Icinga2 Agent install/config error

This forum was archived to /woltlab and is now in read-only mode.
  • Hi

    I have an issue while adding windows 7 machine via icinga2 agent V2.4.4.
    Agent was already running before then i have alerts for this host showing down always so i have re-installed ( even removed all directories/ temp files and folders).

    information/base: Writing private key to 'C:\Program Files (x86)\ICINGA2\etc\icinga2\pki\axx-?Vast-?SRV03.key'.
    critical/SSL: Error while opening private RSA key file 'C:\Program Files (x86)\ICINGA2\etc\icinga2\pki\axx-?Vast-?SRV03.key': 33558651, "error:0200107B:system library:fopen:Unknown error"


  • Tried with another agent version : Icinga2-v2.5.0-x86_64 , ended up with different error.

    Running command 'icinga2.exe pki new-cert --cn "Zax-Vast-SRV03" --key "C:\ProgramData\icinga2\etc\icinga2\pki\Zax-Vast-SRV03.key"
    --cert "C:\ProgramData\icinga2\etc\icinga2\pki\Zax-Vast-SRV03.crt"' produced the following output:
    Writing private key to 'C:\ProgramData\icinga2\etc\icinga2\pki\Zax-?Vast-?SRV03.key'.
    critical/SSL: Error while opening private RSA key file 'C:\ProgramData\icinga2\etc\icinga2\pki\Zax-?Vast-?SRV03.key': 33558651, "error:0200107B:system library:fopen:Unknown error".

    Any suggestions. I am trying different agents to check.


  • i assume you run the icinga2.exe pki new-cert --cn "Zax-Vast-SRV03" ... from the command line.
    If so, are you able to create the named file using the same account (i. e.via notepad) ?

    Not that you are running in a file ACL permission issue.

  • Hi

    Yes, I have created the pki from the icinga ssh ! #icinga2 pki tikcet --cn "Zax-Vast-SRV03" .


  • You did not answer my question.

    Logging in as the accout the icinga2 service is running under, are you able to write to
    C:\ProgramData\icinga2\etc\icinga2\pki\Zax-?Vast-?SRV03.key ?

  • Hi

    Yes! i can write in the folder (created the same file name and edit, delete etc) Full permissions for the account. Tried changing the names and also PKI tickets.

  • What about the funny question marks in the cert names:


    Have these been inserted by you ?



    and many others all point out that 0200107b mean an openssl.cnf can not be found / accessed.

    As a solution, they name the creation of an environment variable that points openssl on the right way.

    The explanation might match what you see, the solution for sure does not.
    So, i am out of ideas now.