I've been trying to setup a testing ELK stack environment for learning purposes. I am running:
VM1 = Ubuntu Server 20.04 running Elasticsearch / Kibana with IP 172.16.0.27. Minimal Security is on.
VM2 = Ubuntu Server 20.04 running an elastic-agent that is enrolled as fleet server with IP 172.16.0.28. This is working in Kibana and "Healthy".
VM3 = Ubuntu Server 20.04 running Nginx with IP 172.16.0.117.
Now that the fleet server is working and displaying in Kibana I followed the instruction to extract the agent tarball on the server I want to monitor, in this instance VM3. I chose the default policy and copied the command. I added --insecure since I'm not using certificates.
~/elastic-agent-7.15.0-linux-x86_64$ sudo ./elastic-agent install -f --url=http://172.16.0.28:8220 --enrollment-token=OMITTED --insecure
This however gives me an error. I have checked and to be sure I don't have UFW turned on so it can't be the firewall.
2021-10-01T12:44:57.605Z WARN [tls] tlscommon/tls_config.go:98 SSL/TLS verifications disabled. 2021-10-01T12:44:57.963Z INFO cmd/enroll_cmd.go:432 Starting enrollment to URL: http://172.16.0.28:8220/ Error: fail to enroll: fail to execute request to fleet-server: fail to read original error: read tcp 172.16.0.117:47494->172.16.0.28:8220: read: connection reset by peer For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/7.15/fleet-troubleshooting.html Error: enroll command failed with exit code: 1
I also tried to check the connection with curl.
curl -f http://172.16.0.28:8220/api/status
And i got error:
curl: (22) The requested URL returned error: 400 bad request
All the services are running and they can all ping each other. In Kibana the fleetserver is reported as "Healthy". I don't know what to check anymore, can someone help?