I recently upgraded to ELK v7.12.1 and have been testing it. Today I tried to update existing agents in Fleet to the most recent version. So far I have not been able to successfully deploy any agent, where the policy assigned includes integration Elastic Endpoint. I even tried unenrolling agents, uninstalling/removing Elastic Agent and Elastic Endpoint from the machine and installing from scratch. Every time the policy was only System or Windows or any other combination but Elastic Endpoint, the deployment completes successfully and stays healthy. If the policy includes Elastic Endpoint it will install the Elastic Agent, but will fail to deploy Elastic Endpoint. I also tried removing the Elastic Agent/Endpoint and rebooting the machine, then install from scratch, but that did not help. I may need to remove some Windows registry entries, but will let you guys advice how to proceed from here. Please see the logs below:
I'm sorry you are encountering problems getting the Elastic Endpoint integration to successfully install. Thanks for providing the log files, they were very helpful.
I'm not certain what order of events might have put the machine(s) in this state, but from the logs it appears the Elastic Endpoint installation is discontinuing when it discovers that the ElasticElamDriver service already exists. I was able to produce the same log output you provided by creating a service with that name (ElasticElamDriver) prior to adding the Elastic Endpoint integration.
I was able to resolve the issue and get the Elastic Endpoint integration successfully installed by:
Ensuring Endpoint Security integration was not presently part of the policy assigned to the host, such that there's no chance Agent is presently attempting to install the Endpoint Security integration.
On the host, opening an Administrator Command Prompt and deleting the conflicting service using the command sc delete ElasticElamDriver .
Adding the Endpoint Security integration back to the policy used on that host.
After a short period of time, I noted Elastic Endpoint had now been successfully installed and was running on the host.
Would you be able to try those steps and see if that resolves the issue?
Thank you so much for your prompt response. Your solution worked like a charm. After deleting the ElasticElamDriver, and restarted the Elastic Agent, I was able to successfully deploy the Endpoint and agent changed to Healthy state.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
