I have installed icinga agent 13.6 on our domain controllers. With the check_service query for the service NTDS I only get the Output Access Denied. Via Powershell the command can be executed successfully. Have any of you had this experience before?
I do not assume a bug in the agent version. The service is running as a local system user.
I’m not super knowledgeable with Windows user rights management but you can use a more privileged user to run the Icinga2 Service.
The icinga service is installed to run as user NetworkService by default and this user does not have the privilege to query services. When you run the command via powershell the plugin is executed as the user you are logged on e.g. Administrator.