Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Server & Application Monitor (SAM) > Certificate issues with Orion agents

Certificate issues with Orion agents

Created by Anthony.Rinaldi_ret, last modified by Andy Ng on Dec 07, 2017

Views: 1,599 Votes: 1 Revisions: 3

Updated June 8, 2016


You provisioned a running Orion agent, but its certificate is broken or missing from the Windows certificate store.

Using the Repair option on the SolarWinds Agent entry in Control Panel > Programs and Features does not restore the agent certificate.


  • SAM 6.2.4 and later


Deploy the agent again, or run the MSI installation file and select the Repair option.



Your Orion agent is not running correctly. The agents logs indicate a certificate issue.


  • SAM 6.2.4 and later


  1. Click Start > Run, and enter gpedit.msc to open the Local Group Policy Editor.
  2. Go to Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.
  3. Check the SSL Cipher Suite Order setting. The recommended value is Not configured.

If your computer does not have a Security Policy, you must run the Windows Security Policy Wizard. This wizard starts automatically after rebooting the computer.



- Orion Agents are running on the respective servers
- Errors in C:\ProgramData\Solarwinds\Logs\AgentManagement\AgentManagement.Service.log

2017-12-01 15:50:54,373 [7] ERROR SolarWinds.AgentManagement.Messaging.Core.Service.Server.StandaloneWebSocketsServer - Client 00000000-0000-0000-0000-000000000000 from 10.x.x.x attempted to connect to standalone WebSockets endpoint with invalid certificate. Invalid certificate chain.
2017-12-01 15:50:54,389 [86] INFO  SolarWinds.AgentManagement.Messaging.Core.Service.Server.StandaloneWebSocketsServer - Attempt to connect to WebSockets endpoint from 10.x.x.x does not have proper ClientId parameter. Connection won't be registered. Value: 


  • SAM 6.2.4 and later


1. Find and Remove "Solarwinds-Orion" certificates in "Trusted Publishers" store or "Trusted Root Certificate Authority" on the Orion machine
- Start > Run > mmc
- File > Add/Remove Snap-ins
- Click on "Certificates", "Add" - and Certificates will move under "Selected snap-ins"

- Click "OK"
- Looked under:
"Trusted Publishers"
"Trusted Root Certificate Authority"

2. Remove "Solarwinds-Orion" certificate under:

** DO NOT REMOVE other SolarWinds certificates

"Trusted Publishers"
"Trusted Root Certificate Authority"

3. Restart "Orion Module Engine" via "Orion Service Manager"

4. Most of the Agents should automatically come online and get connected, but for those that don't:

- Uninstall the Agent from their respective server

- Redeploy the Agents


Last modified