A new service that can break installs
Overview
Starting with SolarWinds Platform 2024.4, a sneaky addition was added to the requirements list through a single mention of a new entry in the Required Ports section of that document: TCP Port 17732 for the Certificate Management Service
The only other mention of this service is found in the 2024.4 release notes in the Known issues section regarding a conflict between Microsoft ASP.NET Core and Microsoft .NET Runtime versions
What these documents fail to mention is that a new service is also installed along with this port requirement with a Service Name of ‘SolarWindsCertificateManagementService’ and a display name of ‘SolarWinds Certificate Management Service’.
The executable for this service is located here:
<INSTALL_LOCATION>\SolarWinds\Orion\Net\SolarWinds.CertificateManagement.Service.exe
With the increased security posture on most SolarWinds servers after the Sunburst incident, most systems are locked down to only allow a subset of executables. If this is the case, this service will need to be added to your list prior to upgrading past the 2024.2 Platform.
This issue will present post upgrade to 2024.4 or newer versions while running the config wizard with log entries to include (ConfigurationWizard.log excerpt):
2025-04-08 23:17:24,802 [18] DEBUG AssemblyTypesProvider - SolarWinds.ConfigurationWizard.Plugin.Orion.ConfigureCertificateManagement
2025-04-08 23:25:54,021 [28] DEBUG ExecutionEngine - Scheduling 17 tasks:
Orion.AddHostNameToIeIntranetZone | Adding host name to intranet zone
Orion.ConfigureCertificateManagement | Configuring Certificate Management
2025-04-08 23:25:54,021 [31] TRACE TaskAdapter - [Orion.ConfigureCertificateManagement | Configuring Certificate Management] Waiting for lock to set InProgress state.
2025-04-08 23:25:54,037 [31] TRACE TaskAdapter - [Orion.ConfigureCertificateManagement | Configuring Certificate Management] Locked to set InProgress state.
2025-04-08 23:25:54,087 [31] INFO TaskAdapter - Starting task Orion.ConfigureCertificateManagement Configuring Certificate Management...
2025-04-08 23:25:54,118 [31] DEBUG TaskAdapter - Orion.ConfigureCertificateManagement [ 0.0%]:
2025-04-08 23:25:55,446 [31] INFO ConfigureCertificateManagement - Service SolarWindsCertificateManagementService successfully started.
2025-04-08 23:25:55,899 [31] DEBUG ConfigureCertificateManagement - Calling gRPC method for health check status retrieval.
2025-04-08 23:26:00,134 [15] WARN ConfigureCertificateManagement - Transient failure of certificate management configuration, retry attempt 1 after 30 seconds.
Grpc.Core.RpcException: Status(StatusCode="Unavailable", Detail="Error starting gRPC call. HttpRequestException: An error occurred while sending the request. WebException: Unable to connect to the remote server SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:17732", DebugException="System.Net.Http.HttpRequestException: An error occurred while sending the request.") ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:17732
2025-04-08 23:26:30,213 [14] DEBUG ConfigureCertificateManagement - Calling gRPC method for health check status retrieval.
2025-04-08 23:26:34,286 [13] WARN ConfigureCertificateManagement - Transient failure of certificate management configuration, retry attempt 2 after 30 seconds.
Grpc.Core.RpcException: Status(StatusCode="Unavailable", Detail="Error starting gRPC call. HttpRequestException: An error occurred while sending the request. WebException: Unable to connect to the remote server SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:17732", DebugException="System.Net.Http.HttpRequestException: An error occurred while sending the request.") ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:17732
2025-04-08 23:27:04,339 [14] DEBUG ConfigureCertificateManagement - Calling gRPC method for health check status retrieval.
2025-04-08 23:27:08,382 [13] WARN ConfigureCertificateManagement - Transient failure of certificate management configuration, retry attempt 3 after 30 seconds.
Grpc.Core.RpcException: Status(StatusCode="Unavailable", Detail="Error starting gRPC call. HttpRequestException: An error occurred while sending the request. WebException: Unable to connect to the remote server SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:17732", DebugException="System.Net.Http.HttpRequestException: An error occurred while sending the request.") ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:17732
2025-04-08 23:27:38,406 [17] DEBUG ConfigureCertificateManagement - Calling gRPC method for health check status retrieval.
2025-04-08 23:27:42,445 [13] ERROR TaskAdapter - Error running task Orion.ConfigureCertificateManagement Configuring Certificate Management
Grpc.Core.RpcException: Status(StatusCode="Unavailable", Detail="Error starting gRPC call. HttpRequestException: An error occurred while sending the request. WebException: Unable to connect to the remote server SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:17732", DebugException="System.Net.Http.HttpRequestException: An error occurred while sending the request.") ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:17732
2025-04-08 23:27:42,445 [13] TRACE TaskAdapter - [Orion.ConfigureCertificateManagement | Configuring Certificate Management] Waiting for lock to set Failed state.
2025-04-08 23:27:42,445 [13] TRACE TaskAdapter - [Orion.ConfigureCertificateManagement | Configuring Certificate Management] Locked to set Failed state.
2025-04-08 23:27:42,445 [13] DEBUG TaskAdapter - Orion.ConfigureCertificateManagement [100.0%]:
2025-04-08 23:27:42,445 [13] INFO TaskAdapter - Finished task Orion.ConfigureCertificateManagement Configuring Certificate Management [00:01:48.3359553].
2025-04-08 23:27:42,461 [13] ERROR ExecutionEngine - Task Orion.ConfigureCertificateManagement failed. Configuration Wizard has been canceled. Aborting...
2025-04-08 23:27:42,461 [13] WARN ExecutionEngine - Configuration Wizard has been canceled. Aborting...
2025-04-08 23:27:42,464 [13] TRACE ExecutionEngine - Waiting for abort lock.
2025-04-08 23:27:42,464 [13] TRACE ExecutionEngine - Locked for abort.
2025-04-08 23:27:42,464 [13] INFO ExecutionEngine - No tasks in progress. Aborting run.
2025-04-08 23:27:42,464 [13] TRACE ExecutionEngine - Releasing lock after abort.
2025-04-08 23:27:42,476 [18] INFO ConfigurationProgressScene - Configuration Wizard Task Execution Summary
======================================================================
[00:07:18.9170800] [00:07:07.6355613] [54.3%] Orion.ConfigureDatabase - SolarWinds Platform Database - Succeeded
[00:01:48.3359553] [00:00:57.0074836] [13.4%] Orion.ConfigureCertificateManagement - Configuring Certificate Management - FailedThis ultimately will cause the Configuration Wizard to fail with a similar message:
Error running task Orion.ConfigureCertificateManagement Configuring Certificate Management
Grpc.Core.RpcException: Status(StatusCode="Unavailable", Detail="Error starting gRPC call. HttpRequestException: An error occurred while sending the request. WebException: Unable to connect to the remote server SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:17732The Certificate Manager Service does not appear to have its own installer so a repair or reinstall of the Platform would be required to resolve this error once the underlying issue with the failure is addressed.
If you run into similar issues and want assistance in resolving these or other SolarWinds Consulting or Professional Service oriented activities, reach out to Tobias International and let us get working for you! We can also take the guess work out of your upgrades and daily operations through our ROA Managed Services.
