TcpSocket: Invalid socket: Connection refuesd. Cannot connect to host "master_hostname"

I am trying to run node setup command on my client/satellite to add it to my icinga2 master. I have icinga2 working correctly on my master but when I try to run icinga2 node setup on my client I get the error TcpSocket: Invalid socket: Connection refused: Cannot connect to host “master_hostname” on port 5665.Failed to request certificate from Icinga 2 master".
I have verified that the icinga2 service is running on port 5665 on the master.
Api feature is enabled on my client.
Icinga2 service is not running on port 5665 on client. I think this may be part of the issue. How can i get it to listen on port 5665 on the client?


in such cases I would some things from the network side and/or in the OS or in the infrastructure:

  • is the local firewall running and is there a permission to access the port 5665
  • is there a hardware firewall/proxy/etc. in the middle which is blocking the access 5665
  • check with netstat, nmap thte state of the port 5665 on both server (e.g. is another program listen to it)
  • if you
  • if SELinux is enabled, check the logs (maybe the rules are not installed correctly)
  • is it possible to run the the node setup with the IP instead of the DNS

that are some ideas from this side.

Hello. Thanks for you reply. Selinux and the firewall are both disabled so that shouldn’t be any issue. Port 5665 isn’t being used by any other service as of now. I will try to run node setup with the Ip address after i set a static IP address and see if that helps any.

So i restarted the icinga service on the client and icinga2 started listening on port 5665. Selinux plus the firewall are both disabled. Now when I run the icinga2 node setup command the error is something different. Error output is as follows . "Requested a signed certificated from the master. Peer certificate does not match trusted certificate. Failed to request certificate from Icinga2 master. "

If anyone has any suggestions I would really appreciate it.

The new error message means that the connection would work. But while requesting the certificate something went wrong. As the message say, that the peer certificate does not match the trusted certificate. In this case it would interesting to see, how you are doeing this.

That the connection works with turned off SELinux/Firewall shows, that something is wrong in the config.

I am running the pki new cert and icnga2 pki sign-csr on the master node. Then transferring the files over to the client and finally running the icinga2 node setup on the client. That’s when i get the error of “Invalid Socket Connection Refused. Cannot connect to host on “hostname” on port 5665. Failed to request certificate”.
Everything I’ve read on this issue says to verify that icinga is listening on port 5665 which i have verified for both machines with netstat and lsof command. Selinux and firewalls are disabled.
Could me not having static IP addresses maybe cause this issue? Any help will be appreciated.

I have no ideas yet. Maybe others have some.

Maybe you could check the communication during the setup with tcpdump. Maybe you’ll find something with this way.

If the problem is not having a static IP adress? I don’t know. We don’t have such cases or ever tried only with DNS.