You got the PID and the exit code so something should be found in the eventlogs or AV logs.
I’m no Windows guru but there are possibly some sysinternals or other tools that could help debug this further.
On Linux I would guess it’s a difference between the vars in ENV (path and the like) that make it behave differently when manual executed or execution by the service while using the same user.
in that screenshot I still spot a / before sbin in the path
Hello everyone, due to the turn of the year this topic was postponed for the time being. It has now come up again. I checked the event logs for the PIDs and found nothing other than “Command was executed.” I also tried to find something via the AV, but it does not show anything.
The / after sbin is also present in the other checks:
Veeam: "C:\Program Files\ICINGA2\/sbin/centreonplugins\src\centreon_plugins.exe"
Icinga Check: "C:\Program Files\ICINGA2\/sbin/check_disk.exe"
Therefore, I do not think that the path is the issue.
Any other ideas?
Small update on this topic: The antivirus isn’t blocking anything related to the check. I just installed a VM and left the antivirus out entirely. The check still reports “Access denied.”
Mixing \ and / in one path is bad.
Yeah but how can I change this? The paths are set by icinga self.
I also tested the checks via psexec and that works fine too, so it has to be an issue withe the agents.