Icinga2 Agent install/config error

This forum was archived to /woltlab and is now in read-only mode.
  • Hi


    I have an issue while adding windows 7 machine via icinga2 agent V2.4.4.
    Agent was already running before then i have alerts for this host showing down always so i have re-installed ( even removed all directories/ temp files and folders).



    information/base: Writing private key to 'C:\Program Files (x86)\ICINGA2\etc\icinga2\pki\axx-?Vast-?SRV03.key'.
    critical/SSL: Error while opening private RSA key file 'C:\Program Files (x86)\ICINGA2\etc\icinga2\pki\axx-?Vast-?SRV03.key': 33558651, "error:0200107B:system library:fopen:Unknown error"


    Thanks

  • Tried with another agent version : Icinga2-v2.5.0-x86_64 , ended up with different error.


    Running command 'icinga2.exe pki new-cert --cn "Zax-Vast-SRV03" --key "C:\ProgramData\icinga2\etc\icinga2\pki\Zax-Vast-SRV03.key"
    --cert "C:\ProgramData\icinga2\etc\icinga2\pki\Zax-Vast-SRV03.crt"' produced the following output:
    information/base:
    Writing private key to 'C:\ProgramData\icinga2\etc\icinga2\pki\Zax-?Vast-?SRV03.key'.
    critical/SSL: Error while opening private RSA key file 'C:\ProgramData\icinga2\etc\icinga2\pki\Zax-?Vast-?SRV03.key': 33558651, "error:0200107B:system library:fopen:Unknown error".


    Any suggestions. I am trying different agents to check.


    Thanks

  • i assume you run the icinga2.exe pki new-cert --cn "Zax-Vast-SRV03" ... from the command line.
    If so, are you able to create the named file using the same account (i. e.via notepad) ?


    Not that you are running in a file ACL permission issue.

  • Hi


    Yes, I have created the pki from the icinga ssh ! #icinga2 pki tikcet --cn "Zax-Vast-SRV03" .


    Thanks

  • You did not answer my question.


    Logging in as the accout the icinga2 service is running under, are you able to write to
    C:\ProgramData\icinga2\etc\icinga2\pki\Zax-?Vast-?SRV03.key ?

  • Hi


    Yes! i can write in the folder (created the same file name and edit, delete etc) Full permissions for the account. Tried changing the names and also PKI tickets.

  • What about the funny question marks in the cert names:


    C:\ProgramData\icinga2\etc\icinga2\pki\Zax-?Vast-?SRV03.key


    Have these been inserted by you ?


    http://kb.tableau.com/articles…g-openssl-to-generate-csr


    https://codedump.io/share/g4js…sl-not-working-on-windows



    and many others all point out that 0200107b mean an openssl.cnf can not be found / accessed.


    As a solution, they name the creation of an environment variable that points openssl on the right way.



    The explanation might match what you see, the solution for sure does not.
    So, i am out of ideas now.