Elastic Agent Unenrollment


I was wondering if there were plans as part of an Agent un-enrolment to disable the Elastic Agent service on the host and delete the C:\Program Files\Elastic directory?

As without doing that you can not re-enroll the endpoint using the agent.

Thanks in advance.

Hello @The1WhoPrtNocks . Thanks for reaching out. This is actually documented functionality right now: Unenroll Elastic Agent | Fleet User Guide [7.11] | Elastic

The agent will continue to run, but will not be able to send data. It will show this error instead: invalid api key to authenticate with fleet .

That being said, I can see how this behavior can be unintuitive. We filed a bug here: [Agent] Elastic Agent Unenroll Action Leaves Zombie Service and Process · Issue #24568 · elastic/beats · GitHub

Hi @gabriel.landau ,

Thanks for the info and creating the bug post.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.