Windows Server 2019
Our environment has some devices that can only communicate with our Elastic cluster via a proxy. The elastic agent is setup with the environment registry keys (HKLM\SYSTEM\CurrentControlSet\Services\Elastic Agent\Environment) for http_proxy and https_proxy. The elastic agent respects and uses these environment variables.
When the server is added to an agent policy that has Endpoint security, the endpoint agent is deployed as expected. However, it is unable to communicate with our cluster because the install is not copying/using the environment variables from the elastic agent registry key.
Should be an easy enough fix - just add the appropriate registry keys to (HKLM\SYSTEM\CurrentControlSet\Services\ElasticEndpoint) and restart the server (since the endpoint service can't be restarted).
After the restart, this error is in the logs - '[elastic_agent.endoint_security] [info] Connecting to server localhost:6789 via HTTP proxy ipv4:(ipaddress of proxy)'.
So the agent is using (and reading ) the proxy config from the registry, it just needs to exclude 'localhost' from being proxied. 'no_proxy=localhost,127.0.0.1' is added to the Environment registry key and the server is restarted.
After the restart, this is in the logs: '[elastic_agent.endoint_security][debug] not using proxy for host in no_proxy list 'dns:///localhost:6789'. So the agent is reading the 'no_proxy' variable and applying it properly.
But....the elastic endpoint agent is not using the proxy config to communicate with fleet or our cluster. The agent logs are littered with communication issues between the endpoint agent, fleet and our cluster. The logs also contain '[elastic_agent.endpoint_security][info] ProxyConfig.cpp Proxy URL:'
Additionally, Process Explorer shows the endpoint-agent is NOT using the proxy, it's showing direct attempted connections to fleet.
Adding http_proxy, https_proxy and no_proxy environmental variables to the system variables and restarting the server did not fix the issue for the endpoint service.
From an admin powershell prompt, running 'endpoint-agent.exe test output' - produces output that shows the proper proxy url and show connectivity to the cluster. If the https_proxy, http_proxy environmental variables are removed, the test output fails since it is attempting a direct connection.
It appears that the executable is respecting the environmental variables and using them. It appears to be an issue with the elasticendpoint service not reading and using the environment variables - unless I am doing something wrong.
Any help would be greatly appreciated.