on the clients, I removed xinetd with apt purge xinetd so it’s not running (systemctl | grep xine shows nothing), I have these services running:
check-mk-agent-async.service loaded active running Checkmk agent - Asynchronous background tasks
system-check\x2dmk\x2dagent.slice loaded active active system-check\x2dmk\x2dagent.slice
check-mk-agent.socket loaded active listening Local Checkmk agent socket
cmk-agent-ctl-daemon.service loaded active running Checkmk agent controller daemon
Since I’m still struggling with this issue, I have spawned a brand new server with Ubuntu 22, installed checkmk raw, switched the public IP from the old server to the new one (got hundreds of monitored servers with a firewall rule to allow 6556 to that IP only), configured apache to have SSL, then imported the backup from the old server (with omd backup + omd restore)
Then I installed the agent on the server, and registered, and this part finally worked, the server can monitor itself (even if I don’t understand why cmk-agent-ctl register --hostname 127.0.0.1 gave 404 Not Found: Host 127.0.0.1 does not exist., I had to put the public hostname).
However, all the other hosts doesn’t work, I see the same issue as before… 
To recap, the issue is the following:
ss -tulpnsayscmk-agent-ctlis listening on 6556- register command is successful (status says
Remote: Connection type: pull-agent, Registration state: operational) but the monitoring host doesn’t get any output (no unmonitored services found, 18 vanished services) - If I do
cmk-agent-ctl delete-all --enable-insecure-connectionsit works again but I have the annoying WARNTLS is not activated on monitored host
I think this whole TLS thing should be optional without showing any warning, since there are much simpler ways to secure the connection, like a simple firewall rule: ufw allow from 1.2.3.4 to any port 6556 proto tcp EDIT: I found I can do this in Setup>Services>Service monitoring rules>Checkmk Agent installation auditing>New rule: Checkmk Agent installation auditing