TLDR; it seems the built-in account set is losing credential setup information under certain conditions, maybe due to incorrect config? See config below. Now for story time...
I have a basic license, single node installation of elasticsearch, being used as a data repository for a python application. I'm very new to elastic in general so don't assume I know what I'm doing with server config. I managed to configure SSL and turn on authentication, but the built-in accounts (especially "elastic") aren't holding their passwords. In fact, once they "let go", I can set them again using the "bin\elasticsearch-setup-passwords" utility (subsequent attempts to use the utility fail with the usual error until the event recurs). There's no entries in the log when this happens, other than a failed elastic login from me attempting and failing a call to learn that the problem has recurred. It doesn't coincide with an elastic service restart, and there are no errors in the elasticsearch.log other than the auth failures.
My guess is that I have done something unexpected with config, or there's something that "should" be obvious to me that I've missed that is somehow causing the basic creds to not persist. What's interesting is that every "loss" of built-in creds seems to coincide with a call from Postman that hangs (never returns, isn't logged, interesting...). I have never seen the behavior when making calls from Python (requests library, not the elastic one).