I have installed icinga agent 13.6 on our domain controllers. With the check_service query for the service NTDS I only get the Output Access Denied. Via Powershell the command can be executed successfully. Have any of you had this experience before?
I do not assume a bug in the agent version. The service is running as a local system user.
I’m not super knowledgeable with Windows user rights management but you can use a more privileged user to run the Icinga2 Service.
The icinga service is installed to run as user NetworkService by default and this user does not have the privilege to query services. When you run the command via powershell the plugin is executed as the user you are logged on e.g. Administrator.
i have taken a closer look at the problem. If the host has the master as check source the query works. If I use a satellite as check source the check fails as mentioned above.
I was able to solve the problem by starting the service not as a network service but as a Local System account.