Director and Windows agent deployment

I hope someone can help. I’m currently building a POV environment of Icinga on Ubuntu 18. The aim is to monitor Windows, Linux and hardware via SNMP.
I’ve managed to install Icinga2, Director, and Grafana. Generally speaking the core components seem fine. I’ve built some basic host and service templates, through which I’ve remotely monitored services like SSH, HTTP, performed pings etc. I’ve also managed to successfully use the agent on a test Linux server.
Unfortunately I just can’t seem to get the Windows agent installation to work. I’m trying to use a Host Template to set the Self Service API parameters and then use the powershell install script. Unfortunately the agent never seems to connect even though the install completes. I’ve read lots of documentation on the topic but the more I read the less clear the whole thing becomes. Hence this post. I’ve been at the build now for two weeks I need to finish it.

I hope someone can assist.

My current powershell script looks like this;

$icinga = Icinga2AgentModule -DirectorUrl 'https://myserverfqdn/icingaweb2/director/' -DirectorAuthToken '88fb419b8b758b87f76cc432fbb0235e66c36c7c' -IgnoreSSLErrors -Debugmode -RunInstaller;

Output is as follows;

Notice: Started script run...
"ebug: Processing Director API config argument "fetch_agent_name: false
"ebug: Processing Director API config argument "fetch_agent_fqdn: true
"ebug: Processing Director API config argument "transform_hostname: 1
"ebug: Processing Director API config argument "flush_api_directory: true
"ebug: Processing Director API config argument "director_host_object: {"address":"&ipaddress&","display_name":"&hostname.lowerCase&"}
"ebug: Processing Director API config argument "download_url: \\XXXX\XXXXXX\Icinga\selfservice_api
"ebug: Processing Director API config argument "agent_version: 2.11.2
"ebug: Processing Director API config argument "allow_updates: true
"ebug: Processing Director API config argument "agent_listen_port: 5665
"ebug: Processing Director API config argument "install_nsclient: true
Notice: Connected successfully to Icinga Director Self-Service API over API token.
Debug: Setting "global_zones" to default "director-global" and "global-templates"
Debug: Setting "accept_config" to default "true"
Notice: Setting internal Agent Name to "XXXXX.XXX.XXXX.XXXm"
Notice: Trying to fetch Host IP-Address for hostname: XXXXX.XXX.XXXX.XXXm
Notice: Setting IP xxx.xxx.xxx.xxx as primary IP for this host for all requests. Access it with &ipaddress& for all JSON requests.
Notice: Transforming Agent Name to XXXXX.XXX.XXXX.XXXm
Notice: Using Icinga version "", setting certificate directory to "C:\ProgramData\icinga2\etc\icinga2\pki"
Warning: Icinga 2 Agent does not seem to be installed on the system
Notice: Installing Icinga 2 Agent from local directory
Warning: Icinga 2 Agent Installer verification disabled.
Notice: Installing Icinga 2 Agent
Notice: Icinga 2 Agent installed.
Notice: Using Icinga version "2.11.2", setting certificate directory to "C:\ProgramData\icinga2\var\lib\icinga2\certs"
Notice: Found Icinga 2 Agent version 2.11.2 installed at "C:\Program Files\ICINGA2\"
Notice: Creating host "XXXXX.XXX.XXXX.XXXm" over API token inside Icinga Director.
Notice: Writing host API-Key "8ef379e782976bb4543e059f575c9d107ca361f1" to "C:\ProgramData\icinga2\etc\icinga2\icingadirector.token"
"ebug: Processing Director API config argument "fetch_agent_name: false
Debug: Skipping overriding of 'fetch_agent_name', as set by script. [False]
"ebug: Processing Director API config argument "fetch_agent_fqdn: true
Debug: Skipping overriding of 'fetch_agent_fqdn', as set by script. [True]
"ebug: Processing Director API config argument "transform_hostname: 1
Debug: Skipping overriding of 'transform_hostname', as set by script. [1]
"ebug: Processing Director API config argument "flush_api_directory: true
Debug: Skipping overriding of 'flush_api_directory', as set by script. [True]
"ebug: Processing Director API config argument "director_host_object: {"address":"&ipaddress&","display_name":"&hostname.lowerCase&"}
Debug: Skipping overriding of 'director_host_object', as set by script. [{"address":"&ipaddress&","display_name":"&hostname.lowerCase&"}]
"ebug: Processing Director API config argument "download_url: \\\\xxxx\xxx\Icinga\selfservice_api
Debug: Skipping overriding of 'download_url', as set by script. [\\xxxx\xxxx\Icinga\selfservice_api]
"ebug: Processing Director API config argument "agent_version: 2.11.2
Debug: Skipping overriding of 'agent_version', as set by script. [2.11.2]
"ebug: Processing Director API config argument "allow_updates: true
Debug: Skipping overriding of 'allow_updates', as set by script. [True]
"ebug: Processing Director API config argument "agent_listen_port: 5665
Debug: Skipping overriding of 'agent_listen_port', as set by script. [5665]
"ebug: Processing Director API config argument "install_nsclient: true
Debug: Skipping overriding of 'install_nsclient', as set by script. [True]
"ebug: Processing Director API config argument "agent_add_firewall_rule: true
"ebug: Processing Director API config argument "global_zones: director-global!global-templates
Debug: Skipping overriding of 'global_zones', as set by script. [director-global global-templates]
"ebug: Processing Director API config argument "parent_zone: XXXXXXX
"ebug: Processing Director API config argument "ca_server: XXXXXXX
"ebug: Processing Director API config argument "parent_endpoints: XXXXXXX
"ebug: Processing Director API config argument "accept_config: true
Debug: Skipping overriding of 'accept_config', as set by script. [True]
Notice: Successfully fetched configuration for this host over Self-Service API.
Notice: Fetched ticket "1a001ee5b990f1257c208f0d79899e7b4958947c" from Icinga Director
Notice: Generating Host certificates required by Icinga 2
Notice: information/base: Writing private key to 'C:\ProgramData\icinga2\var\lib\icinga2\certs\w10-094.nt.doehle-iom.com.key'.
information/base: Writing X509 certificate to 'C:\ProgramData\icinga2\var\lib\icinga2\certs\w10-094.nt.doehle-iom.com.crt'.
Notice: Storing Icinga 2 certificates
Notice: information/cli: Retrieving X.509 certificate for 'XXXXXXX:5665'.

 Subject:     CN = XXXXXXX
 Issuer:      CN = Icinga CA
 Valid From:  Jan 15 08:04:28 2020 GMT
 Valid Until: Jan 11 08:04:28 2035 GMT
 Fingerprint: 5C FB AF 35 80 87 BC 71 25 A8 AC C1 F1 B9 85 71 F8 5D 01 CB

***
*** You have to ensure that this certificate actually matches the parent
*** instance's certificate in order to avoid man-in-the-middle attacks.
***

information/pki: Writing certificate to file 'C:\ProgramData\icinga2\var\lib\icinga2\certs\trusted-master.crt'.
Notice: Certificate fingerprint: "5CFBAF358087BC7125A8ACC1F1B98571F85D01CB"
Warning: CA fingerprint validation disabled
Notice: Requesting Icinga 2 certificates
Notice: information/cli: Writing CA certificate to file 'C:\ProgramData\icinga2\var\lib\icinga2\certs\ca.crt'.
information/cli: !!!!!!
information/cli: !!! Certificate request for CN 'XXXXX.XXX.XXXX.XXXm' is pending. Waiting for approval from the parent Icinga instance.
information/cli: !!!!!!
Debug: Old Config Hash: "5664402221322331521711726681371182441222332311675872" New Hash: "7159237172052032208161881262464623316353217278570"
Notice: Icinga 2 configuration backup successfull
Notice: Writing icinga2.conf to "C:\ProgramData\icinga2\etc\icinga2\"
Notice: Icinga 2 configuration check successfull.
Notice: Trying to disable debug log for Icinga 2...
Notice: Icinga 2 debug log is not enabled or configuration not found
Notice: Trying to enable logging for Icinga 2...
Notice: Icinga 2 logging is already enabled or configuration not found
Notice: Trying to install Icinga 2 Agent Firewall Rule for port 5665
Notice: Icinga 2 Agent Firewall Rule already installed. Trying to remove it to add it again...
Notice: Icinga 2 Agent Firewall Rule has been removed. Re-Adding now...
Notice: Icinga 2 Agent Firewall Rule successfully installed for port 5665
Notice: Trying to install and configure NSClient++ from "C:\Program Files\ICINGA2\sbin\NSCP.msi"
Notice: NSClient++ is already installed on the system.
Notice: NSClient++ Firewall Rule is not installed
Notice: NSClient++ Service is not installed
Notice: Restarting service icinga2
Notice: Icinga 2 Agent successfully restarted.
Debug: Dumping properties...
Debug:
Name                           Value
----                           -----
install_msi_package            Icinga2-v2.11.2-x86_64.msi
director_host_token            8ef379e782976bb4543e059f575c9d107ca361f1
certs_created                  True
new_icinga_config              /**...
initialized                    True
icinga_host_exist              False
ipv6_count                     2
ipaddressV6                    fe80::3d59:f4b6:8fa5:6f00%12
generate_config                true
cur_install_dir                C:\Program Files\ICINGA2\
require_restart
system_architecture            x86_64
agent_version                  2.11.2
icinga2_agent_version          {2, 11, 2}
cert_dir                       C:\ProgramData\icinga2\var\lib\icinga2\certs
uninstall_id                   /X{C88D83DE-154D-4846-8D33-1A12A01EC702}
ipaddress                      xxx.xxx.xxx.xx
ipaddress[0]                   169.254.111.0
icinga_ticket                  1a001ee5b990f1257c208f0d79899e7b4958947c
use_self_service_api           True
endpoint_nodes                 "XXXXXXX"
fqdn                           XXXXX.XXX.XXXX.XXXm
ipaddress[1]                   169.254.111.0
config_dir                     C:\ProgramData\icinga2\etc\icinga2\
ipv4_count                     2
endpoint_objects               object Endpoint "XXXXXXX" {...
ipaddressV6[1]                 fe80::5462:7910:aefa:4dd2%11
icinga_director_api_version    1.4.0
global_zones                   object Zone "director-global" {...
use_new_cert_dir               True
old_icinga_config              /**...
ipaddressV6[0]                 fe80::3d59:f4b6:8fa5:6f00%12
hostname                       WXXXXXm
local_hostname                 XXXXX.XXX.XXXX.XXXm
api_dir                        C:\ProgramData\icinga2\var\lib\icinga2\api



Debug: Dumping config...
Debug:
Name                           Value
----                           -----
director_domain
director_user
nsclient_directory
director_deploy_config         False
accept_config                  True
parent_zone                    XXXXXXX
director_auth_token            88fb419b8b758b87f76cc432fbb0235e66c36c7c
transform_hostname             1
agent_install_directory
module_log_file
icinga_enable_debug_log        False
agent_version                  2.11.2
full_uninstallation            False
agent_add_firewall_rule        True
director_host_object           {"address":"&ipaddress&","display_name":"&hostname.lowerCase&"}
fetch_agent_fqdn               True
force_cert                     False
nsclient_add_defaults          False
icinga_disable_log             False
install_nsclient               True
ticket
debug_mode                     True
nsclient_firewall              False
ignore_ssl_errors              True
director_url                   https://XXXXXXX/icingaweb2/director/
ca_server                      XXXXXXX
flush_api_directory            True
endpoints_config
ca_certificate_path
parent_endpoints               XXXXXXX
ca_fingerprint
director_password
download_url                   \\xxxxx\xxxx\Icinga\selfservice_api
agent_name
nsclient_service               False
agent_listen_port              5665
global_zones                   {director-global, global-templates}
nsclient_installer_path
installer_hashes
icinga_service_user
allow_updates                  True
remove_nsclient                False
ca_port                        5665
fetch_agent_name               False
caproxy                        False

Build check is as follows;

icinga2 daemon -C
[2020-01-20 13:56:35 +0000] information/cli: Icinga application loader (version: r2.11.2-1)
[2020-01-20 13:56:35 +0000] information/cli: Loading configuration file(s).
[2020-01-20 13:56:35 +0000] information/ConfigItem: Committing config item(s).
[2020-01-20 13:56:35 +0000] information/ApiListener: My API identity: cyllene
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 InfluxdbWriter.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 ScheduledDowntime.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 FileLogger.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 2 NotificationCommands.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 NotificationComponent.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 13 Notifications.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 IcingaApplication.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 14 HostGroups.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 17 Hosts.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 Downtime.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 CheckerComponent.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 7 Zones.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 5 Endpoints.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 ExternalCommandListener.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 ApiUser.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 2 UserGroups.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 ApiListener.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 1 IdoMysqlConnection.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 235 CheckCommands.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 3 TimePeriods.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 2 Users.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 41 Services.
[2020-01-20 13:56:35 +0000] information/ConfigItem: Instantiated 8 ServiceGroups.
[2020-01-20 13:56:35 +0000] information/ScriptGlobal: Dumping variables to file '/var/cache/icinga2/icinga2.vars'
[2020-01-20 13:56:35 +0000] information/cli: Finished validating the configuration file(s)

Server logs from /var/log/icinga2.log relevant to client being installed, are as follows;

[2020-01-20 12:13:51 +0000] information/JsonRpcConnection: Sending certificate response for CN 'host.x.y.com' to endpoint 'host.x.y.com'.
[2020-01-20 12:13:51 +0000] warning/JsonRpcConnection: API client disconnected for identity 'host.x.y.com'
[2020-01-20 12:14:01 +0000] information/ApiListener: Reconnecting to endpoint 'host.x.y.com' via host 'xxx.xxx.xxx.xxx' and port '5665'
[2020-01-20 12:14:01 +0000] warning/ApiListener: Certificate validation failed for endpoint 'host.x.y.com': code 18: self signed certificate
[2020-01-20 12:14:01 +0000] information/ApiListener: New client connection for identity 'host.x.y.com' to [xxx.xxx.xxx.xxx]:5665 (certificate validation failed: code 18: self signed certificate)
[2020-01-20 12:14:01 +0000] information/ApiListener: Finished reconnecting to endpoint 'host.x.y.com' via host 'xxx.xxx.xxx.xxx' and port '5665'
[2020-01-20 12:14:01 +0000] information/JsonRpcConnection: Received certificate request for CN 'host.x.y.com' not signed by our CA.
[2020-01-20 12:14:01 +0000] information/JsonRpcConnection: Sending certificate response for CN 'host.x.y.com' to endpoint 'host.x.y.com'.
[2020-01-20 12:14:01 +0000] warning/JsonRpcConnection: API client disconnected for identity 'host.x.y.com'
[2020-01-20 12:14:11 +0000] information/ApiListener: Reconnecting to endpoint 'host.x.y.com' via host 'xxx.xxx.xxx.xxx' and port '5665'
[2020-01-20 12:14:11 +0000] warning/ApiListener: Certificate validation failed for endpoint 'host.x.y.com': code 18: self signed certificate
[2020-01-20 12:14:11 +0000] information/ApiListener: New client connection for identity 'host.x.y.com' to [xxx.xxx.xxx.xxx]:5665 (certificate validation failed: code 18: self signed certificate)
[2020-01-20 12:14:11 +0000] information/ApiListener: Finished reconnecting to endpoint 'host.x.y.com' via host 'xxx.xxx.xxx.xxx' and port '5665'
[2020-01-20 12:14:11 +0000] information/JsonRpcConnection: Received certificate request for CN 'host.x.y.com' not signed by our CA.
[2020-01-20 12:14:11 +0000] information/JsonRpcConnection: Sending certificate response for CN 'host.x.y.com' to endpoint 'host.x.y.com'.
[2020-01-20 12:14:11 +0000] warning/JsonRpcConnection: API client disconnected for identity 'host.x.y.com'
[2020-01-20 12:14:21 +0000] information/ApiListener: Reconnecting to endpoint 'host.x.y.com' via host 'xxx.xxx.xxx.xxx' and port '5665'
[2020-01-20 12:14:21 +0000] warning/ApiListener: Certificate validation failed for endpoint 'host.x.y.com': code 18: self signed certificate
[2020-01-20 12:14:21 +0000] information/ApiListener: New client connection for identity 'host.x.y.com' to [xxx.xxx.xxx.xxx]:5665 (certificate validation failed: code 18: self signed certificate)
[2020-01-20 12:14:21 +0000] information/ApiListener: Finished reconnecting to endpoint 'host.x.y.com' via host 'xxx.xxx.xxx.xxx' and port '5665'
[2020-01-20 12:14:21 +0000] information/JsonRpcConnection: Received certificate request for CN 'host.x.y.com' not signed by our CA.
[2020-01-20 12:14:21 +0000] information/JsonRpcConnection: Sending certificate response for CN 'host.x.y.com' to endpoint 'host.x.y.com'.
[2020-01-20 12:14:21 +0000] warning/JsonRpcConnection: API client disconnected for identity 'host.x.y.com'
[2020-01-20 12:14:31 +0000] information/ApiListener: Reconnecting to endpoint 'host.x.y.com' via host 'xxx.xxx.xxx.xxx' and port '5665'
[2020-01-20 12:14:31 +0000] warning/ApiListener: Certificate validation failed for endpoint 'host.x.y.com': code 18: self signed certificate
[2020-01-20 12:14:31 +0000] information/ApiListener: New client connection for identity 'host.x.y.com' to [xxx.xxx.xxx.xxx]:5665 (certificate validation failed: code 18: self signed certificate)
[2020-01-20 12:14:31 +0000] information/ApiListener: Finished reconnecting to endpoint 'host.x.y.com' via host 'xxx.xxx.xxx.xxx' and port '5665'
[2020-01-20 12:14:31 +0000] information/JsonRpcConnection: Received certificate request for CN 'host.x.y.com' not signed by our CA.
[2020-01-20 12:14:31 +0000] information/JsonRpcConnection: Sending certificate response for CN 'host.x.y.com' to endpoint 'host.x.y.com'.
[2020-01-20 12:14:31 +0000] warning/JsonRpcConnection: API client disconnected for identity 'host.x.y.com'

When installing with this method do you need to sign pending CA requests, or should that happen automatically?

Just check with “icinga2 ca list” on your master. If you request is listed here, you need to sign it.

And keep in mind, that there is a bug, that should be fixed in 2.12: If a Ceritifcate is signed you need to RESTART the Agent once, otherwise it will not work. If your Agent can’t reach the master/satellite over port 5665 the workflow must be: Register the host with the agent installer, than deploy the director config with the new host. After that the ca request will appear and you need to sign it. Then you have to restart the Agent once.

There usually is a CA request there, I assume this using means the agent can connect to the master. However I don’t recall restarting the agent.

Just to confirm the process is;

1. Install agent using powershell.
2. Deploy director config.
3. Sign CA request/
4. Restart windows agent.

Yes, correct.

[added some more chars to get the post postable]

OK, I’ve just done that.

CA request appeared immediately, but I pushed the Director first. Is there an particular log line that will confirm the agent is communicating properly?

My agents log is as follows;

[2020-01-20 15:02:43 -0000] information/FileLogger: 'main-log' started.
[2020-01-20 15:02:43 -0000] information/NotificationComponent: 'notification' started.
[2020-01-20 15:02:43 -0000] information/CheckerComponent: 'checker' started.
[2020-01-20 15:02:43 -0000] information/ConfigItem: Activated all objects.
[2020-01-20 15:03:02 -0000] information/FileLogger: 'main-log' started.
[2020-01-20 15:03:02 -0000] information/ApiListener: 'api' started.
[2020-01-20 15:03:02 -0000] information/ApiListener: Started new listener on '[::]:5665'
[2020-01-20 15:03:02 -0000] information/ConfigItem: Activated all objects.
[2020-01-20 15:03:12 -0000] information/WorkQueue: #4 (ApiListener, RelayQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:03:12 -0000] information/WorkQueue: #5 (ApiListener, SyncQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:05:14 -0000] information/FileLogger: 'main-log' started.
[2020-01-20 15:05:14 -0000] information/ApiListener: 'api' started.
[2020-01-20 15:05:14 -0000] information/ApiListener: Started new listener on '[::]:5665'
[2020-01-20 15:05:14 -0000] information/ConfigItem: Activated all objects.
[2020-01-20 15:05:24 -0000] information/WorkQueue: #4 (ApiListener, RelayQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:05:24 -0000] information/WorkQueue: #5 (ApiListener, SyncQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min)

when I try and use the agent I’m still getting the following error message from plugins

Remote Icinga instance 'myagent.hostname.com' is not connected to 'masterzone'

This is where I’d got to before, is there something else I’m missing. I’m at a deadend,

Just saw this in your logs:

notice: Fetched ticket “1a001ee5b990f1257c208f0d79899e7b4958947c” from Icinga Director

so, normally signing should not be necessary. double check, that zonenames are correct (Uppercase/lowercase etc.).

Your logs from the agent looks a little small without any connection tries from master or agent.

The agent log is just cycling as follows;

[2020-01-20 15:05:24 -0000] information/WorkQueue: #5 (ApiListener, SyncQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:10:14 -0000] information/ConfigObject: Dumping program state to file 'C:\ProgramData\icinga2\var\lib\icinga2/icinga2.state'
[2020-01-20 15:10:24 -0000] information/WorkQueue: #4 (ApiListener, RelayQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:10:24 -0000] information/WorkQueue: #5 (ApiListener, SyncQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:15:14 -0000] information/ConfigObject: Dumping program state to file 'C:\ProgramData\icinga2\var\lib\icinga2/icinga2.state'
[2020-01-20 15:15:24 -0000] information/WorkQueue: #5 (ApiListener, SyncQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:15:24 -0000] information/WorkQueue: #4 (ApiListener, RelayQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:20:14 -0000] information/ConfigObject: Dumping program state to file 'C:\ProgramData\icinga2\var\lib\icinga2/icinga2.state'
[2020-01-20 15:20:25 -0000] information/WorkQueue: #4 (ApiListener, RelayQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:20:25 -0000] information/WorkQueue: #5 (ApiListener, SyncQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:25:14 -0000] information/ConfigObject: Dumping program state to file 'C:\ProgramData\icinga2\var\lib\icinga2/icinga2.state'
[2020-01-20 15:25:25 -0000] information/WorkQueue: #4 (ApiListener, RelayQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);
[2020-01-20 15:25:25 -0000] information/WorkQueue: #5 (ApiListener, SyncQueue) items: 0, rate:  0/s (0/min 0/5min 0/15min);

With regards checking the zonenames, I’m not following you. The host template has a drop down in Director. I have left blank as it implies it just overrides. Are you referring to something else?

If you click on preview at the host in director you should see the zone/endpoint information’s. These need to be the same as in the icinga2.conf/zones.conf in the Agent config files.

I’m so sorry but this is confusing now, /etc/icinga2 contains so many files and sub folders and it’s unclear which are used…

In Director I can see the following under preview for the Windows agent based host.

## zones.d/cyllene/hosts.conf

object Host "hostname.com" { import "[Windows Workstation Template](https://cyllene.xx.yyyyy.com/icingaweb2/director/host?name=Windows%20Workstation%20Template)" display_name = "w10-094" address = "xxx.xxx.xxx.xxx" }

## zones.d/cyllene/agent_endpoints.conf

object Endpoint "hostname.com" { host = "xxx.xxx.xxx.xxx" log_duration = 0s }

## zones.d/cyllene/agent_zones.conf

object Zone "hostname.com" { parent = "cyllene" endpoints = [ "hostname.com" ] }

In /etc/icinga2
/etc/icinga2/zones.d contains only a README file.

/etc/icinga2/zones.conf
Doesn’t contain the zone cyllene could that be the issue?

The Linux agent I have working is using

zones.d/cyllene/agent_zones.conf
object Zone "linxhostname.com" {
    parent = "cyllene"
    endpoints = [ "linuxhostname.com" ]
}

and that seems fine

On the agent look exactly in the two files I mentioned (icinga2.conf and zones.conf) As far es I remember the agent installer Powershell script not uses the zones.conf, so you should find the zone configurations directly in icinga2.conf.

If this is a proof of concept, you should switch to the icinga powershell framework, as its the new way of deploying agents on Windows and I’am pretty sure the director powershellscript you are using will be deprecated in a while.

For me it looks like that the master is not trying to connect to the agent, or can’t reach host = “xxx.xxx.xxx.xxx” over port 5665.

The agent contains the following in icinga2.conf

object Zone "director-global" {
 global = true
}
object Zone "global-templates" {
 global = true
}

/* Define a zone for our current agent and set our parent zone for proper communication. */
object Zone "hostname.com" {
  parent = "cyllene"
  endpoints = [ "hostname.com" ]

I’m assuming that’s correct.

I’d assume host for the endpoint cyllene in your icinga2.conf at the agent is missing or unset. This happens when the endpoint config for cyllene in the director does not contain the host information.

I’ve managed to solve the issue, looks like a connectivity problem.