinRM polling in your SAM environment.
Use the following procedures to adjust WinRM settings to suit your business needs:
- Configure WinRM polling on target nodes
- Add target nodes that use WinRM polling as trusted hosts on the Orion server
- Disable WinRM polling on individual nodes
- Disable WinRM polling on the Orion server
- Configure WinRM polling in your SAM environment
For target nodes hosted in a separate domain from the Orion server, you'll need to adjust TrustedHost settings on the Orion server.
If you upgraded from SAM 2019.4.1 or earlier, WinRM polling is automatically enabled on any new Windows network nodes added to the Orion Platform after you upgrade to SAM 2020.2 or later, but you'll need to configure it on existing nodes that aren't already using WinRM to:
- Monitor AppInsight for IIS or AppInsight for Exchange, or
- Support the remote execution of PowerShell scripts.
To enable WinRM polling on a node, review the What is WinRM & How Do You Configure It THWACK blog, download the free Remote Execution Enabler for PowerShell tool, and follow steps in the Remote Execution Enabler Quick Reference Guide on THWACK. When finished, the target node should include the following elements:
- The WinRM service to receive requests from other IP addresses.
- An SSL certificate to secure data.
- A firewall exception to allow external requests to reach the WinRM service.
- A WinRM Listener to accept external requests.
You can also use a Group Policy Object (GPO) in Active Directory to configure WinRM settings.
If a node is not in the same domain as the Orion server, you'll need to add it as a trusted host, as described next.
To use WinRM polling on target nodes that exist in a different domain than the Orion server, add them to the WS-Management TrustedHosts list on the Orion server, to support WinRM communication between the client (the Orion server) and the server (the target node).
The following steps assume that the Orion server is used as the Main Polling Engine. In large environments with Additional Polling Engines (APEs), use these steps to create trust relationships between target nodes and related polling engines.
- On the Orion server, add each target node as a TrustedHost with this PowerShell command:
Install-Module psTrustedHosts -Force
- Set all hosts as trusts by entering:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force
For added security, replace the * wildcard character with a specific IP address. Use commas to separate multiple IP addresses, if necessary.
- Verify the WinRM connection from the Orion server to each target node by entering:
Test-WSMan -ComputerName $TargetNodeHostName -Authentication default
If the Orion server and a target node have the same credentials, results will look similar to this example:
Check the application log on nodes that involve WinRM polling for the following error. The default location for application logs is
SolarWinds.APM.Probes.Management.ManagementDataFetcher - Fetching WMI query failed by 'SolarWinds.APM.Probes.Management.WinRM.WinRmConnection'.
Microsoft.Management.Infrastructure.CimException: WinRM cannot process the request. The following error with error code 0x8009030e occurred while using Negotiate authentication:
A specified logon session does not exist. It may already have been terminated.
This can occur if the provided credentials are not valid on the target server, or if the server identity could not be verified.
If you trust the server identity, add the server name to the TrustedHosts list, and then retry the request. Use winrm.cmd to view or edit the TrustedHosts list.
Note that computers in the TrustedHosts list might not be authenticated. To learn how to edit the TrustedHosts list, run the following command: winrm help config.
at SolarWinds.APM.Probes.Management.WinRM.Commands.SelectCommand.ToQueryResultLists(IEnumerable`1 cimInstances)
at SolarWinds.APM.Probes.Management.WinRM.Commands.SelectCommand.Execute(WinRmConnection connection)
at SolarWinds.APM.Probes.Management.ManagementDataFetcher.ExecuteSelectCommand(IManagementConnection connection, SelectQuery wqlQuery)
at SolarWinds.APM.Probes.Management.ManagementDataFetcher.Fetch[TResult](Func`2 fetchingAction, Func`2 fallbackAction)
If an application log includes this error, follow the troubleshooting steps in the message. The following links may also be helpful (© 2020 Microsoft Corp., available at docs.microsoft.com and support.microsoft.com, obtained on March 11, 2020):
- Installation and Configuration for Windows Remote Management
- Test-WSMan (Use a cmdlet to test if WinRM is running on local or remote servers.)
- How to troubleshoot connectivity issues in MS DTC by using the DTCPing tool (Use a tool to test RPC communication between two computers.)
The following log file contains information and errors related to the WinRM configuration process:
Starting in SAM 2020.2, the WinRM feature is enabled all Windows network nodes added to the Orion Platform by default, regardless of whether you upgraded from an earlier version or are new to SAM. Use the procedures in this section to disable WinRM polling, if necessary.
To disable WinRM polling on a target node:
- Navigate to the relevant Node Details view and click Edit Node.
- When the Edit Properties page opens, scroll down and clear the Enable WinRM check box.
- Click Submit to save your changes.
The WinRM feature is enabled on the Orion server in SAM 2020.2, by default. To disable this functionality at the global level, adjust APM.WMI.Settings on the Advanced Configuration page.
- Log into the Orion server as an administrator.
- Use the Orion Service Manager to stop all Orion services.
- Copy the following text:
- Paste text into your browser address bar, after
/Orion, as shown in this example.
<your product server>/Orion/Admin/AdvancedConfiguration/Global.aspx
- On the Global tab of the Advanced Configuration page, scroll down to APM.WMI.Settings.
- Clear the WinRemoteManagementforWmiEnabled check box, and then scroll down to click Save.
- Restart Orion services in the Orion Service Manager, and then wait a few minutes for changes to occur