JEA not active after first "Install-IcingaSecurity"-command #842
Description
I tried to activate JEA by executing "Install-IcingaSecurity" in an admin-PS:
PS C:\> Install-IcingaSecurity
[Notice]: Installing user "icinga"
[Notice]: User was successfully created.
[Passed]: Directory "C:\ProgramData\icinga2\etc" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\ProgramData\icinga2\var" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\cache" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\config" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Notice]: Restarting service "icinga2"
[Notice]: Stopping service "icingapowershell"
[Notice]: Starting service "icingapowershell"
[Notice]: User "icinga" including permissions was successfully installed on this host
[Notice]: Writing Icinga for Windows environment information as JEA profile
[Warning]: The module "icinga-powershell-plugins" is using "Add-Type" or "Add-IcingaAddTypeLib" definitions for file "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-plugins\provider\disks\Get-IcingaDiskAttributes.psm1". Ensure you validate the code before trusting this publisher.
[Notice]: Registering Icinga for Windows JEA profile
[Notice]: JEA Profile "IcingaForWindows" was successfully installed
[Notice]: Stopping service "icingapowershell"
[Notice]: Starting service "icingapowershell"
As a result all services switched to "Unknown" with the following plugin-output:
Icinga Exception: Unable to start the PowerShell.exe with the provided JEA profile "IcingaForWindows" for CheckCommand: <check-command>
After executing the command a second time, the JEA-settings were set correctly and all checks are running fine:
PS C:\> Install-IcingaSecurity
[Notice]: Installing user "icinga"
[Notice]: User updated successfully.
[Notice]: Service User ".\icinga" for service "icinga2" successfully updated
[Notice]: Service User ".\icinga" for service "icingapowershell" successfully updated
[Passed]: Directory "C:\ProgramData\icinga2\etc" is accessible and writable by the Icinga Service User "icinga"
[Passed]: Directory "C:\ProgramData\icinga2\var" is accessible and writable by the Icinga Service User "icinga"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\cache" is accessible and writable by the Icinga Service User "icinga"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\config" is accessible and writable by the Icinga Service User "icinga"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate" is accessible and writable by the Icinga Service User "icinga"
[Notice]: Restarting service "icinga2"
[Notice]: Stopping service "icingapowershell"
[Notice]: Starting service "icingapowershell"
[Notice]: User "icinga" including permissions was successfully installed on this host
[Notice]: Writing Icinga for Windows environment information as JEA profile
[Warning]: The module "icinga-powershell-plugins" is using "Add-Type" or "Add-IcingaAddTypeLib" definitions for file "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-plugins\provider\disks\Get-IcingaDiskAttributes.psm1". Ensure you validate the code before trusting this publisher.
[Warning]: The module "icinga-powershell-plugins" is using "Add-Type" or "Add-IcingaAddTypeLib" definitions for file "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-plugins\provider\disks\Get-IcingaUNCPathSize.psm1". Ensure you validate the code before trusting this publisher.
[Notice]: Registering Icinga for Windows JEA profile
[Notice]: JEA Profile "IcingaForWindows" was successfully installed
[Notice]: Stopping service "icingapowershell"
[Notice]: Starting service "icingapowershell"
However show-icinga doesn't show the user for the "icinga2"-service correctly:
Icinga for Windows environment:
-----------
Environment configuration:
PowerShell Root => C:\Program Files\WindowsPowerShell\Modules\
Icinga for Windows Service Path => C:\Program Files\icinga-framework-service\
Icinga for Windows Service User => .\icinga
Icinga for Windows Service Pid => 2464
Icinga for Windows JEA Pid => 6112
Icinga Agent Path => C:\Program Files\ICINGA2\
Icinga Agent User => icinga
Defined Default User => DEHWLWOPSMGRT11\icinga
Icinga Managed User => True
=> I would expect ".\icinga2" for "Icinga Agent User" like the "Icinga for Windows Service User".
But it was correctly set:
