Icinga PS not executed on windows client

Please describe your problem as detailed as possible and don’t forget to use a meaningful title :slight_smile:
We also have a markdown formatting guide to help you make your topics more readable!


I have setup a master-master icinga2 environment with director installed. Both masters are in my master zone. I have imported vm’s from my vmware environment and placed them in the master zone with endpoint the first master. *nix checks over ssh executed perfectly.

Next up was trying to setup a windows server to execute the standard Invoke-IcingaCheckCPU check on the windows client. Installing the ps client on the windows machine works, cert is signed on the icinga2 master and log show connecting to the windows client. Imported the ps plugin checks in the director and these are visible under the commands. Defined a service template and added this to a service which is attached to the client config in the director. Now the check stays on pending no matter what I try.

Command and service template and host are in the master zone. I see the master executing the check to the windows client, but in de logs of the windows client I only see the 5665 connection coming in. No service check.

What am I missing??

Does your Hosttemplate have a “Icinga Agent = Yes” and your service template a “run on agent = yes”?

Yes and yes, both are set to yes.

In the director endpoint and checks are in the master zone. The windows agent is receiving the check connection, but is not executing the command:
[2023-03-22 12:03:52 +0100] notice/JsonRpcConnection: Received ‘event::ExecuteCommand’ message from identity ‘’.
[2023-03-22 12:03:52 +0100] notice/ApiListener: Sending message ‘event::CheckResult’ to ‘’

And sending the result back to the master. Could this be a zone issue? In what zone should the icinga for windows checks be configured? The agent is directly connected to the master. No satellite or something in between.

can you post the zones.conf from the agent?

object Endpoint “” {

object Endpoint “” {
host = “”;

object Zone “master” {
endpoints = [ “” ];

object Zone “” {
parent = “master”;
endpoints = [ “” ];

object Zone “director-global” {
global = true;

object Zone “global-templates” {
global = true;

When I try to set ACL on the framework dir is says it does not exist:
PS C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework> Set-IcingaAcl -Directory ‘C:\Progam Files\WindowsPowerShell\Modules\icinga-powershell-framework’
[Warning]: Unable to set ACL for directory “C:\Progam Files\WindowsPowerShell\Modules\icinga-powershell-framework”. Directory does not exist

That is strange.

I have set Powershell execution policy to Bypass. Just to rule a execution policy block out.

Do I have to register the Invoke-IcingaCheckCPU check as a backgrounddaemon in the icinga for windows client?

PS C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework> Show-IcingaRegisteredBackgroundDa
List of configured background daemons on this system:


No arguments defined


No arguments defined


No arguments defined

this zones.conf shouldnt work at all, how did you install icinga on that machine?

Installed it with the IcingaWindowsScript powershell script. But, seeing your reaction, not with the right anwsers. I have found a tutorial from netways which takes you through the whole setup. Going to follow that and see what I did wrong. But if you have any suggestions, you are welcome.

I managed to fix the issue. After I found the zone-stages startup log on the windows agent I noticed an error in the log about a systemd check that I created. It conflicted with the default systemd check in the icinga install. After I solved this issue the PowerShell checks where synced to the client and the checks started working. Thanks for the support.