Enrolling Fleet server

Hello !

We are having trouble to enroll fleet server on our host.

We are working with :

  • Windows Server 2019 Standard
  • Elasticsearch / Kibana / Elastic-Agent version 8.4.2 (same issue with 8.4.1)
  • We try to enroll Fleet server on the same server as the one hosting Elasticsearch and Kibana (

When we try enroll our Fleet server with "Quick Start" :

.\elastic-agent.exe install `
>>   --fleet-server-es= `
>>   --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2NjQyODU5MjgwMDE6U3ZONHJMVDBRcm0yNWZya0NmZkxXQQ `
>>   --fleet-server-es-ca-trusted-fingerprint=dfce3348dbc202e218152b8d8bae874fdd5c8c85041ebaf2c9d9da135375bb91 `
>>   --insecure

We are getting the output :

Elastic Agent will be installed at C:\Program Files\Elastic\Agent and will run as a service. Do you want to continue? [Y/n]:Y
Error: failed to communicate with elastic-agent daemon; is elastic-agent running?
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.4/fleet-troubleshooting.html
Error: enroll command failed with exit code: 1
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.4/fleet-troubleshooting.html

Here's our config files :

cluster.name: siem
node.name: node-1
path.data: D:\Exploit\data
path.logs: D:\Exploit\logs\elasticsearch
http.port: 9200
discovery.type: single-node

xpack.security.enabled: true

xpack.security.enrollment.enabled: true

  enabled: true
  keystore.path: certs/http.p12

  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12


  type: file
  fileName: D:\Exploit\logs\kibana\kibana.log
    type: json

# This section was automatically generated during setup.
elasticsearch.hosts: ['']
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NjQyODM5MjAzNjU6NVR5VlBoWWdTaENBd2tWWS1wZGFldw
elasticsearch.ssl.certificateAuthorities: ['D:\ELK\kibana\data\ca_1664283921924.crt']
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: [''], ca_trusted_fingerprint: dfce3348dbc202e218152b8d8bae874fdd5c8c85041ebaf2c9d9da135375bb91}]

We crawled the troubleshooting guide with no luck. We also tried enrolling with both --fleet-server-insecure-http and --insecure. We got the same error.

The same warning keep displaying in our elastic logs :

[2022-09-27T16:04:31,544][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/, remoteAddress=/}

It seems that there is some kind of certificate issue between Elasticsearch and Fleet. We launched Elasticsearch with security features auto enabled.

We thought that was it while seeing this subject but it didn't work.

We are running out of troubleshooting steps to attempt, any advices or help would be appreciated.

Thanks !!!

Hi Benjamin,
do you happen to use a localized (for instance french) version of Windows ?
Not sure if this applies to your case, but it seems like fancy bugs happen when installing agent service on non-english Windows. see Elastic Agent commands not working in Windows 10 in German · Issue #857 · elastic/elastic-agent · GitHub

1 Like

Hi Vincent.
Our Windows is french indeed.
We will take a look at this.

Hi Vincent.
We started again from an english WIndows and everything seems to work.
Thanks a lot, you saved lot of time for us.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.