Certificate exchange via Kickstart ifw fails

Hello everyone,

I am currently trying to create hosts via a kickstart script for ifw.
The host itself is also created via the Powershellscript.
When the agent is to be installed and registered, I get the following error message.
“[Notice]: Host was successfully registered in Icinga Director
[Error]: The certificate ticket for this host could not be retrieved via the Self-Service API. Please check that your Icinga CA is running, that you have configured a TicketSalt and that
that your Icinga Director has sufficient permissions to communicate with the Icinga 2 API to generate tickets.”
Please check that your Icinga CA is running, that you have configured a TicketSalt and that your Icinga Director has sufficient permissions to communicate with the Icinga 2 API to generate tickets."
What am I doing wrong, what data is needed for troubleshooting?
Basically I can create hosts via the script as long as they are not on the internet.
So if I create a Windows host in the LAn it is no problem.
I am using Icinga in an HA version
All modules and Icinga are up to date.

If it works in the LAN but not from the internet, then it’s a firewall and or routing problem.
If you can access the director from the internet as stated above maybe you could also access the icinga2 API via port 5665.

I personalty wouldn’t expose them to the internet and I setup the hosts in the DMZ manually.

Thank you for your answer.
I managed to fix the error on my own.
The players can now report to the director…

Hey there,
it would be super helpful, if you could write a summary of what helped and marked this as the solution. This way users with a similar problem can solve their issues a lot easier. Thank you!

My solution to the problem was to create a new API key for the template. After that it worked and I could at least partially integrate the hosts.
Yes, after that another error occurred, but I was able to solve it by adjusting the zones.conf on the agent/client.