Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Server & Application Monitor (SAM) > SAM - Knowledgebase Articles > Certificate issues with Orion agents

Certificate issues with Orion agents

Created by Anthony.Rinaldi_ret, last modified by Andy Ng on Dec 07, 2017

Views: 2,148 Votes: 1 Revisions: 3

Updated June 8, 2016


You provisioned a running Orion agent, but its certificate is broken or missing from the Windows certificate store.

Using the Repair option on the SolarWinds Agent entry in Control Panel > Programs and Features does not restore the agent certificate.


  • SAM 6.2.4 and later


Deploy the agent again, or run the MSI installation file and select the Repair option.



Your Orion agent is not running correctly. The agents logs indicate a certificate issue.


  • SAM 6.2.4 and later


  1. Click Start > Run, and enter gpedit.msc to open the Local Group Policy Editor.
  2. Go to Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.
  3. Check the SSL Cipher Suite Order setting. The recommended value is Not configured.

If your computer does not have a Security Policy, you must run the Windows Security Policy Wizard. This wizard starts automatically after rebooting the computer.



- Orion Agents are running on the respective servers
- Errors in C:\ProgramData\Solarwinds\Logs\AgentManagement\AgentManagement.Service.log

2017-12-01 15:50:54,373 [7] ERROR SolarWinds.AgentManagement.Messaging.Core.Service.Server.StandaloneWebSocketsServer - Client 00000000-0000-0000-0000-000000000000 from 10.x.x.x attempted to connect to standalone WebSockets endpoint with invalid certificate. Invalid certificate chain.
2017-12-01 15:50:54,389 [86] INFO  SolarWinds.AgentManagement.Messaging.Core.Service.Server.StandaloneWebSocketsServer - Attempt to connect to WebSockets endpoint from 10.x.x.x does not have proper ClientId parameter. Connection won't be registered. Value: 


  • SAM 6.2.4 and later


1. Find and Remove "Solarwinds-Orion" certificates in "Trusted Publishers" store or "Trusted Root Certificate Authority" on the Orion machine
- Start > Run > mmc
- File > Add/Remove Snap-ins
- Click on "Certificates", "Add" - and Certificates will move under "Selected snap-ins"

- Click "OK"
- Looked under:
"Trusted Publishers"
"Trusted Root Certificate Authority"

2. Remove "Solarwinds-Orion" certificate under:

** DO NOT REMOVE other SolarWinds certificates

"Trusted Publishers"
"Trusted Root Certificate Authority"

3. Restart "Orion Module Engine" via "Orion Service Manager"

4. Most of the Agents should automatically come online and get connected, but for those that don't:

- Uninstall the Agent from their respective server

- Redeploy the Agents


Last modified