Elasticsearch start log error “failed to authenticate user [kibana]”


(Little Five) #1

My elasticsearch has been reporting the following error during startup, I hope professional personnel help solve it, thank you very much!

[2018-05-11T09:24:34,959][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2018-05-11T09:24:37,555][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2018-05-11T09:24:40,151][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2018-05-11T09:24:41,790][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2018-05-11T09:24:42,748][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2018-05-11T09:24:45,341][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2018-05-11T09:24:47,935][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2018-05-11T09:24:50,530][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2018-05-11T09:24:53,123][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2018-05-11T09:24:53,518][INFO ][o.e.x.s.a.AuthenticationService] [elk-node2] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]

I use two machines for testing, node1, node2
The first time I installed both elasticsearch and kibana services on the node1 server, only elasticsearch was installed on the node2 server. It was clustered with elasticsearch on node1, and then x-pack was installed for both elasticsearch and kibana services. At this time, everything is ok.
Later, for other reasons, I needed to migrate the kibana service to node2. After the migration was complete, the elasticsearch and kibana services on node2 were all running ok. However, the elasticsearch service on node1 was still getting an error at startup. The content was an error in the screenshot. The log content says kibana user authentication error.
However, my kibana has been migrated from node1 to node2. The configuration in kibana.yml also points to node2. I don't understand why this error occurs.


(Ioannis Kakavas) #2

Please do not post screenshots of error messages. They are hard for people who follow the forums on email, and for those who are reading on mobile devices, and they break search, which means other people who have the same issue will not be able to find the solution.

Please copy and paste the text of the errrors, and format it using the </> button.

It looks like kibana is still pointing to that node. In any case the location of the Kibana server should not affect the credentials for the kibana user, so the authentication would still be successful. Please show us the relevant parts of your configuration (kibana.yml and elasticsearch.yml) so that we can assist you further with this.


(Little Five) #3

Good morning, Sir! Thank you very much for your support. The following content is inside my elasticsearch and kibana configuration files

################# node1 elasticsearch.yml #################
    cluster.name: elk-test
    node.master: true
    node.name: elk-node1
    bootstrap.memory_lock: true
    bootstrap.system_call_filter: false
    http.cors.enabled: true
    http.cors.allow-origin: "*"
    http.cors.allow-credentials: true
    http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
    network.host: 0.0.0.0
    http.port: 9200
    discovery.zen.ping.unicast.hosts: ["elk-node1", "elk-node2"]
    ####################################################

    ################# node2 elasticsearch.yml #################
    cluster.name: elk-test
    node.name: elk-node2
    bootstrap.memory_lock: true
    bootstrap.system_call_filter: false
    http.cors.enabled: true
    http.cors.allow-origin: "*"
    http.cors.allow-credentials: true
    http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
    network.host: 0.0.0.0
    http.port: 9200
    discovery.zen.ping.unicast.hosts: ["elk-node1", "elk-node2"]
    ####################################################

    ##################### kibana.yml ######################
    server.port: 5601
    server.host: "172.17.233.19"    #"172.17.233.19" is the intranet IP of this server
    server.name: "kibana"
    elasticsearch.url: "http://172.17.233.19:9200"
    elasticsearch.username: "elastic"
    elasticsearch.password: "dLnQWjTcCZI3eCcoVj4N"
    xpack.reporting.encryptionKey: "a_random_string"
    xpack.security.encryptionKey: "something_at_least_32_characters"

(Tim Vernum) #4

What did you do with the old Kibana installation on node1?
Evidence suggests that it might still be there.


(Little Five) #5

Kibana on the original node, after I closed the service, it was deleted, and then reinstalled and installed a new kibana service and x-pack on the new node.


(Tim Vernum) #6

I'm confused by your node numbers.

You say:

But the log you've provided clearly shows elk-node2

Exactly which node is showing this error?


(Little Five) #7

Sorry, it was my mistake, the error message is on node2


(Tim Vernum) #8

And node 2 is the node that has Kibana running on it?
In which case this error indicates that the password in your kibana.yml file is wrong.


(system) #9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.