Connection error to a secured Elasticsearch: unable to authenticate user


I am trying to create a track from an Elasticsearch node (v7.5.2) that is running on a Windows server 2019 VM and using TLS with basic authentication.

From the rally (v2.0.4) machine I am able to curl to it just fine:

curl -k -H "Authorization:Basic ###############" https://elastic_vm:9200

However, when trying to create a track:

esrally create-track --track=my_track--target-host=elastic_vm:9200 --client-options="use_ssl:true,verify_certs:false,basic_auth_user:'user',basic_auth_password:'password',http_compress:true"

I get the error:

[ERROR] Cannot create-track. AuthenticationException(401, 'security_exception', 'unable to authenticate user [user] for REST request [/]').

What am I still missing?



I think esrally is trying to ping your elasticsearch host by calling https://elastic_vm:9200 . If you have enabled security accessing / requires monitor privileges ( I had the same problem with the .NET NEST client).


  1. Grant your user monitor privileges (at least cluster:monitor/main)
  2. check if you can disable the ping for esrally

Best regards


Thanks for responding!

I did check the security of the user and it has the 'superuser' role, which includes all access to the cluster.
Regarding esrally ping, I wasn't able to find any reference to that, maybe they use a different term?

Unfortunately, the logs display the same error that I included in this post, so not much help there, unless there is some debug output that can enabled?

Thank you!


This sounds like there is a problem with the esrally configuration and I have no experience with that. I checked the documentation of esrally and found the following hint:

Avoid the characters ' , , and : in user name and password as Rally’s parsing of these options is currently really simple and there is no possibility to escape characters.

Can you check your user and password for this characters?

If this doesn't help maybe you should create an issue with esrally as it does not seem to be an Elasticsearch problem as you can login using curl.

Best regards

Yes, I already verified those characters and they are not part of the user name or password.
There is also an issue opened with ES support and I'm waiting for a reply.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.