Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Server & Application Monitor (SAM) > SAM - Knowledgebase Articles > Certificate issues with Orion agents

Certificate issues with Orion agents

Created by Anthony.Rinaldi_ret, last modified by Andy Ng on Dec 07, 2017

Views: 1,848 Votes: 1 Revisions: 3

Updated June 8, 2016


You provisioned a running Orion agent, but its certificate is broken or missing from the Windows certificate store.

Using the Repair option on the SolarWinds Agent entry in Control Panel > Programs and Features does not restore the agent certificate.


  • SAM 6.2.4 and later


Deploy the agent again, or run the MSI installation file and select the Repair option.



Your Orion agent is not running correctly. The agents logs indicate a certificate issue.


  • SAM 6.2.4 and later


  1. Click Start > Run, and enter gpedit.msc to open the Local Group Policy Editor.
  2. Go to Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.
  3. Check the SSL Cipher Suite Order setting. The recommended value is Not configured.

If your computer does not have a Security Policy, you must run the Windows Security Policy Wizard. This wizard starts automatically after rebooting the computer.



- Orion Agents are running on the respective servers
- Errors in C:\ProgramData\Solarwinds\Logs\AgentManagement\AgentManagement.Service.log

2017-12-01 15:50:54,373 [7] ERROR SolarWinds.AgentManagement.Messaging.Core.Service.Server.StandaloneWebSocketsServer - Client 00000000-0000-0000-0000-000000000000 from 10.x.x.x attempted to connect to standalone WebSockets endpoint with invalid certificate. Invalid certificate chain.
2017-12-01 15:50:54,389 [86] INFO  SolarWinds.AgentManagement.Messaging.Core.Service.Server.StandaloneWebSocketsServer - Attempt to connect to WebSockets endpoint from 10.x.x.x does not have proper ClientId parameter. Connection won't be registered. Value: 


  • SAM 6.2.4 and later


1. Find and Remove "Solarwinds-Orion" certificates in "Trusted Publishers" store or "Trusted Root Certificate Authority" on the Orion machine
- Start > Run > mmc
- File > Add/Remove Snap-ins
- Click on "Certificates", "Add" - and Certificates will move under "Selected snap-ins"

- Click "OK"
- Looked under:
"Trusted Publishers"
"Trusted Root Certificate Authority"

2. Remove "Solarwinds-Orion" certificate under:

** DO NOT REMOVE other SolarWinds certificates

"Trusted Publishers"
"Trusted Root Certificate Authority"

3. Restart "Orion Module Engine" via "Orion Service Manager"

4. Most of the Agents should automatically come online and get connected, but for those that don't:

- Uninstall the Agent from their respective server

- Redeploy the Agents


Last modified