First boot after install fails to display password, token, etc

Version 8.2.2

Since I installed before but failed to grab those values, I started over.
What this is telling me is that ES maintains a hidden record, which I cannot find.
This is on a Mac. There is no ~/.elastic fie anywhere.
In a sense, I'm asking how to purge my computer of the old install besides just deleting the directory.

What I’ve found is that if you haven’t purged Elasticsearch, that is if you have leftover Elasticsearch.yml config file the next reinstall will use the settings from the file.
It won’t try to bootstrap or setup security like on a fresh clean install

Thanks! In my case I sent the entire folder to the trash and emptied it. AFIK, the old installation is gone entirely. what is now interesting is this: the trash was not empty before. Now that it is empty, a boot gave all the data I need.
It looks to me like the solution was to ensure that the old install was vaporized before booting a fresh install.

I am not out of the water. Kibana does not like the password. Maybe I'll have to open another request; it's not clear what the default username is for kibana.
a lot of the googleverse thinks it's "admin" but that doesn't work.
Elastic 8+ doc suggests "elastic" but that doesn't work.

The default user to log in with is elastic plus the password generated when Elasticsearch was started...

Did you enroll or re-enroll Kibana with the enrollment token?

In other words, did you clean up Kibana and reinstall it as well??

I assume you're using the tar.gz installs and not homebrew or something?

Great reply. Thanks
Kibana was purged from the system and reinstalled. Yes from the tgz downloads.
I used elastic and precisely the password handed to me in the console. I'm not yet to the token submission.

The Kibana token comes before it ask for a username and password.... so I am confused.

This comes before


I suspect there are old autogenerated configurations in your kibana.yml

that looks something like this... the below gets added *After you past the enrollment token in ... if it is already there ... its leftover from a pervious configuration.

# This section was automatically generated during setup.
elasticsearch.hosts: ['']
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NTQ5OTk4MDk3NDY6a29NYVRMSlJSU085cldONTdjNHNDUQ
elasticsearch.ssl.certificateAuthorities: [/Users/sbrown/workspace/elastic-install/8.2.2/kibana-8.2.2/data/ca_1654999810637.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: [''], ca_trusted_fingerprint: 8056fc1d72a4848676f66a328745fc3d10e7067be595740f196fb68803e7cb83}]

That's right. I did not notice that; it seems clear to me that the old token I put in from before is still around. I guess I need to purge kibana one more time and try again. Thanks!

Old token probably will not work... they are only good for 30 mins.

I would rm -fr both the Elasticsearch and kibana directory.

Untar again.

go to elastseach directory


copy all the setup info into a file.

in another window go to the kibana directory


click on the link it provide looks like this

Kibana has not been configured.

Go to http://localhost:5601/?code=387164 to get started.

paste in the enrollment token from Elasticsearch startup

login with elastic and password provided when you started Elasticsearch.

I just re-did this all on my mac .. about 2 mins.

So, I think the 30 minute timeout hit. I need to generate a fresh token

It is running now. Many thanks to each of you who kindly replied.

1 Like

Cool glad you got it running...

In case this happens again and you do not want to lose data you can just clean out the autogenerate stuff at the bottom of the kibana.yml and from Elasticsearch directory run

./bin/elasticsearch-create-enrollment-token -s kibana

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.