Can create enrollment-token but no verification code verification code not found

Hi guys,
I am running easticsearch 8.9 as docker container and installed Kibana via dnf package manager. I am able to generate the enrollment code but not the verification code.
verification code not found.
my elasticsearch.yml and kibana.yml you find below. What do I have to do to fix this?

ty#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 12-09-2023 14:15:53
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
```pack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["1e137585c6bb"]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
elasticsearch@1e137585c6bb:~/config$ cat elasticsearch.yml  |more
cluster.name: "docker-cluster"
network.host: 0.0.0.0

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 12-09-2023 14:15:53
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
 Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["1e137585c6bb"]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

`---
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# This setting specifies the IP address of the back end server.
server.host: "0.0.0.0"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This setting
# cannot end in a slash.
# server.basePath: ""

# The maximum payload size in bytes for incoming server requests.
# server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
# server.name: "your-hostname"

# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://elasticsearch:9200"

# When this setting’s value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
# elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn’t already exist.
# kibana.index: ".kibana"
# The default application to load.
# kibana.defaultAppId: "discover"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
# elasticsearch.username: "user"
# elasticsearch.password: "pass"

# Paths to the PEM-format SSL certificate and SSL key files, respectively. These
# files enable SSL for outgoing requests from the Kibana server to the browser.
# server.ssl.cert: /path/to/your/server.crt
# server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
# elasticsearch.ssl.cert: /path/to/your/client.crt
# elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
# elasticsearch.ssl.ca: /path/to/your/CA.pem

# To disregard the validity of SSL certificates, change this setting’s value to false.
# elasticsearch.ssl.verify: true
`# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
# elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
# elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
# elasticsearch.requestHeadersWhitelist: [ authorization ]

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
# elasticsearch.shardTimeout: 0

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
# elasticsearch.startupTimeout: 5000

# Specifies the path where Kibana creates the process ID file.
# pid.file: /var/run/kibana.pid

# Enables you specify a file where Kibana stores log output.
# logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
# logging.silent: false
` Set the value of this setting to true to suppress all logging output other than error messages.
# logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
# logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 10000.
# ops.interval: 10000


Many thanks in advance,
Uli

Hello,

When you initially run kibana, inside the kibana logs will be the verification code you need. It's usually formed as a link (should look something like this: http://localhost:5601/?code=12345) that you'll be able to click on and it'll open a browser or copy/paste the link. Then that's when you'll copy/paste the enrollment token you generated into the web page that comes up.

Also, enrollment token are only valid for 30 mins, so you'll need to regenerate a new one in Elasticsearch.

Hi,
I tried it with 4 several enrollment-tokens
eg eyJ2ZXIiOiI4LjkuMiIsImFkciI6WyIxMC44OS4wLjQ6OTIwMCJdLCJmZ3IiOiIyYjNiZjA4ZTY2MmI2ZjM3ZTcwZjU4ODJiZTZlMGY4ZTk2Yzk3OTYzZDdhMDA5M2ZiMDJiMmRiN2E2OTMzMTJmIiwia2V5IjoiTUNCaWo0b0JhSmV4aHNNcF9ETFk6blJQRGdMT2lTWUc1RVdKcy1JM3hhQSJ9

and the verification code 640 316

result: Couldn't configure Elastic

Generate a new enrollment token or configure manually.
So I tried to configure Kibana manually but I have no kibana password, where can I find this password respectively how to generate it?

Many thanks in advance,
Uli

Can you post your kibana logs? There could be a disconnect somewhere because you have elasticsearch container and a physical kibana.

The kibana password should also be in the kibana logs once you initially start it, but you can change the kibana password within the elasticsearch container by running bin/elasticsearch-reset-password -iu kibana_system then you can change the password to whatever you want.

After you set the password, you have to edit your kibana.yml file to adding the following entries:
elasticsearch.username: kibana_system
elasticsearch.password: "new password"

SOLVED
As I couldn´ t find a reason for that problem I went back to the drawing board ans installed a new kibana container image as a new elasticsearch image and now it works!

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.