Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Network Performance Monitor (NPM) > Troubleshoot Solarwinds agents and certificates in NPM 12

Troubleshoot Solarwinds agents and certificates in NPM 12

Table of contents
  1. Overview
  2. Environment
  3. Steps
Created by Milton Harris, last modified by Nanette.Neal on Sep 12, 2017

Views: 53 Votes: 1 Revisions: 8

Updated June 22, 2017

Overview

This article describes how to determine if the certificates bind and connect to a SolarWinds agent and to determine which database tables are defined in the agent provision file.

The SolarWinds Orion certificate is either in MD5 or SHA1 and should match with the SolarWinds agent provision file that signs it. 

The SolarWinds agent provision file is defined in the database through the following tables:

  • AgentMgmtPcks12Certificates
  • AgentMangement_Agents
  • AgentMangement_Certificates

Environment

NPM 12.0

Steps

Perform the following steps to verify that the certificate and agent matches:

  1. Open the Microsoft Management Console and load the certificate snap-ins.
  2. On the left pane, expand Personal and click Certificates.
  3. Double-click the SolarWinds-Orion certificate of the SolarWinds agent provision file on the right pane.
  4. Click the Details tab to verify if the certificate is in MD5 or SHA-1.

 

Perform the following steps to determine the defined tables in the SolarWinds Agent Provision file:

  1. Execute the following query: 
    SELECT TOP 1000 * FROM [dbo].[AgentManagement_Pkcs12Certificates]
  2. Open the Microsoft Management Console and load the certificate snap-ins.
  3. Delete the Provisioning Certificate for SolarWinds row.
  4. Restart the Orion Module Engine.
    A new SolarWinds Agent Provision - xxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxx file will be spawned for the certificate signage.
  5. Double-click on the spawned certificate to view the details.
  6. Make sure that it matches the SHA-1 thumbprints and serial numbers.
  7. Go to the Orion Web Console > Manage Agents and you should see that the agent is attempting to make a connection (http://<orionservername>/Orion/AgentManagement/Admin/ManageAgents.aspx).
    The agent status should show like the following:
  8. If the status is different, go to this path on the TARGET machine C:\ProgramData\Solarwinds\Logs\Agent\.
  9. Open the latest SolarWinds.Agent.Service.exe xxxxx.xxxx.log file in Notepad.
  10. Search for loadcert and the result will be the following:
    loadCertificate - added Agent certificate to SSL store
    If the cipher is working, then you will see something like the following: 
    handshake info : cipher name [ECDHE-RSA-AES256-SHA], cipher version [TLSv1/SSLv3]
    If the cipher is not working, then you will see something like cipher: NULL.

If the SolarWinds agent is not set to auto =-update, the MSI installer will not be able to find the temp cache file to uninstall. See Fix problems that block programs from being installed or removed if you run into this issue. Perform the following to force the old installer to update: 

  1. Establish a remote desktop connection to each of the servers.
  2. Run MSI Fix on each server.
  3. Go to C:\programdata\SolarWinds\agent\plugins
  4. Run the MSI package.
  5. Check the console to see if the agent updates to 1.5

 

Last modified
14:33, 12 Sep 2017

Tags

Classifications

Public
Powered by MindTouch ®