- ELK v7.12.1 Standalone
- OS Win 10 Pro, v20H2, build 19042.928
I recently upgraded to ELK v7.12.1 and have been testing it. Today I tried to update existing agents in Fleet to the most recent version. So far I have not been able to successfully deploy any agent, where the policy assigned includes integration Elastic Endpoint. I even tried unenrolling agents, uninstalling/removing Elastic Agent and Elastic Endpoint from the machine and installing from scratch. Every time the policy was only System or Windows or any other combination but Elastic Endpoint, the deployment completes successfully and stays healthy. If the policy includes Elastic Endpoint it will install the Elastic Agent, but will fail to deploy Elastic Endpoint. I also tried removing the Elastic Agent/Endpoint and rebooting the machine, then install from scratch, but that did not help. I may need to remove some Windows registry entries, but will let you guys advice how to proceed from here. Please see the logs below:
Exceed characters limit, so used external link
I'm sorry you are encountering problems getting the Elastic Endpoint integration to successfully install. Thanks for providing the log files, they were very helpful.
I'm not certain what order of events might have put the machine(s) in this state, but from the logs it appears the Elastic Endpoint installation is discontinuing when it discovers that the ElasticElamDriver service already exists. I was able to produce the same log output you provided by creating a service with that name (ElasticElamDriver) prior to adding the Elastic Endpoint integration.
I was able to resolve the issue and get the Elastic Endpoint integration successfully installed by:
- Ensuring Endpoint Security integration was not presently part of the policy assigned to the host, such that there's no chance Agent is presently attempting to install the Endpoint Security integration.
- On the host, opening an Administrator Command Prompt and deleting the conflicting service using the command
sc delete ElasticElamDriver .
- Adding the Endpoint Security integration back to the policy used on that host.
- After a short period of time, I noted Elastic Endpoint had now been successfully installed and was running on the host.
Would you be able to try those steps and see if that resolves the issue?
Thank you so much for your prompt response. Your solution worked like a charm. After deleting the
ElasticElamDriver, and restarted the Elastic Agent, I was able to successfully deploy the Endpoint and agent changed to Healthy state.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.