Hi,
I was wondering if there were plans as part of an Agent un-enrolment to disable the Elastic Agent service on the host and delete the C:\Program Files\Elastic directory?
As without doing that you can not re-enroll the endpoint using the agent.
Thanks in advance.
Hello @The1WhoPrtNocks . Thanks for reaching out. This is actually documented functionality right now: Unenroll Elastic Agent | Fleet User Guide [7.11] | Elastic
The agent will continue to run, but will not be able to send data. It will show this error instead:
invalid api key to authenticate with fleet.
That being said, I can see how this behavior can be unintuitive. We filed a bug here: [Agent] Elastic Agent Unenroll Action Leaves Dormant Service and Process Running · Issue #24568 · elastic/beats · GitHub
Hi @gabriel.landau ,
Thanks for the info and creating the bug post.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.