Fail to enroll: fail to execute request to Kibana

francescouk · August 21, 2020, 5:55pm

Hello there, I´m trying to setting up my elastic-agent but no success. Can you guy´s please help me?

PS C:\Program Files\Elastic-Agent> .\elastic-agent.exe enroll https://0.0.0.0:5601 xxXxxxxXXxXXXXXXXxxxx
The Elastic Agent is currently in BETA and should not be used in production
This will replace your current settings. Do you want to continue? [Y/n]:Y
2020-08-21T14:40:11.477-0300    DEBUG   kibana/client.go:170    Request method: POST, path: /api/ingest_manager/fleet/ag
ents/enroll
fail to enroll: fail to execute request to Kibana: Post "https://0.0.0.0:5601/api/ingest_manager/fleet/agents/enr
oll?": x509: certificate signed by unknown authority

And bellow shows my certificate created by Elastic

What I´m doing wrong?

Thanks for the attention,

ruflin · August 24, 2020, 8:14am

Hi @francescouk Great to see you are trying out ingest manager and the agent. I assume you are using a self signed certificate? This discussion here could help you: https://github.com/elastic/kibana/issues/73483#issuecomment-676419501

francescouk · August 24, 2020, 1:46pm

Thanks for reply!

Following the discussion page provided, I got the elastic agent enrolled but unfortunatelly was not enough.

After the elastic-agent has been enrolled, it does it´s magic and start 3 components:

1 - Metricbeat
2 - Filebeat
3 - Endpoint Security

For the endpoint part, it does almost automagic BUT two incomplete parts:

1 - It does not bring the elasticsearch info correctly as the code bellow - points to localhost
2 - Elasticsearch cluster complaints about the bad certificate. Should we have to specify the certificate in the Elastic Endpoint as well?

api:
    access_api_key:  XXXXXXXXXXXXXxXXXX
    kibana:
      host: 192.168.1.1:5601
      protocol: https
      ssl:
        renegotiation: never
        verification_mode: none
      timeout: 1m30s

output:
  elasticsearch:
    api_key: XXXXxxXXXXXxXxXxXx
    hosts:
    - http://localhost:9200
revision: 5

My question is, how can I make it work?

ruflin · August 25, 2020, 6:42am

Is Filebeat and Metricbeat shipping data and only Endpoint data is missing?

francescouk · August 26, 2020, 7:02pm

That´s correct.

ruflin · August 27, 2020, 6:16am

@ferullo You might know more here? I think I saw the same before.

NickFritts · August 27, 2020, 7:35pm

Hi @francescouk

Could you check out this thread and see if it helps you? Elastic endpoint overwrites configuration file

It looks like the Endpoint data should start flowing if you follow the steps to set the server in Ingest Manager and then have the config update propagate down to Endpoint.

I'm going to copy/paste the steps I left in the other thread at the end of this message. If this doesn't resolve you're issue please let me know.

Workaround steps:

In ingest manager, under the main settings menu, you can update,add,change the Kibana and Elasticsearch URLs. Click save.
Afterward, under the Configurations tab of ingest manager, click on the Configuration assigned to the endpoint you want to update.
On the Configuration page, in the integrations tab, click the actions "..." for the Elastic Endpoint Security integration and select "Edit integration"
On this next page, click "Save integration" in the bottom right (you do not need to make any changes).

francescouk · August 28, 2020, 12:40pm

I can now confirm that both elastic-agent and elastic endpoint are sending to ELK stack after including the self certificate in the windows root store certificate.

system · September 25, 2020, 12:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.