Fail to enroll: fail to execute request to Kibana

Hello there, I´m trying to setting up my elastic-agent but no success. Can you guy´s please help me?

PS C:\Program Files\Elastic-Agent> .\elastic-agent.exe enroll https://0.0.0.0:5601 xxXxxxxXXxXXXXXXXxxxx
The Elastic Agent is currently in BETA and should not be used in production
This will replace your current settings. Do you want to continue? [Y/n]:Y
2020-08-21T14:40:11.477-0300    DEBUG   kibana/client.go:170    Request method: POST, path: /api/ingest_manager/fleet/ag
ents/enroll
fail to enroll: fail to execute request to Kibana: Post "https://0.0.0.0:5601/api/ingest_manager/fleet/agents/enr
oll?": x509: certificate signed by unknown authority

And bellow shows my certificate created by Elastic

image

What I´m doing wrong?

Thanks for the attention,

Hi @francescouk Great to see you are trying out ingest manager and the agent. I assume you are using a self signed certificate? This discussion here could help you: https://github.com/elastic/kibana/issues/73483#issuecomment-676419501

Thanks for reply!

Following the discussion page provided, I got the elastic agent enrolled but unfortunatelly was not enough.

After the elastic-agent has been enrolled, it does it´s magic and start 3 components:

1 - Metricbeat
2 - Filebeat
3 - Endpoint Security

For the endpoint part, it does almost automagic BUT two incomplete parts:

1 - It does not bring the elasticsearch info correctly as the code bellow - points to localhost
2 - Elasticsearch cluster complaints about the bad certificate. Should we have to specify the certificate in the Elastic Endpoint as well?

api:
    access_api_key:  XXXXXXXXXXXXXxXXXX
    kibana:
      host: 192.168.1.1:5601
      protocol: https
      ssl:
        renegotiation: never
        verification_mode: none
      timeout: 1m30s

output:
  elasticsearch:
    api_key: XXXXxxXXXXXxXxXxXx
    hosts:
    - http://localhost:9200
revision: 5

My question is, how can I make it work?

Is Filebeat and Metricbeat shipping data and only Endpoint data is missing?

That´s correct.

@ferullo You might know more here? I think I saw the same before.

Hi @francescouk

Could you check out this thread and see if it helps you? Elastic endpoint overwrites configuration file

It looks like the Endpoint data should start flowing if you follow the steps to set the server in Ingest Manager and then have the config update propagate down to Endpoint.

I'm going to copy/paste the steps I left in the other thread at the end of this message. If this doesn't resolve you're issue please let me know.

Workaround steps:

  • In ingest manager, under the main settings menu, you can update,add,change the Kibana and Elasticsearch URLs. Click save.
  • Afterward, under the Configurations tab of ingest manager, click on the Configuration assigned to the endpoint you want to update.
  • On the Configuration page, in the integrations tab, click the actions "..." for the Elastic Endpoint Security integration and select "Edit integration"
  • On this next page, click "Save integration" in the bottom right (you do not need to make any changes).
1 Like

I can now confirm that both elastic-agent and elastic endpoint are sending to ELK stack after including the self certificate in the windows root store certificate.