ECE On premise 7.12 Fleet failure to Enroll, windows 10 system

I just setup an ECE instance using 7.9 (which I believe is the latest) and spun up a cluster for security using version 7.12. I setup a new agent and tried to enroll a windows 10 target workstation as outlined, but an getting the following error.

Error while enrolling: fail to execute the HTTP POST request: Post https://235b02623be74f1999ce940d4fd05ce1.192.168.1.121.ip.es.io:443: dial tcp 192.168.1.121:443: connectex: No connection could be made because the target machine actively refused it.

Below is the command I used to try and install it, but I get the same error every time. I also tried using the -i flag for insecure, but no change. It simply does not want to enroll.

.\elastic-agent.exe install -f --kibana-url=https://235b02623be74f1999ce940d4fd05ce1.192.168.1.121.ip.es.io:443 --enrollment-token=QTZjU2huZ0ItX2JTWHRwYzU3S3I6NkloTVd1ZDRUU2EteEtpRmEtLXc2dw==

Based on the error message it looks like kibana/fleet is refusing the connection. I verified the windows firewall on the endpoint is turned off. No network firewall in between the endpoint and the elastic cluster.

Why would Kibana actively refuse the agent enrollment?

Figured it out, looks like when you install ECE on premise or in a private datacenter, the default target URLS for the fleet agents are set to 443, but kibana and ES don't listen on those ports. They listen on 9243, so I changed the default URL endpoints for the fleet agents to use 9243, and it worked like a charm next time I tried to enroll.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.