Endpoint-security State changed to DEGRADED: Protecting with policy

Good Day, After some mins after staring agent Elastic Agent .. status changed from Health to UnHealth (with Endpoint Security Integration)
I check logs and find line:
endpoint-security State changed to DEGRADED: Protecting with policy {policy_id}

OS : Windows 10
Elastic Agent 7.12

Any suggestion how to resolve this issue ?

Hi @Alexey_Shalin

This most likely indicates that the Endpoint Security policy has failed to apply cleanly. A good place to start debugging this is by looking at the Endpoint policy status details.

If you go to the Security -> Endpoint page you should be able to find the Endpoint in the degraded state. If you click on the Policy status entry for the failing Endpoint a fly out will appear on the right hand side with details of what failed. Can you do that and post back with what is failing? If the answer isn't clear from there we'll have to look at Endpoint logs.

Ok. Thx,. I'm checking.
[Security]->[Administration]->Endpoints
and did not find my new agent :frowning
So.. I resolved issue. I removed old CA and SubCA from Certification Util and restart agent. And now it's working properly. Events and etc going to ELK,, but some problem with retrieving infos like:
Host ID
—
First seen
—
Last seen

Your visualization has error(s)
Data Fetch Failure
Request Timeout after 30000ms

I'm glad you made progress!

I'm not sure what you mean by "some problem with retrieving infos like:..." Can you state that another way?

Seems there was issue with ELK cluster and it's was a reason. why i did not see information about agent :
like OS and etc.
Now everything works OK
but it's very strange that windows agent - pick up first CA and SubCa in certificate storage .. and not tring to find fresh one

and now everything works find
thx\

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.