Icinga2 - Windows agent via satellite wrong connection

Hello,

When trying to set up a Windows agent via a Debian satellite, we have the problem that Icinga apparently still tries to connect that agent directly to the Fedora master server. In the initial setup of the Icinga Windows agent the Debian satellite was set as parent and the certificate exchange was successful but in Icinga we get this error message:

Remote Icinga instance '<windows agent>' is not connected to '<Fedora master>'

The Fedora master server is being checked here but we expected the Windows server to be connected to the satellite instead like we set it up.

Used versions:

  • Icinga Web 2 version: 2.11.3 (Git commit f917436a894c1f4148a9c3d6a27f9c20f204e44f)
  • Used modules and their versions:
    • businessprocess - 2.4.0
    • director - 1.10.2
    • doc - 2.11.3
    • grafana - 1.1.6
    • incubator - 0.19.0
    • monitoring - 2.11.3
  • Web browser used: Google Chrome (Version 110.0.5481.100 64-Bit)
  • Icinga 2 version used: r2.13.6-1
  • PHP version used: 8.1.13
  • Server operating system and version (master): Fedora Linux 36
  • Server operating system and version (satellite): Debian 10
  • Server operating system and version (agent): Windows Server 2016

We appreciate any help with solving this topic.

Icinga’s agent connects to the endpoint usually defined in its zones.conf. Hence, you have to change the host entry.

Thank you for your reply. However, the zones.conf used does only define the satellite as endpoint with the correct host and port and not the Icinga master server. We also checked the outgoing TCP packages and the master definetly tries to ping the agent directly which cannot work in our environment. Are there any other possibilities that I’m missing to change the check source to the satellite server?

The check source depends on the zone where a host object is belonging to. Hence, you need to change the particular host object to belong to the satellite zone.

You are right, the satellite zone wasn’t set up properly, that’s why it couldn’t work. After looking into some more forum posts I get the impression that it can be tricky using the director for a setup with satellites. I tried setting up the satellite zones and endpoints via the director but that didn’t change anything and also seems to be the wrong way since the interface warns me about doing that.
If I understand correctly, the better approach is to set up the zones in the zones.conf of the master and satellites and afterwards using the kickstarter script of the director to sync it, right? I’ll try playing around with that next. Sorry, I’m still in the middle of learning and understanding things…

It’s even not only better but the only correct way to do it. So, your’re on the right way.

Don’t worry, that’s why we are here.