Reconncting Windows Agents --> Best practice?

Josh · September 22, 2021, 6:04am

Hello all,

I need help in connection with the Windows Agent.
An Icinga installation had some (> 20) Windows machines connected to the agent.

After a crash of the Icinga server it was completely rebuilt (with identical IP and name).

Now, of course, the Windows agents want to log on to the server, which is not possible, as
are all new for the server.

Is there a best practice with as little manual effort as possible (e.g. no RDP session and manual reinstallation with ticket etc.?) for connecting the Windows Agents to the now new server?

Many thanks and greetings,
hobin

Icinga Version: r2.13.1-1
Icinga Web2: 2.9.3
Director: latest

dgoetz · September 22, 2021, 7:42am

So as you used the same IP and name, I assume no change to the configuration on the server has to be done. The only thing preventing a successful connection is the certificate, so I think deleting the directory C:\ProgramData\icinga2\var\lib\icinga2\certs\, restart of the service and then using icinga2 ca sign on the master should do it. So it is probably still too much manual work, if you can not use some kind of configuration management or gpo.

zkoooo · September 22, 2021, 7:55am

I think just the master ca.crt and the trusted-parent.crt should erased and a new Cert sign request should be sent to master.

MikeKall · September 22, 2021, 8:15am

Something that I would do is to reconfigure the windows machine by executing remotely a script using the icinga powershell module. You can add the -Reconfigure flag to change the configurations of your windows machines.

Josh · September 22, 2021, 9:49am

Thank you for your advice.

→ Mike:
I use the discontinued agent module https://github.com/Icinga/icinga2-powershell-module.

For the Icinga Powershell Framework Kickstarter, I unfortunately get plenty of error messages when running it (but the script itself runs).

Unfortunately, the link at https://icinga.com/docs/icinga-for-windows/latest/doc/02-Installation/ leads to a 404, which is why I don’t know exactly where my error might lie.

among others:
powershell.exe : Der Dienst “Icinga 2 (icinga2)” kann aufgrund des folgenden Fehlers nicht gestartet werden: Der Dienst icinga2 kann nicht auf dem Computer . gestartet werden.
In C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\cache\framework_cache.psm1:2240 Zeichen:9
+ powershell.exe -Command {
*+ ~~~~~~~~~~~~~~~~~~~~~~~~~*
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Restart-Service], ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.RestartServiceCommand"

Thanks and greetings
hobin

MikeKall · September 23, 2021, 9:50am

I didn’t know that there was a deprecation notice for that one, thanks for the info.
About the error, maybe it could be a better choice to open a new ticket
at the icinga powershell kickstarter github page.

Another approach could be via the icinga msi package. You could automate the msi installation process
by passing the parameters to it and if I am not wrong there is an option for reconfiguration.

Cheers,
Mike

Josh · September 23, 2021, 10:05am

Hello Mike,

thanks for the answer.
Despite the error message, I have run the script again.
with the flag -reconfigure and it worked for one installation…I now have to verify this again with more servers.

Greetings.
hobin

Josh · September 29, 2021, 6:29am

Unfortunately, I have not yet been able to carry out any verification on the subject…