Windows Performance Counters use RPC for communication which runs over TCP port 445. Once you add this rule to the firewall these components should come up.
... however opening port 445 is equivalent to enabling the stock "File and Printer Sharing (SMB-In)" Windows firewall rule - which has wide ranging security implications, and should be done with great care given that the consensus is on blocking that port unless there's a specific need for it. In response to my question about tightening down the attack surface of that exception, aLTeReGo answered:
If you are concerned about opening TCP Port 445, then I would suggest either configuring the Windows Firewall, router access control lists, or Firewall policies to only allow TCP Port 445 traffic from the Orion server to that host. Alternatively, you could install the Orion Agent on that machine and not open any ports to that host.
... none of which appears a sound policy to me for various reasons - I'd rather limit traffic to a service than to an IP address (the latter don't work well as a policy and don't travel across subnets), and using agents only adds to the unknowns.
So while an inbound TCP Port 445 firewall exception (equivalent to the stock "File and Printer Sharing (SMB-In)" Windows firewall rule) does resolve the immediate issue, it leaves a rather significant question unanswered:
How to restrict the exception to Performance Counters traffic only, and how to make the exception work well as a security policy that also does not interfere with other SMB-related exceptions or block?