What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

Probing windows updates on a standalone server from a domain server



We have the check for windows updates running on all of our windows servers. We have a few of them standing as standalone servers in the DMZ, ie. they are not in our AD. If I try and check their Windows update status I get a very long error: Connecting to remote server xxxxxxxx failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

I've set up seperate authentication in the host object in PRTG, and I've created a local admin with correspondig username / password in the stand-alone server?

dmz updates windows

Created on Aug 28, 2018 9:53:02 AM

1 Reply



Hi Fribse,

I'm afraid it's not possible to use the Windows Update Sensor outside of domains as Kerberos only accepts domain user names, but not local user names.

The only workaround I see is installing a Remote Probe directly on these servers, so the execution of the sensor is running in the local security context.

For more information about setting up Remote Probes, please have a look here: https://www.paessler.com/manuals/prtg/remote_probe_quick_install

I hope this helps :)

Andreas Günther
Tech Support, Paessler AG

Created on Aug 30, 2018 9:14:58 AM by  Andreas Günther [Paessler Support]

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.