Elastic Agent Enrollment Errors

secopsgeek · February 24, 2022, 5:31pm

Hello,

I am having some problems enrolling linux and windows agent into Elastic Fleet services. This is the message I am getting:

sudo ./elastic-agent enroll -f --fleet-server-es=https://172.16.100.6:8220 --fleet-server-service-token=X2FNWExIOEJleW9ZVDRzQUdCY206UEpqSWFJa0tSdDJ0ZU1RN3JFVU8xQQ== --fleet-server-policy=594ee9f0-957c-11ec-9cf4-ff209d017486
2022-02-24T10:21:29.730-0600	INFO	cmd/enroll_cmd.go:386	Generating self-signed certificate for Fleet Server
2022-02-24T10:21:30.338-0600	INFO	cmd/enroll_cmd.go:571	Spawning Elastic Agent daemon as a subprocess to complete bootstrap process.
2022-02-24T10:21:30.483-0600	INFO	application/application.go:67	Detecting execution mode
2022-02-24T10:21:30.486-0600	INFO	application/application.go:88	Agent is in Fleet Server bootstrap mode
2022-02-24T10:21:30.759-0600	INFO	[api]	api/server.go:62	Starting stats endpoint
2022-02-24T10:21:30.759-0600	INFO	application/fleet_server_bootstrap.go:130	Agent is starting
2022-02-24T10:21:30.759-0600	INFO	[api]	api/server.go:64	Metrics endpoint listening on: /home/ronniewatson/elastic-agent-7.17.0-linux-x86_64/data/tmp/elastic-agent.sock (configured: unix:///home/ronniewatson/elastic-agent-7.17.0-linux-x86_64/data/tmp/elastic-agent.sock)
2022-02-24T10:21:30.760-0600	INFO	application/fleet_server_bootstrap.go:140	Agent is stopped
2022-02-24T10:21:30.762-0600	INFO	stateresolver/stateresolver.go:48	New State ID is ImcuOHJh
2022-02-24T10:21:30.762-0600	INFO	stateresolver/stateresolver.go:49	Converging state requires execution of 1 step(s)
2022-02-24T10:21:31.489-0600	INFO	log/reporter.go:40	2022-02-24T10:21:31-06:00 - message: Application: fleet-server--7.17.0[]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'
2022-02-24T10:21:31.490-0600	INFO	stateresolver/stateresolver.go:66	Updating internal state
2022-02-24T10:21:32.513-0600	ERROR	status/reporter.go:236	Elastic Agent status changed to: 'error'
2022-02-24T10:21:32.513-0600	ERROR	log/reporter.go:36	2022-02-24T10:21:32-06:00 - message: Application: fleet-server--7.17.0[]: State changed to FAILED: Error - tls: first record does not look like a TLS handshake - type: 'ERROR' - sub_type: 'FAILED'
2022-02-24T10:21:33.342-0600	INFO	cmd/enroll_cmd.go:776	Fleet Server - Error - tls: first record does not look like a TLS handshake
2022-02-24T10:21:42.515-0600	INFO	status/reporter.go:236	Elastic Agent status changed to: 'online'
2022-02-24T10:21:42.515-0600	INFO	log/reporter.go:40	2022-02-24T10:21:42-06:00 - message: Application: fleet-server--7.17.0[]: State changed to RESTARTING:  - type: 'STATE' - sub_type: 'STARTING'
2022-02-24T10:21:42.516-0600	INFO	log/reporter.go:40	2022-02-24T10:21:42-06:00 - message: Application: fleet-server--7.17.0[]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'
2022-02-24T10:21:42.516-0600	INFO	log/reporter.go:40	2022-02-24T10:21:42-06:00 - message: Application: fleet-server--7.17.0[]: State changed to RESTARTING: Restarting - type: 'STATE' - sub_type: 'STARTING'

Any tips on how I can fix this?

sholzhauer · February 24, 2022, 6:12pm

It appears there is a TLS handshake failure.

What is the output when you try connecting with curl (or an equivalant)?

secopsgeek · February 24, 2022, 6:27pm

./elastic-agent : 2022-02-16T13:25:07.337-0600	WARN	[tls]	tlscommon/tls_config.go:101	SSL/TLS verifications disabled.
At C:\Users\ronniewatson\Desktop\Server Install.ps1:63 char:1
+ ./elastic-agent install -f --url=https://172.16.100.6:8220 --insecure ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (2022-02-16T13:2...tions disabled.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
2022-02-16T13:25:07.436-0600	INFO	cmd/enroll_cmd.go:454	Starting enrollment to URL: https://172.16.100.6:8220/
2022-02-16T13:25:07.907-0600	WARN	[tls]	tlscommon/tls_config.go:101	SSL/TLS verifications disabled.
Error: fail to enroll: fail to execute request to fleet-server: http: server gave HTTP response to HTTPS client
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/7.17/fleet-troubleshooting.html
Error: enroll command failed with exit code: 1
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/7.17/fleet-troubleshooting.html

sholzhauer · February 25, 2022, 9:33am

Are you sure your fleet server is running on TLS and/or a loadbalancer/proxy is serving HTTPS?
This looks like the endpoint is returning HTTP.

secopsgeek · February 25, 2022, 9:47am

From what I know of the settings are https://172.16.100.6:8220

sholzhauer · February 25, 2022, 9:52am

Can you tell us a bit about your fleet setup? (technical details)
How many servers, load balanced, etc?

system · March 25, 2022, 9:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error enroll fleet-server Elastic Security elastic-stack-security , fleet , elastic-agent	5	347	July 13, 2022
Error enrolling Fleet Server: FAILED: Missed two check-ins Elasticsearch fleet	1	619	May 31, 2022
Can't enroll an agent to create Fleet Server (no error shown in log) Beats fleet	5	3610	February 24, 2022
Enrolling Fleet server Elastic Agent elastic-stack-security , fleet	4	712	October 28, 2022
Unable to create a fleet server with SSL certificates configured Elastic Agent	4	45	August 9, 2024

Elastic Agent Enrollment Errors

Related Topics