Elasticsearch 7.17 suddenly prevents login

I installed elasticsearch 7.17.11 from the artifacts.elastic.co repo with security, on a fresh Ubuntu 20.04.6 node a couple of days ago, for a Magento 2.4.5-p3 store. It worked fine, certainly allowed me to connect remotely with elastic/password.

Now, all of a sudden, elastic is not letting me connect:

  "error" : {
    "root_cause" : [
        "type" : "security_exception",
        "reason" : "unable to authenticate user [elastic] for REST request [/_cat/health?v&pretty]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    "type" : "security_exception",
    "reason" : "unable to authenticate user [elastic] for REST request [/_cat/health?v&pretty]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
  "status" : 401

Does anyone know why this would suddenly happen?


It looks like the login/password are not matching or are not passed to the API call?

Thank you very much for your response.

They're the same credentials that worked yesterday.

I'm trying from the command line on another machine, exactly as yesterday:

curl -XGET 'elastic-server-ip:9200/_cat/health?v&pretty' --user "elastic:the-same-password-as-yesterday"

If I log into the search server, it is reporting that the node is still up:

$ systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
     Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-07-12 16:53:12 BST; 1h 15min ago
       Docs: https://www.elastic.co
   Main PID: 1533 (java)
      Tasks: 51 (limit: 19660)
     Memory: 2.2G
     CGroup: /system.slice/elasticsearch.service
             ├─1533 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=>
             └─1683 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

Jul 12 16:52:22 dedivps-124849.dedicloud.co.uk systemd[1]: Starting Elasticsearch...
Jul 12 16:53:12 dedivps-124849.dedicloud.co.uk systemd[1]: Started Elasticsearch.

Could this be something as simple as an out-of-memory issue?

Could you please share the Elasticsearch logs?

Hi there.

I decided to bite the bullet, reinstall and run elasticsearch-setup-passwords auto again, and now I can connect.

Thanks again for your help, @dadoonet

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.