Execvpe(/usr/lib/check_service.exe) failed: No such file or directory

add this as a variable to your service config to define the serviec you want to check.

I did, error message is still the same.

icinga2 ca list doesn’t show any open signing requests?

No, there are no open request.
with icinga2 ca list --all there are multiple entrys for my host with hostname and with FQDN?
I searched in doc but its not possible to delete signed requests, am I right?

Because

signals that the agents certificate is not yet signed by the Icigna CA.

I found on the Agent under %ProgramData%\icinga2\var\lib\icinga2\certs multiple CA’s and I installed them (CA.crt and agentFQDN.crt) to the trust folder for CA’s to make sure, Agent has the Certificates and trusts them aswell.

huh, never seen that command before. Not sure what it runs in the background.
I recommend running icinga2 daemon -C to validate the configuration.

Okay. Running the icinga2 daemon -C shows no erros/problems.

Log on Agent:
information/ApiListener: New client connection for identity 'masterFQDN' to [masterIP]:5665 (certificate validation failed: code 18: self signed certificate)

information/ApiListener: Finished reconnecting to endpoint 'masterFQDN' via host 'masterFQDN' and port '5665'

warning/JsonRpcConnection: API client disconnected for identity 'masterFQDN'

warning/ApiListener: Certificate validation failed for endpoint 'masterFQDN': code 18: self signed certificate

And then it starts again with the first error message above.
information/ApiListener: New client connection for identity 'masterFQDNt' to [masterIP]:5665 (certificate validation failed: code 18: self signed certificate)

Log on Master:

[2023-05-15 14:05:38 +0000] information/ApiListener: Reconnecting to endpoint 'agentFQDN' via host 'agentFQDN' and port '5665'
[2023-05-15 14:05:38 +0000] critical/ApiListener: Cannot connect to host 'agentFQDN' on port '5665': Host not found (authoritative)

Connection from Agent to master works.
Telnet with 5665 works and no Local or external Firewall is blocking any traffic.

Do you have any idea on this?

I tought maybe the version from master and agent dont work together, but I didnt found any informations on this in the docs.
Master Version:

icinga2 - The Icinga 2 network monitoring daemon (version: r2.13.7-1)

Copyright (c) 2012-2023 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

System information:
  Platform: Ubuntu
  Platform version: 22.04.2 LTS (Jammy Jellyfish)
  Kernel: Linux
  Kernel version: 5.15.0-1034-azure
  Architecture: x86_64

Build information:
  Compiler: GNU 11.3.0
  Build host: runner-hh8q3bz2-project-575-concurrent-0
  OpenSSL version: OpenSSL 3.0.2 15 Mar 2022

Application information:

General paths:
  Config directory: /etc/icinga2
  Data directory: /var/lib/icinga2
  Log directory: /var/log/icinga2
  Cache directory: /var/cache/icinga2
  Spool directory: /var/spool/icinga2
  Run directory: /run/icinga2

Old paths (deprecated):
  Installation root: /usr
  Sysconf directory: /etc
  Run directory (base): /run
  Local state directory: /var

Internal paths:
  Package data directory: /usr/share/icinga2
  State path: /var/lib/icinga2/icinga2.state
  Modified attributes path: /var/lib/icinga2/modified-attributes.conf
  Objects path: /var/cache/icinga2/icinga2.debug
  Vars path: /var/cache/icinga2/icinga2.vars
  PID path: /run/icinga2/icinga2.pid

Agent Version:
2.13.7

@log1c any ideas on this?

Did you make any changes to this setup?
Is there a reason why you don’t let the agent listen for connections?
Is there a reason why you don’t tick “accept config” or “accept commands”?

I’d say try enabling one of these and see if it solves your problem.

Other than that I’m currently out of ideas.
If the endpoint object names match on both sides and with the certificate CN, then the connection should work correctly.