What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

PRTG Windows Updates sensor with servers NOT in domain



Hi, I have been trying to get the windows updates sensor working for windows servers. We are hosting several windows machines for customers that are NOT part of a domain. Our PRTG server can connect to all those servers through a management gateway, but I have not been able to get the windows updates sensor working.

Only when putting a remote probe on the machines themselfs this sensor is working, but thats not what i want. I thought that the latest PRTG release would be able to support this. Is there a guideline for the steps to take to get this working?

powershell prtg windows-update-status

Created on Apr 23, 2021 8:57:18 AM

3 Replies



Hi Erik,

I'm afraid there is no guide yet. With version 21.1.66 it is possible to use this sensor for devices which are not part of a domain. For this you will need to select the option Negotiate authentication in point Authentication Method. For more detailed information, I would recommend to check out the manual page for this sensor.

Kind regards

Felix Wiesneth - Team Tech Support

Created on Apr 27, 2021 8:10:05 AM by  Felix Wiesneth [Paessler Support]



After another day of trying, I figured it out:
Here are the steps needed to get it working for servers not in a domain:

All commands need to be entered in powershell as Administrator

To configure Windows PowerShell for remoting, type the following command:

Enable-PSRemoting –force

Also on the remote server you need to set the server with the PRTG-probe as a trusted machine:

Set-Item WSMan:\localhost\Client\TrustedHosts -value 10.X.X.X

In my case, the ip-adres is the management gateway or router ip through which the PRTG connects, so not just the ipadres of the PRTG server itself.

just in case I did a winRM service restart in powershell :

 Restart-Service WinRM

On the PRTG-probe server:
To enable authentication from the PRTG-probe, you need to add the remote computer to the list of trusted hosts for the local computer in WinRM. To do so, type:

winrm quickconfig
set-item WSMan:\localhost\Client\TrustedHosts -Value "172.X.X.*" -Concatenate
set-item WSMan:\localhost\Client\TrustedHosts -Value "172.X.X.*" -Concatenate

In this example I trust hosts in these subnets. You can offcourse also just add the ipadresses of the servers. The concatenate command on the back is to allow a new ipadres or subnet without deleting the other allready entered ip-adresses

Restart-Service WinRM

To check ip-adresses that are trusted:

Get-Item WSMan:\localhost\Client\TrustedHosts

Furthermore: in the PRTG for the sensor to work on a windows machine, you need to enter the windows-machine credentials WITH the computername as the domain.
So every windows machine needs its own credentials, you cannot use the root with credentials to work on all servers. that doesnt work.
And the sensors need to have Negotiate authentication NOT the default Kerberos authentication

I am not entirely sure if this works in every situation, but it works for me, so yeah, great to have this sensor added and working now.

Created on Apr 28, 2021 2:47:02 PM

Last change on Apr 28, 2021 7:05:40 PM by  Felix Wiesneth [Paessler Support]



Hello Erik,

Thank you for sharing!

Kind regards

Felix Wiesneth - Team Tech Support

Created on Apr 28, 2021 7:06:25 PM by  Felix Wiesneth [Paessler Support]

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.