Cannot stop winlogbeat service

Elastic Stack Elasticsearch
1

Hello all,

I'm facing the following issue: I cannot stop the winlogbeat service either automatically or manually. The service can be stopped only after clicking "End Task" in the Task Manager. I did test the same Ansible role against several servers on-premises and in the cloud.

If I try to do it manually (run Power Shell as Admin):

PS C:\Program Files\Winlogbeat> .\uninstall-service-winlogbeat.ps1
Stop-Service : Service 'winlogbeat (winlogbeat)' cannot be stopped due to the following error: Cannot stop winlogbeat
service on computer ''.''.'

At C:\Program Files\Winlogbeat\uninstall-service-winlogbeat.ps1:3 char:3
+   Stop-Service winlogbeat
+   ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (System.ServiceProcess.ServiceController:ServiceController) [Stop-Service],
   ServiceCommandException
    + FullyQualifiedErrorId : CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand

After that, the Power Shell hangs completely and the winlogbeat service is in a permanent Stopping state.

But when I "End Task" in the Task Manager it works fine.

1 Like
2

Hello all,

The problem is solved. The root cause - failed DNS Lookup:

{"log.level":"error","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":148},"message":"Failed to connect to backoff(async(tcp:/*****************:5046)): lookup **************: no such host","service.name":"winlogbeat","ecs.version":"***"}

Winlogbeat is failing to connect to the Elasticsearch server due to a DNS lookup failure for the hostname *************** . The system can't resolve this hostname to an IP address.

This might be considered a bug; in the case of Connectivity issues, we cannot manage the Winlogbeat Service from an Operating System perspective. Also, we have no output that indicates the network connectivity issue. As a conclusion, all the Automation gets stuck.

winlogbeat-8.8.2

Please let me know your thoughts on this.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.