Remote Icinga instance 'agent.domain.net' is not connected to 'master.domain.net'

Maku2207 · May 11, 2020, 11:25am

Hi, guys,

I know, the subject has come up at one time or another, but unfortunately the steps suggested there could not help me much.

For my final project I am currently setting up an Icinga server (version r2.8.1-1) on an Ubuntu 18.04.04 LTS.

In our company we only use Windows machines, on which I have rolled out all important Powershell scripts that are executed via a custom command.

Now it unfortunately only fails because of the connection to the agent. I installed the Icinga2 Agent on the client machine and signed the certificate on the master side. In the zones I defined the host as the “master” of the client and really checked if the same FQDN was used everywhere.

One thing still confuses me though. I find only the certificate of the master under /var/lib/icinga2/certs/, but not the certificate of the client( Although the certificate of the client is signed under “icinga2 ca list”.
This is the relevant extract of the log files for this:

[2020-05-11 00:09:51 +0200] critical/GraphiteWriter: Exception during Graphite operation: Verify that your backend is operational!
[2020-05-11 00:09:53 +0200] information/ApiListener: New client connection for identity ‘MUE-ILP-SRV-11.ILP.NET’ from [192.168.10.228]:61164 (certificate validation failed: code 18$
[2020-05-11 00:09:53 +0200]

If you need more information, please do not hesitate to ask
Many greetings

fluxX · May 11, 2020, 2:46pm

Hi and welcome ,

what’s the icinga2 agent version on your windows clients?

r2.8.1-1 is really out of date (~2 years).
Seems like you are not using the official packages from Icinga2 itself. Take a look here how to setup the repository for ubunut.

Greetz

Maku2207 · May 12, 2020, 9:56am

Hello ,
For the Windows Agent I just use the latest icinga Snapshot (from 04/27/2020). Do you recommend upgrading my Icinga Server to the latest version?

Many greetings

fluxX · May 12, 2020, 12:12pm

Hi,

could be worth a try as the master should be on a higher or same version as the agents (doc ref).
For upgrading don’t miss the upgrading docs.

Greetz

nexo1960 · May 12, 2020, 3:14pm

warning: keep in mind that only one version between agent and it’s parent node is supported.

E.g. master 2.11 --> satellite 2.10 --> agent 2.9

Maku2207 · May 13, 2020, 11:06am

Hello guys once again,

Before upgrading, I tried following the exact same steps as before on another host and it worked like a charm without any errors. Maybe i made a stupid mistake regarding FQDN’s, but the error is gone for now.

Thank you all nontheless for your help

Hope you all have a good day

theFeu · May 14, 2020, 12:28pm

Hey there!
Did that solve the issues on the original problem host as well?
Please excuse the nosiness, but I am always super suspicious, when errors just …disappear
At least when it comes to our own software
You have a good day as well!
Feu