[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. connect ETIMEDOUT

Devanshu_Rastogi · March 25, 2024, 5:20pm

Hi I am new to Elasticsearch and kibana and today I ran into an error due to which my kibana is not starting.

My kibana.yaml -

# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"

# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"

# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# The maximum number of sockets that can be used for communications with elasticsearch.
# Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024

# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug

# Enables you to specify a file where Kibana stores log output.
#logging.appenders.default:
#  type: file
#  fileName: /var/logs/kibana.log
#  layout:
#    type: json

# Logs queries sent to Elasticsearch.
#logging.loggers:
#  - name: elasticsearch.query
#    level: debug

# Logs http responses.
#logging.loggers:
#  - name: http.server.response
#    level: debug

# Logs system usage information.
#logging.loggers:
#  - name: metrics.ops
#    level: debug

# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data

# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
#i18n.locale: "en"

# =================== Frequently used (Optional)===================

# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.

# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000

# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb

# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15

# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000

# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000


# This section was automatically generated during setup.
elasticsearch.hosts: ['https://192.168.42.171:9200']
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3MTEyMjAyMDc1MzQ6aHlxOEI5MEVTYnVLRURSQVd1UjhLUQ
elasticsearch.ssl.certificateAuthorities: ['C:\Elastic Stack\kibana-8.12.2\data\ca_1711220208212.crt']
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://192.168.42.171:9200'], ca_trusted_fingerprint: 4e14fade7c8e97875344a347fc88119d8fe03e8bd728d47febf687f0ce573cf7}]

My elasticsearch.yaml -
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 23-03-2024 16:41:44
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["LEGION"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

I ran the elasticsearch batch file and it worked fine showing health status as green in the logs. After that I started Kibana through kibana batch file but it showed the error -
[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. connect ETIMEDOUT 192.168.42.171:9200

When I go to localhost:5601 it shows Kibana server is not ready yet.
Please someone help me out since I am not able to understand anything

EDIT From Mod: Please Format your code in the future using by highlighting the code and using </> button. I did it for you

stephenb · March 25, 2024, 11:10pm

Hi @Devanshu_Rastogi Welcome to the community!

Just to clarify in case there is any confusion

This is a community forum staffed by volunteers, not a support platform.
There is no SLA or even the expectation that every question will be answered.
There are many users who have questions and few who answer.
Please be patient ... repeated "pinging" of your topic is not good form and is discouraged.

stephenb · March 25, 2024, 11:35pm

What documents did you follow?

What version are you on?

I suspect there were other errors further up... in the kibana log

Are kibana and Elasticsearch on the same server?

Did you curl Elasticsearch from Kibana?

Did you search the forum for "Unable to retrieve version information from Elasticsearch"

Devanshu_Rastogi · March 26, 2024, 4:13am

Sorry for the same will keep it in mind next time

Devanshu_Rastogi · March 26, 2024, 4:25am

Followed this video https://www.youtube.com/watch?v=kYXx0sq74Tc&list=PLA3GkZPtsafYd5m2BXmkL9pjsBKy0FQ2X&index=3

I am using version 8.12.2 for both elasticsearch and kibana.

I think so but not sure of that. I have attached both kibana and elasticsearch config files above you can refer it. elasticsearch.yaml is also inside the kibana.yaml you formatted.

Did you curl Elasticsearch from Kibana? No I just started batch file of elasticsearch and then started batch file of kibana normally without command prompt.

I did search the forum for the same but they didn't help as they were all of more specific cases for the same.

Kibana log:

Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.12/production.html#openssl-legacy-provider
{"log.level":"info","@timestamp":"2024-03-26T04:19:54.413Z","log.logger":"elastic-apm-node","ecs.version":"8.10.0","agentVersion":"4.2.0","env":{"pid":24092,"proctitle":"C:\\Windows\\system32\\cmd.exe","os":"win32 10.0.22631","arch":"x64","host":"Legion","timezone":"UTC+0550","runtime":"Node.js v18.18.2"},"config":{"active":{"source":"start","value":true},"breakdownMetrics":{"source":"start","value":false},"captureBody":{"source":"start","value":"off","commonName":"capture_body"},"captureHeaders":{"source":"start","value":false},"centralConfig":{"source":"start","value":false},"contextPropagationOnly":{"source":"start","value":true},"environment":{"source":"start","value":"production"},"globalLabels":{"source":"start","value":[["kibana_uuid","b62103c9-6a7d-469a-a25e-232ce2f86441"],["git_rev","f5bd489c5ff9c676c4f861c42da6ea99ae350832"]],"sourceValue":{"kibana_uuid":"b62103c9-6a7d-469a-a25e-232ce2f86441","git_rev":"f5bd489c5ff9c676c4f861c42da6ea99ae350832"}},"logLevel":{"source":"default","value":"info","commonName":"log_level"},"metricsInterval":{"source":"start","value":120,"sourceValue":"120s"},"serverUrl":{"source":"start","value":"https://kibana-cloud-apm.apm.us-east-1.aws.found.io/","commonName":"server_url"},"transactionSampleRate":{"source":"start","value":0.1,"commonName":"transaction_sample_rate"},"captureSpanStackTraces":{"source":"start","sourceValue":false},"secretToken":{"source":"start","value":"[REDACTED]","commonName":"secret_token"},"serviceName":{"source":"start","value":"kibana","commonName":"service_name"},"serviceVersion":{"source":"start","value":"8.12.2","commonName":"service_version"}},"activationMethod":"require","message":"Elastic APM Node.js Agent v4.2.0"}
[2024-03-26T09:50:12.994+05:30][INFO ][root] Kibana is starting
[2024-03-26T09:50:13.058+05:30][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
[2024-03-26T09:51:31.124+05:30][INFO ][plugins-service] Plugin "cloudChat" is disabled.
[2024-03-26T09:51:31.134+05:30][INFO ][plugins-service] Plugin "cloudExperiments" is disabled.
[2024-03-26T09:51:31.134+05:30][INFO ][plugins-service] Plugin "cloudFullStory" is disabled.
[2024-03-26T09:51:31.395+05:30][INFO ][plugins-service] Plugin "profilingDataAccess" is disabled.
[2024-03-26T09:51:31.396+05:30][INFO ][plugins-service] Plugin "profiling" is disabled.
[2024-03-26T09:51:31.471+05:30][INFO ][plugins-service] Plugin "securitySolutionServerless" is disabled.
[2024-03-26T09:51:31.471+05:30][INFO ][plugins-service] Plugin "serverless" is disabled.
[2024-03-26T09:51:31.472+05:30][INFO ][plugins-service] Plugin "serverlessObservability" is disabled.
[2024-03-26T09:51:31.473+05:30][INFO ][plugins-service] Plugin "serverlessSearch" is disabled.
[2024-03-26T09:51:31.803+05:30][INFO ][http.server.Preboot] http server running at http://localhost:5601
[2024-03-26T09:51:31.955+05:30][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2024-03-26T09:51:32.177+05:30][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.
[2024-03-26T09:51:34.507+05:30][INFO ][plugins-system.standard] Setting up [149] plugins: [devTools,translations,share,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,taskManager,kibanaUsageCollection,cloud,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,licensing,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldFormats,expressions,screenshotting,esUiShared,customIntegrations,contentManagement,dataViews,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,eventLog,actions,notifications,cloudDataMigration,advancedSettings,grokdebugger,console,bfetch,data,savedObjectsTagging,savedObjectsManagement,unifiedSearch,graph,alerting,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,dashboard,lens,triggersActionsUi,transform,stackConnectors,stackAlerts,ruleRegistry,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,metricsDataAccess,aiops,links,discover,reporting,canvas,fleet,osquery,logExplorer,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,datasetQuality,cloudSecurityPosture,cloudDefend,discoverEnhanced,maps,dataVisualizer,ml,observabilityAIAssistant,logsShared,observabilityLogExplorer,enterpriseSearch,observability,uptime,synthetics,observabilityOnboarding,infra,upgradeAssistant,monitoring,logstash,elasticAssistant,securitySolution,securitySolutionEss,dashboardEnhanced,apmDataAccess,assetManager,apm,ux]
[2024-03-26T09:51:37.478+05:30][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: b62103c9-6a7d-469a-a25e-232ce2f86441
[2024-03-26T09:51:42.880+05:30][INFO ][custom-branding-service] CustomBrandingService registering plugin: customBranding
[2024-03-26T09:51:49.901+05:30][INFO ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, and is supported for Win32 OS. Automatically enabling Chromium sandbox.
[2024-03-26T09:51:53.567+05:30][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2024-03-26T09:51:53.568+05:30][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2024-03-26T09:51:53.588+05:30][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2024-03-26T09:51:53.588+05:30][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2024-03-26T09:51:55.707+05:30][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2024-03-26T09:51:57.908+05:30][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2024-03-26T09:51:57.976+05:30][INFO ][plugins.notifications] Email Service Error: Email connector not specified.
[2024-03-26T09:52:00.177+05:30][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2024-03-26T09:52:00.177+05:30][INFO ][plugins.alerting] using indexes and aliases for persisting alerts
[2024-03-26T09:52:11.367+05:30][INFO ][plugins.alerting] Registering resources for context "stack".
[2024-03-26T09:52:15.910+05:30][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2024-03-26T09:52:24.022+05:30][INFO ][plugins.cloudSecurityPosture] Registered task successfully [Task: cloud_security_posture-stats_task]
[2024-03-26T09:52:28.124+05:30][INFO ][plugins.alerting] Registering resources for context "ml.anomaly-detection".
[2024-03-26T09:52:33.773+05:30][INFO ][plugins.alerting] Registering resources for context "observability.slo".
[2024-03-26T09:52:33.776+05:30][INFO ][plugins.alerting] Registering resources for context "observability.threshold".
[2024-03-26T09:52:35.122+05:30][INFO ][plugins.alerting] Registering resources for context "observability.uptime".
[2024-03-26T09:52:37.817+05:30][INFO ][plugins.infra] Skipping initialization of Profiling endpoints because 'profilingDataAccess' plugin is not available
[2024-03-26T09:52:37.819+05:30][INFO ][plugins.alerting] Registering resources for context "observability.logs".
[2024-03-26T09:52:37.821+05:30][INFO ][plugins.alerting] Registering resources for context "observability.metrics".
[2024-03-26T09:53:03.040+05:30][INFO ][plugins.alerting] Registering resources for context "security".
[2024-03-26T09:53:03.064+05:30][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Registering endpoint:user-artifact-packager task with timeout of [20m], interval of [60s] and policy update batch size of [25]
[2024-03-26T09:53:03.288+05:30][INFO ][plugins.assetManager] Server is NOT enabled
[2024-03-26T09:53:03.297+05:30][INFO ][plugins.alerting] Registering resources for context "observability.apm".
[2024-03-26T09:53:04.351+05:30][INFO ][plugins.screenshotting.chromium] Browser executable: C:\Elastic Stack\kibana-8.12.2\node_modules\@kbn\screenshotting-plugin\chromium\chrome-win\chrome.exe
[2024-03-26T09:54:27.641+05:30][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. connect ETIMEDOUT 192.168.42.171:9200

stephenb · March 26, 2024, 3:10pm

First I always suggest following our official docs...

here is the command to test if elasticsearch is running properly ... run this from where kibana is... show the command and the results.

Official Documentation

Devanshu_Rastogi · March 26, 2024, 4:30pm

stephenb · March 27, 2024, 1:53am

Please don't post images of text... Please post the text.

I cannot see the full command but definitely error

Try same command with -k -v before the -u

Please post the command and full output in text please

Devanshu_Rastogi · March 27, 2024, 2:44am

C:\ElasticStack\kibana-8.12.2>curl --cacert %ES_HOME%\config\certs\http_ca.crt -k -v -u elastic:$ELASTIC_PASSWORD https://localhost:9200
*   Trying [::1]:9200...
* Connected to localhost (::1) port 9200
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server did not agree on a protocol. Uses default.
* using HTTP/1.x
* Server auth using Basic with user 'elastic'
> GET / HTTP/1.1
> Host: localhost:9200
> Authorization: Basic ZWxhc3RpYzokRUxBU1RJQ19QQVNTV09SRA==
> User-Agent: curl/8.4.0
> Accept: */*
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 401 Unauthorized
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="security" charset="UTF-8"
< WWW-Authenticate: Bearer realm="security"
< WWW-Authenticate: ApiKey
< content-type: application/json
< content-length: 465
<
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}* Connection #0 to host localhost left intact

stephenb · March 27, 2024, 3:17am

That means your password is incorrect for the elastic user

You can reset it if necessary or just run with the password directly in the curl command ... you can change it to password when you copy here ...

Also can you also try using

https://192.168.42.171:9200

Devanshu_Rastogi · March 27, 2024, 5:24am

On resetting password it showed

C:\ElasticStack\elasticsearch-8.12.2>.\bin\elasticsearch-reset-password -u elastic
warning: ignoring JAVA_HOME=C:\Program Files\Java\jdk-22; using bundled JDK
10:42:38.156 [main] WARN  org.elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at [192.168.29.65]; the server provided a certificate with subject name [CN=LEGION], fingerprint [44eebd63e17cfce82851b984370974e8884e1e7e], no keyUsage and extendedKeyUsage [serverAuth]; the certificate is valid between [2024-03-23T16:41:46Z] and [2026-03-23T16:41:46Z] (current time is [2024-03-27T05:12:38.153390700Z], certificate dates are valid); the session uses cipher suite [TLS_AES_256_GCM_SHA384] and protocol [TLSv1.3]; the certificate has subject alternative names [IP:fe80:0:0:0:89f1:2b69:735c:6158,IP:2401:4900:7a9f:3e46:d4ca:327:7900:525c,DNS:LEGION,IP:192.168.42.171,IP:0:0:0:0:0:0:0:1,IP:127.0.0.1,IP:2401:4900:7a9f:3e46:9800:39d6:1a2b:bdd4,DNS:localhost]; the certificate is issued by [CN=Elasticsearch security auto-configuration HTTP CA]; the certificate is signed by (subject [CN=Elasticsearch security auto-configuration HTTP CA] fingerprint [e6b41374c64de09a706f97f02913ebd9785c15fc] {trusted issuer}) which is self-issued; the [CN=Elasticsearch security auto-configuration HTTP CA] certificate is trusted in this ssl context ([xpack.security.http.ssl (with trust configuration: Composite-Trust{JDK-trusted-certs,StoreTrustConfig{path=certs/http.p12, password=<non-empty>, type=PKCS12, algorithm=PKIX}})])
java.security.cert.CertificateException: No subject alternative names matching IP address 192.168.29.65 found
        at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:160) ~[?:?]
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:101) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:457) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:431) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) ~[?:?]
        at org.elasticsearch.common.ssl.DiagnosticTrustManager.checkServerTrusted(DiagnosticTrustManager.java:80) ~[?:?]
        at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1302) ~[?:?]
        at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195) ~[?:?]
        at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138) ~[?:?]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393) ~[?:?]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476) ~[?:?]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447) ~[?:?]
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) ~[?:?]
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506) ~[?:?]
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421) ~[?:?]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) ~[?:?]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) ~[?:?]
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586) ~[?:?]
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187) ~[?:?]
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:141) ~[?:?]
        at org.elasticsearch.xpack.core.common.socket.SocketAccess.lambda$doPrivileged$0(SocketAccess.java:42) ~[?:?]
        at java.security.AccessController.doPrivileged(AccessController.java:571) ~[?:?]
        at org.elasticsearch.xpack.core.common.socket.SocketAccess.doPrivileged(SocketAccess.java:41) ~[?:?]
        at org.elasticsearch.xpack.core.security.CommandLineHttpClient.execute(CommandLineHttpClient.java:178) ~[?:?]
        at org.elasticsearch.xpack.core.security.CommandLineHttpClient.execute(CommandLineHttpClient.java:112) ~[?:?]
        at org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand.checkClusterHealthWithRetries(BaseRunAsSuperuserCommand.java:214) ~[?:?]
        at org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand.execute(BaseRunAsSuperuserCommand.java:127) ~[?:?]
        at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:54) ~[elasticsearch-8.12.2.jar:8.12.2]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85) ~[elasticsearch-cli-8.12.2.jar:8.12.2]
        at org.elasticsearch.cli.Command.main(Command.java:50) ~[elasticsearch-cli-8.12.2.jar:8.12.2]
        at org.elasticsearch.launcher.CliToolLauncher.main(CliToolLauncher.java:64) ~[cli-launcher-8.12.2.jar:8.12.2]

ERROR: Failed to determine the health of the cluster. , with exit code 69

On running with the password directly and using https://192.168.42.171:9200 I got:

C:\ElasticStack\kibana-8.12.2>curl --cacert %ES_HOME%\config\certs\http_ca.crt -k -v -u elastic:rgdw6KPKxGLTTun*JE+o htt
ps://192.168.42.171:9200
*   Trying 192.168.42.171:9200...
* connect to 192.168.42.171 port 9200 failed: Timed out
* Failed to connect to 192.168.42.171 port 9200 after 21037 ms: Couldn't connect to server
* Closing connection
curl: (28) Failed to connect to 192.168.42.171 port 9200 after 21037 ms: Couldn't connect to server

But tried one more thing, using the public address visible in elasticsearch batch file:

C:\ElasticStack\kibana-8.12.2>curl --cacert %ES_HOME%\config\certs\http_ca.crt -k -v -u elastic:rgdw6KPKxGLTTun*JE+o https://192.168.29.65:9200
*   Trying 192.168.29.65:9200...
* Connected to 192.168.29.65 (192.168.29.65) port 9200
* schannel: disabled automatic use of client certificate
* schannel: using IP address, SNI is not supported by OS.
* ALPN: curl offers http/1.1
* ALPN: server did not agree on a protocol. Uses default.
* using HTTP/1.x
* Server auth using Basic with user 'elastic'
> GET / HTTP/1.1
> Host: 192.168.29.65:9200
> Authorization: Basic ZWxhc3RpYzpyZ2R3NktQS3hHTFRUdW4qSkUrbw==
> User-Agent: curl/8.4.0
> Accept: */*
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< content-type: application/json
< content-length: 530
<
{
  "name" : "LEGION",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "1BXBZDxaSLOOSWsqCBsi2w",
  "version" : {
    "number" : "8.12.2",
    "build_flavor" : "default",
    "build_type" : "zip",
    "build_hash" : "48a287ab9497e852de30327444b0809e55d46466",
    "build_date" : "2024-02-19T10:04:32.774273190Z",
    "build_snapshot" : false,
    "lucene_version" : "9.9.2",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
* Connection #0 to host 192.168.29.65 left intact

The current kibana.yaml:

# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html

# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# Defaults to `false`.
#server.rewriteBasePath: false

# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""

# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576

# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"

# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"

# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# The maximum number of sockets that can be used for communications with elasticsearch.
# Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024

# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug

# Enables you to specify a file where Kibana stores log output.
#logging.appenders.default:
#  type: file
#  fileName: /var/logs/kibana.log
#  layout:
#    type: json

# Logs queries sent to Elasticsearch.
#logging.loggers:
#  - name: elasticsearch.query
#    level: debug

# Logs http responses.
#logging.loggers:
#  - name: http.server.response
#    level: debug

# Logs system usage information.
#logging.loggers:
#  - name: metrics.ops
#    level: debug

# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data

# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
#i18n.locale: "en"

# =================== Frequently used (Optional)===================

# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.

# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000

# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb

# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15

# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000

# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000


# This section was automatically generated during setup.
elasticsearch.hosts: ['http://192.168.42.171:9200']
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3MTEyMjAyMDc1MzQ6aHlxOEI5MEVTYnVLRURSQVd1UjhLUQ
elasticsearch.ssl.certificateAuthorities: ['C:\Elastic Stack\kibana-8.12.2\data\ca_1711220208212.crt']
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://192.168.42.171:9200'], ca_trusted_fingerprint: 4e14fade7c8e97875344a347fc88119d8fe03e8bd728d47febf687f0ce573cf7}]

The current elasticsearch.yaml:

# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html

# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# Defaults to `false`.
#server.rewriteBasePath: false

# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""

# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576

# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"

# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"

# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# The maximum number of sockets that can be used for communications with elasticsearch.
# Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024

# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug

# Enables you to specify a file where Kibana stores log output.
#logging.appenders.default:
#  type: file
#  fileName: /var/logs/kibana.log
#  layout:
#    type: json

# Logs queries sent to Elasticsearch.
#logging.loggers:
#  - name: elasticsearch.query
#    level: debug

# Logs http responses.
#logging.loggers:
#  - name: http.server.response
#    level: debug

# Logs system usage information.
#logging.loggers:
#  - name: metrics.ops
#    level: debug

# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data

# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
#i18n.locale: "en"

# =================== Frequently used (Optional)===================

# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.

# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000

# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb

# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15

# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000

# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000


# This section was automatically generated during setup.
elasticsearch.hosts: ['http://192.168.42.171:9200']
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3MTEyMjAyMDc1MzQ6aHlxOEI5MEVTYnVLRURSQVd1UjhLUQ
elasticsearch.ssl.certificateAuthorities: ['C:\Elastic Stack\kibana-8.12.2\data\ca_1711220208212.crt']
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://192.168.42.171:9200'], ca_trusted_fingerprint: 4e14fade7c8e97875344a347fc88119d8fe03e8bd728d47febf687f0ce573cf7}]

The output after running elasticsearch.bat:

warning: ignoring JAVA_HOME=C:\Program Files\Java\jdk-22; using bundled JDK
CompileCommand: exclude org/apache/lucene/util/MSBRadixSorter.computeCommonPrefixLengthAndBuildHistogram bool exclude = true
CompileCommand: exclude org/apache/lucene/util/RadixSelector.computeCommonPrefixLengthAndBuildHistogram bool exclude = true
Mar 27, 2024 10:44:28 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
WARNING: COMPAT locale provider will be removed in a future release
[2024-03-27T10:44:29,078][INFO ][o.a.l.i.v.PanamaVectorizationProvider] [LEGION] Java vector incubator API enabled; uses preferredBitSize=256; FMA enabled
[2024-03-27T10:44:29,891][INFO ][o.e.n.Node               ] [LEGION] version[8.12.2], pid[27560], build[zip/48a287ab9497e852de30327444b0809e55d46466/2024-02-19T10:04:32.774273190Z], OS[Windows 11/10.0/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/21.0.2/21.0.2+13-58]
[2024-03-27T10:44:29,893][INFO ][o.e.n.Node               ] [LEGION] JVM home [C:\ElasticStack\elasticsearch-8.12.2\jdk], using bundled JDK [true]
[2024-03-27T10:44:29,893][INFO ][o.e.n.Node               ] [LEGION] JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=org.elasticsearch.preallocate, -XX:+UseG1GC, -Djava.io.tmpdir=C:\Users\devan\AppData\Local\Temp\elasticsearch, --add-modules=jdk.incubator.vector, -XX:CompileCommand=exclude,org.apache.lucene.util.MSBRadixSorter::computeCommonPrefixLengthAndBuildHistogram, -XX:CompileCommand=exclude,org.apache.lucene.util.RadixSelector::computeCommonPrefixLengthAndBuildHistogram, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,level,pid,tags:filecount=32,filesize=64m, -Xms7094m, -Xmx7094m, -XX:MaxDirectMemorySize=3720347648, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.distribution.type=zip, --module-path=C:\ElasticStack\elasticsearch-8.12.2\lib, --add-modules=jdk.net, --add-modules=ALL-MODULE-PATH, -Djdk.module.main=org.elasticsearch.server]
[2024-03-27T10:44:32,899][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [repository-url]
[2024-03-27T10:44:32,900][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [rest-root]
[2024-03-27T10:44:32,900][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-core]
[2024-03-27T10:44:32,900][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-redact]
[2024-03-27T10:44:32,900][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [ingest-user-agent]
[2024-03-27T10:44:32,900][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-async-search]
[2024-03-27T10:44:32,902][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-monitoring]
[2024-03-27T10:44:32,902][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [repository-s3]
[2024-03-27T10:44:32,902][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-analytics]
[2024-03-27T10:44:32,902][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-ent-search]
[2024-03-27T10:44:32,902][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-autoscaling]
[2024-03-27T10:44:32,903][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [lang-painless]
[2024-03-27T10:44:32,903][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-ml]
[2024-03-27T10:44:32,903][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [lang-mustache]
[2024-03-27T10:44:32,903][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [legacy-geo]
[2024-03-27T10:44:32,904][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-ql]
[2024-03-27T10:44:32,904][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [rank-rrf]
[2024-03-27T10:44:32,904][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [analysis-common]
[2024-03-27T10:44:32,904][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [health-shards-availability]
[2024-03-27T10:44:32,904][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [transport-netty4]
[2024-03-27T10:44:32,905][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [aggregations]
[2024-03-27T10:44:32,905][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [ingest-common]
[2024-03-27T10:44:32,905][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [frozen-indices]
[2024-03-27T10:44:32,905][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-identity-provider]
[2024-03-27T10:44:32,905][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-shutdown]
[2024-03-27T10:44:32,905][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-text-structure]
[2024-03-27T10:44:32,906][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [snapshot-repo-test-kit]
[2024-03-27T10:44:32,906][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [ml-package-loader]
[2024-03-27T10:44:32,906][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [kibana]
[2024-03-27T10:44:32,906][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [constant-keyword]
[2024-03-27T10:44:32,906][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-logstash]
[2024-03-27T10:44:32,907][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-ccr]
[2024-03-27T10:44:32,907][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-graph]
[2024-03-27T10:44:32,907][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-esql]
[2024-03-27T10:44:32,907][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [parent-join]
[2024-03-27T10:44:32,907][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [counted-keyword]
[2024-03-27T10:44:32,907][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-enrich]
[2024-03-27T10:44:32,907][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [repositories-metering-api]
[2024-03-27T10:44:32,907][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [transform]
[2024-03-27T10:44:32,909][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [repository-azure]
[2024-03-27T10:44:32,909][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [repository-gcs]
[2024-03-27T10:44:32,909][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [spatial]
[2024-03-27T10:44:32,909][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [apm]
[2024-03-27T10:44:32,909][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [mapper-extras]
[2024-03-27T10:44:32,910][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [mapper-version]
[2024-03-27T10:44:32,910][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-rollup]
[2024-03-27T10:44:32,910][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [percolator]
[2024-03-27T10:44:32,910][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [data-streams]
[2024-03-27T10:44:32,910][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-stack]
[2024-03-27T10:44:32,910][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [rank-eval]
[2024-03-27T10:44:32,910][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [reindex]
[2024-03-27T10:44:32,911][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-security]
[2024-03-27T10:44:32,911][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [blob-cache]
[2024-03-27T10:44:32,911][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [searchable-snapshots]
[2024-03-27T10:44:32,911][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-slm]
[2024-03-27T10:44:32,911][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [snapshot-based-recoveries]
[2024-03-27T10:44:32,911][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-watcher]
[2024-03-27T10:44:32,911][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [old-lucene-versions]
[2024-03-27T10:44:32,912][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-ilm]
[2024-03-27T10:44:32,912][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-inference]
[2024-03-27T10:44:32,912][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-voting-only-node]
[2024-03-27T10:44:32,912][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-deprecation]
[2024-03-27T10:44:32,912][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-fleet]
[2024-03-27T10:44:32,912][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-aggregate-metric]
[2024-03-27T10:44:32,913][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-downsample]
[2024-03-27T10:44:32,913][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-profiling]
[2024-03-27T10:44:32,913][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [ingest-geoip]
[2024-03-27T10:44:32,913][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-write-load-forecaster]
[2024-03-27T10:44:32,913][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [search-business-rules]
[2024-03-27T10:44:32,913][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [ingest-attachment]
[2024-03-27T10:44:32,914][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [wildcard]
[2024-03-27T10:44:32,914][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-apm-data]
[2024-03-27T10:44:32,914][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [unsigned-long]
[2024-03-27T10:44:32,914][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-sql]
[2024-03-27T10:44:32,914][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [runtime-fields-common]
[2024-03-27T10:44:32,914][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-async]
[2024-03-27T10:44:32,915][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [vector-tile]
[2024-03-27T10:44:32,915][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [lang-expression]
[2024-03-27T10:44:32,915][INFO ][o.e.p.PluginsService     ] [LEGION] loaded module [x-pack-eql]
[2024-03-27T10:44:33,886][INFO ][o.e.e.NodeEnvironment    ] [LEGION] using [1] data paths, mounts [[Windows-SSD (C:)]], net usable_space [150.4gb], net total_space [951.6gb], types [NTFS]
[2024-03-27T10:44:33,886][INFO ][o.e.e.NodeEnvironment    ] [LEGION] heap size [6.9gb], compressed ordinary object pointers [true]
[2024-03-27T10:44:34,100][INFO ][o.e.n.Node               ] [LEGION] node name [LEGION], node ID [mJgnZXJkSFOhov7rrCZtdA], cluster name [elasticsearch], roles [data_cold, data, remote_cluster_client, master, data_warm, data_content, transform, data_hot, ml, data_frozen, ingest]
[2024-03-27T10:44:37,136][INFO ][o.e.f.FeatureService     ] [LEGION] Registered local node features [features_supported, health.dsl.info, usage.data_tiers.precalculate_stats]
[2024-03-27T10:44:37,658][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [LEGION] [controller/18268] [Main.cc@123] controller (64 bit): Version 8.12.2 (Build 9d9bcb1a6d19f7) Copyright (c) 2024 Elasticsearch BV
[2024-03-27T10:44:38,024][INFO ][o.e.t.a.APM              ] [LEGION] Sending apm metrics is disabled
[2024-03-27T10:44:38,024][INFO ][o.e.t.a.APM              ] [LEGION] Sending apm traces is disabled
[2024-03-27T10:44:38,048][INFO ][o.e.x.s.Security         ] [LEGION] Security is enabled
[2024-03-27T10:44:38,341][INFO ][o.e.x.s.a.s.FileRolesStore] [LEGION] parsed [0] roles from file [C:\ElasticStack\elasticsearch-8.12.2\config\roles.yml]

[2024-03-27T10:44:38,806][INFO ][o.e.x.w.Watcher          ] [LEGION] Watcher initialized components at 2024-03-27T05:14:38.806Z
[2024-03-27T10:44:38,859][INFO ][o.e.x.p.ProfilingPlugin  ] [LEGION] Profiling is enabled
[2024-03-27T10:44:38,877][INFO ][o.e.x.p.ProfilingPlugin  ] [LEGION] profiling index templates will not be installed or reinstalled
[2024-03-27T10:44:38,908][INFO ][o.e.x.a.APMPlugin        ] [LEGION] APM ingest plugin is disabled
[2024-03-27T10:44:39,516][INFO ][o.e.t.n.NettyAllocator   ] [LEGION] creating NettyAllocator with the following configs: [name=elasticsearch_configured, chunk_size=1mb, suggested_max_allocation_size=1mb, factors={es.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=4mb}]
[2024-03-27T10:44:39,546][INFO ][o.e.i.r.RecoverySettings ] [LEGION] using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]
[2024-03-27T10:44:39,589][INFO ][o.e.d.DiscoveryModule    ] [LEGION] using discovery type [multi-node] and seed hosts providers [settings]
[2024-03-27T10:44:40,781][INFO ][o.e.n.Node               ] [LEGION] initialized
[2024-03-27T10:44:40,783][INFO ][o.e.n.Node               ] [LEGION] starting ...
[2024-03-27T10:44:40,811][INFO ][o.e.x.s.c.f.PersistentCache] [LEGION] persistent cache index loaded
[2024-03-27T10:44:40,812][INFO ][o.e.x.d.l.DeprecationIndexingComponent] [LEGION] deprecation component started
[2024-03-27T10:44:40,910][INFO ][o.e.t.TransportService   ] [LEGION] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2024-03-27T10:44:41,631][WARN ][o.e.c.c.ClusterBootstrapService] [LEGION] this node is locked into cluster UUID [1BXBZDxaSLOOSWsqCBsi2w] but [cluster.initial_master_nodes] is set to [LEGION]; remove this setting to avoid possible data loss caused by subsequent cluster bootstrap attempts; for further information see https://www.elastic.co/guide/en/elasticsearch/reference/8.12/important-settings.html#initial_master_nodes
[2024-03-27T10:44:41,734][INFO ][o.e.c.s.MasterService    ] [LEGION] elected-as-master ([1] nodes joined in term 19)[_FINISH_ELECTION_, {LEGION}{mJgnZXJkSFOhov7rrCZtdA}{N0bpvUIeSQab8mNmo1bFgA}{LEGION}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.12.2}{7000099-8500010} completing election], term: 19, version: 549, delta: master node changed {previous [], current [{LEGION}{mJgnZXJkSFOhov7rrCZtdA}{N0bpvUIeSQab8mNmo1bFgA}{LEGION}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.12.2}{7000099-8500010}]}
[2024-03-27T10:44:41,842][INFO ][o.e.c.s.ClusterApplierService] [LEGION] master node changed {previous [], current [{LEGION}{mJgnZXJkSFOhov7rrCZtdA}{N0bpvUIeSQab8mNmo1bFgA}{LEGION}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.12.2}{7000099-8500010}]}, term: 19, version: 549, reason: Publication{term=19, version=549}
[2024-03-27T10:44:41,869][INFO ][o.e.c.f.AbstractFileWatchingService] [LEGION] starting file watcher ...
[2024-03-27T10:44:41,874][INFO ][o.e.c.f.AbstractFileWatchingService] [LEGION] file settings service up and running [tid=102]
[2024-03-27T10:44:41,877][INFO ][o.e.c.c.NodeJoinExecutor ] [LEGION] node-join: [{LEGION}{mJgnZXJkSFOhov7rrCZtdA}{N0bpvUIeSQab8mNmo1bFgA}{LEGION}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.12.2}{7000099-8500010}] with reason [completing election]
[2024-03-27T10:44:41,882][INFO ][o.e.h.AbstractHttpServerTransport] [LEGION] publish_address {192.168.29.65:9200}, bound_addresses {[::]:9200}
[2024-03-27T10:44:41,893][INFO ][o.e.n.Node               ] [LEGION] started {LEGION}{mJgnZXJkSFOhov7rrCZtdA}{N0bpvUIeSQab8mNmo1bFgA}{LEGION}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.12.2}{7000099-8500010}{ml.machine_memory=14877257728, transform.config_version=10.0.0, xpack.installed=true, ml.config_version=12.0.0, ml.max_jvm_size=7440695296, ml.allocated_processors_double=16.0, ml.allocated_processors=16}
[2024-03-27T10:44:42,177][INFO ][o.e.x.s.a.Realms         ] [LEGION] license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]
[2024-03-27T10:44:42,179][INFO ][o.e.l.ClusterStateLicenseService] [LEGION] license [659482f3-e3b5-4e3f-8474-35574a63f0d2] mode [basic] - valid
[2024-03-27T10:44:42,181][INFO ][o.e.g.GatewayService     ] [LEGION] recovered [28] indices into cluster_state
[2024-03-27T10:44:42,574][INFO ][o.e.h.n.s.HealthNodeTaskExecutor] [LEGION] Node [{LEGION}{mJgnZXJkSFOhov7rrCZtdA}] is selected as the current health node.
[2024-03-27T10:44:43,515][INFO ][o.e.c.r.a.AllocationService] [LEGION] current.health="GREEN" message="Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.slo-observability.summary-v3][0]]])." previous.health="RED" reason="shards started [[.slo-observability.summary-v3][0]]"

stephenb · March 27, 2024, 1:57pm

Now try putting the public IP in the Kibana.yml

Add

elasticsearch.ssl.verificationMode: none

Comment out this line..

In short looks like you have a certificate issue

10:42:38.156 [main] WARN  org.elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at [192.168.29.65]; the server provided a certificate with subject name [CN=LEGION], fingerprint [44eebd63e17cfce82851b984370974e8884e1e7e], no keyUsage and extendedKeyUsage [serverAuth]; the certificate is valid between [2024-03-23T16:41:46Z] and [2026-03-23T16:41:46Z] (current time is [2024-03-27T05:12:38.153390700Z], certificate dates are valid); the session uses cipher suite [TLS_AES_256_GCM_SHA384] and protocol [TLSv1.3]; the certificate has subject alternative names [IP:fe80:0:0:0:89f1:2b69:735c:6158,IP:2401:4900:7a9f:3e46:d4ca:327:7900:525c,DNS:LEGION,IP:192.168.42.171,IP:0:0:0:0:0:0:0:1,IP:127.0.0.1,IP:2401:4900:7a9f:3e46:9800:39d6:1a2b:bdd4,DNS:localhost]; the certificate is issued by [CN=Elasticsearch security auto-configuration HTTP CA]; the certificate is signed by (subject [CN=Elasticsearch security auto-configuration HTTP CA] fingerprint [e6b41374c64de09a706f97f02913ebd9785c15fc] {trusted issuer}) which is self-issued; the [CN=Elasticsearch security auto-configuration HTTP CA] certificate is trusted in this ssl context ([xpack.security.http.ssl (with trust configuration: Composite-Trust{JDK-trusted-certs,StoreTrustConfig{path=certs/http.p12, password=<non-empty>, type=PKCS12, algorithm=PKIX}})])
java.security.cert.CertificateException: No subject alternative names matching IP address 192.168.29.65 found

No subject alternative names matching IP address 192.168.29.65 found

Which means the cert probably generated with internal IP but your setup seems to require "public" IPs

You would need to re-generate cert and add those IP addresses

Use -http mode in interactive mode and put in both IP adresses

Devanshu_Rastogi · April 1, 2024, 6:18pm

I followed the official docs and reinstalled it. It's working fine now Idk how maybe there was something wrong with the config earlier.