Defend integration, agent unhealthy, failed install and exist status 213

Adair_Torres · July 22, 2024, 4:28pm

After the agent was reinstalled on a device, the Elastic Defend integration began showing an error of: "failed install endpoint service ... exit status 213". Which is installation failure from pre-existing files.

I've found a similar issue here that is near exact, but they continued in private channels.

I've provided some of the logs from the agent.

17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: debug: File.cpp:453 Removing [C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-model]
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: info: File.cpp:480 Attempted deletion failed, failed to reset file attributes for C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-model
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: debug: File.cpp:453 Removing [C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-exceptionlist]
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: info: File.cpp:480 Attempted deletion failed, failed to reset file attributes for C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-exceptionlist
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: debug: File.cpp:453 Removing [C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-blocklist]
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: info: File.cpp:480 Attempted deletion failed, failed to reset file attributes for C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-blocklist

The logs also continue repeating with similar messages, where it cycles attempting to remove a file in the cache directory, and then failing.

How can I resolve this issue?

Ben_McNichols · July 22, 2024, 5:20pm

@Adair_Torres I'm sorry you've encountered this issue. As you noted, your issue is likely another instance of the same category of error in the other post. Assuming that ends up being the case, it's likely related to an issue with our self-protection. Unfortunately the specific remedy can vary with the specific original cause and the state the host gets left in. I'll PM you a method to share more specifics so that I'm able to suggest the specific remedy for this host.

system · August 19, 2024, 5:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Agent unhealthy - Defend - failed install endpoint service - Exit status 213 Elastic Security windows	3	333	June 10, 2024
Agent for Endpoint is shown as unhealthy Endpoint Security	2	804	March 27, 2023
Elastic agent unhealthy because of elastic defend integration Elastic Security	6	2171	September 23, 2023
Elastic agent showing unhealthy with windows system Endpoint Security	2	2130	March 24, 2021
Elastic Defend integration failed to upgrade Elastic Agent fleet	5	320	March 11, 2024

Defend integration, agent unhealthy, failed install and exist status 213

Related topics