Change the Account which is used to run the elastic stack (Windows Server)


I´m running the Elastic Stack onPrem with the latest version 8.10.2 (Elasticsearch - Kibana - WinlogBeat + Metricbeat).
The Elastic stack was installed with my normal Windows account on a Windows Server 2016.
Now I would like to replace my personal account with another technical account.
What do I have to do for that?

First I logged in with the new account on the server and tried to start elasticsearch via cmd in the foreground.
But after I tried to start elasticsearch I got the following error message.

Exception in thread "main" java.lang.RuntimeException: starting java failed with [1]
[0.009s][error][logging] Error opening log file 'logs/gc.log': Permission denied
[0.009s][error][logging] Initialization of output 'file=logs/gc.log' using options 'filecount=32,filesize=64m' failed.
Could not rename log file 'logs/gc.log' to 'logs/gc.log.14' (Permission denied).
Invalid -Xlog option '-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,level,pid,tags:filecount=32,filesize=64m', see error log for details.
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
        at org.elasticsearch.server.cli.JvmOption.flagsFinal(
        at org.elasticsearch.server.cli.JvmOption.findFinalOptions(
        at org.elasticsearch.server.cli.MachineDependentHeap.determineHeapSettings(
        at org.elasticsearch.server.cli.JvmOptionsParser.jvmOptions(
        at org.elasticsearch.server.cli.JvmOptionsParser.determineJvmOptions(
        at org.elasticsearch.server.cli.ServerProcess.createProcess(
        at org.elasticsearch.server.cli.ServerProcess.start(
        at org.elasticsearch.server.cli.ServerProcess.start(
        at org.elasticsearch.server.cli.ServerCli.startServer(
        at org.elasticsearch.server.cli.ServerCli.execute(
        at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(
        at org.elasticsearch.cli.Command.main(
        at org.elasticsearch.launcher.CliToolLauncher.main(

The new account has local admin rights but it seems that this isn´t enough. So I added explicit (modify) permissions to the elasticsearch directory to the account and tried it again.

After the second attempt, elastisearch was running normally.

Next Step: Kibana, WinlogBeat, Metricbeat ...

I´ve configured the other directories explicitly with modify rights as well. Now elastic (and the other solutions) are running properly again.
But this is quite boring without any problems... :crazy_face:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.