Error 1053 the service did not respond to the start or control request in a timely fashion

Elastic Stack Beats
1

Hi,

i have had installed the winlogbeat server on a 2019 Server and it worked without a Problem.
Then I uninstalled it and tested a few things and tweaked the config.
Now when i reinstall it i cannot start it. I get the Error "error 1053 the service did not respond to the start or control request in a timely fashion"

.\winlogbeat.exe test config -c .\winlogbeat.yml -e
2019-08-08T11:27:01.935+0200    INFO    instance/beat.go:606    Home path: [C:\Program Files\Winlogbeat] Config path: [C:\Program Files\Winlogbeat] Data path: [C:\Program Files\Winlogbeat\data] Logs path: [C:\Program Files\Winlogbeat\logs]
2019-08-08T11:27:01.941+0200    INFO    instance/beat.go:614    Beat ID: 2af2a90a-31c5-45d0-81b9-7b4fb0bed9fb
2019-08-08T11:27:01.995+0200    INFO    [beat]  instance/beat.go:902    Beat info       {"system_info": {"beat": {"path": {"config": "C:\\Program Files\\Winlogbeat", "data": "C:\\Program Files\\Winlogbeat\\data", "home": "C:\\Program Files\\Winlogbeat", "logs": "C:\\Program Files\\Winlogbeat\\logs"}, "type": "winlogbeat", "uuid": "2af2a90a-31c5-45d0-81b9-7b4fb0bed9fb"}}}
2019-08-08T11:27:01.997+0200    INFO    [beat]  instance/beat.go:911    Build info      {"system_info": {"build": {"commit": "6f0ec01a0e57fe7d4fd703b017fb5a2f6448d097", "libbeat": "7.3.0", "time": "2019-07-24T17:45:51.000Z", "version": "7.3.0"}}}
2019-08-08T11:27:02.001+0200    INFO    [beat]  instance/beat.go:914    Go runtime info {"system_info": {"go": {"os":"windows","arch":"amd64","max_procs":4,"version":"go1.12.4"}}}
2019-08-08T11:27:02.025+0200    INFO    [beat]  instance/beat.go:918    Host info       {"system_info": {"host": {"architecture":"x86_64","boot_time":"2019-08-08T10:52:35.03+02:00","name":"MDT-01","ip":["fe80::c02a:2b35:585a:1905/64","10.134.240.110/24","::1/128","127.0.0.1/8"],"kernel_version":"10.0.17763.615 (WinBuild.160101.0800)","mac":["00:50:56:86:6f:90"],"os":{"family":"windows","platform":"windows","name":"Windows Server 2019 Datacenter","version":"10.0","major":10,"minor":0,"patch":0,"build":"17763.615"},"timezone":"CEST","timezone_offset_sec":7200,"id":"c9408118-ac9f-4672-b64c-7fee9268818d"}}}
2019-08-08T11:27:02.035+0200    INFO    [beat]  instance/beat.go:947    Process info    {"system_info": {"process": {"cwd": "C:\\Program Files\\Winlogbeat", "exe": "C:\\Program Files\\winlogbeat\\winlogbeat.exe", "name": "winlogbeat.exe", "pid": 2264, "ppid": 9804, "start_time": "2019-08-08T11:27:01.835+0200"}}}
2019-08-08T11:27:02.036+0200    INFO    instance/beat.go:292    Setup Beat: winlogbeat; Version: 7.3.0
2019-08-08T11:27:02.044+0200    INFO    [publisher]     pipeline/module.go:97   Beat name: MDT-01
2019-08-08T11:27:02.046+0200    INFO    beater/winlogbeat.go:69 State will be read from and persisted to C:\Program Files\Winlogbeat\data\.winlogbeat.yml
Config OK

When I start it with the Same command as the Service does it also works
"C:\Program Files\Winlogbeat\winlogbeat.exe" -c "C:\Program Files\Winlogbeat\winlogbeat.yml" -path.home "C:\Program Files\Winlogbeat" -path.data "C:\ProgramData\winlogbeat" -path.logs "C:\ProgramData\winlogbeat\logs" -E logging.files.redirect_stderr=true

Even in the debug log i can't see an error.

https://pastebin.com/uxUYkPpA

This is my Config

winlogbeat.event_logs:
  - name: Application
    ignore_older: 72h

  - name: System

  - name: Security
    processors:
      - script:
          lang: javascript
          id: security
          file: ${path.home}/module/security/config/winlogbeat-security.js

  - name: Microsoft-Windows-Sysmon/Operational
    processors:
      - script:
          lang: javascript
          id: sysmon
          file: ${path.home}/module/sysmon/config/winlogbeat-sysmon.js


setup.template:
  name:    'winbeat-test-${COMPUTERNAME}.${userDNSdomain}'
  pattern: 'winbeat-test-${COMPUTERNAME}.${userDNSdomain}-*'
  settings:
    index.number_of_shards: 1
	
setup.ilm.enabled: false

setup.kibana:
  host: "elk:5601"

output.logstash:
  hosts: ["elk:5044"]
  ssl.certificate_authorities:
  
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

It would be great if somebody has an idea where i can look at.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.