Invalid ticket for CN 'icinga 4 windows host'

I’m trying to install the icinga for windows agent…
But I have error with certificate…
The installation finish with this error:

[Error]: Failed to create certificate.
Arguments: pki request --host icinga2-dev --port 5665 --ticket 1c6c0c5ceb3a6d44f07e73bc7e9a14f465488374 --key C:\ProgramData\icinga2\var\lib\icinga2\certs-win10-tech1.key --cert C:\ProgramData\icinga2\var\lib\icinga2\certs-win10-tech1.crt --trustedcert C:\ProgramData\icinga2\var\lib\icinga2\certs\trusted-parent.crt --ca C:\ProgramData\icinga2\var\lib\icinga2\certs\ca.crt
Error:information/cli: Writing CA certificate to file ‘C:\ProgramData\icinga2\var\lib\icinga2\certs\ca.crt’.
ritical/cli: !!! Invalid ticket for CN ‘-win10-tech1’.
[Error]: Failed to sign Icinga certificate

The host was correctly added to DIRECTOR… HOST-TEMPLATE ASSIGNED - BUT Service Check fails with:
Remote Icinga instance ‘-win10-tech1’ is not connected to ‘icinga2-dev’

How can I trust the agent with master and when this task should be performed ?
What is the TICKET I have to use ?
THX

I would recommend to use the FQDN of the host in the CN field and the node name in the zones.conf.

To be honest I used… But deleted her for privacy.
Anyway the error seems to be related to the fact that the Agent is not trusted by master…
But a command:
icinga2 ca list --all
on master do not show any pending request…
How can I re-send the request from Agent to Master ?

Just do the pki request again but ritical/cli: !!! Invalid ticket for CN ‘-win10-tech1’. looks to be your problem.

Documentations of different calls ist here: Distributed Monitoring - Icinga 2

or do you want to use the Icinga director Self Service API - Icinga Director ?

Tried to create the ticket on master with:

icinga2 pki ticket --cn xxx-win10-tech1.xxx.locale

I used the Ticket generated here… into the installation… BUt I have the same error

That sounds about right but I can’t help much more as I use the director self-service API in VM images and Ansible for half automatic setup.

From the Output I receive. I’m olsu using the API:

image1303×389 42.3 KB

If you use the self service API, have a look at Getting Started - Icinga for Windows

Also the ticket needs to be generated not on the master but on the host template in the director.

I solved generating the TICKET on the master for the HOST without domain…

In this way the Service check are is starting to work.
But from what you say… I?m still doing the wrong configuration…

Because the ticket for my Host Template… Do not work in my previus attemps of installation…

Hao can I reset everything and repeat oll the step ?

Isn’t .local also a domain?

“Wrong” is subjective and depends on your goals.
If you use the director the self service API is nice if you configure in the config files it isn’t a option.

On the windows client, just run the setup again. Resulting files are under %ProgramData%\Icinga or something similar.

On the Icinga server, it depends on your configuration method. If you use the director just delete the host in there and deploy the new config.
If you write the configs by hand, well grep -r HOST_TO_DELETE /etc/icinga2/ will tell you which files to update and then you need to reload the icinga2 daemon.