We've looked at the Kibana logs. You have 1 token out of 5 which cannot be decoded.
It's puzzling what has happen. You're running two Kibana instances, do both have identical config, especially xpack.encryptedSavedObjects.encryptionKey ? Or maybe the key was changed, then the 4 additional tokens were added?
It's also possible that the key is fine but something happened to the AAD (Additional Authenticated Data) of the saved object.
Since Tamper Protection requires platinum or higher subscription I suggest to move on this to official support channel where you'll get our full attention. Trying to solve it in a spare minute is challenging.
The issue is almost fixed, we raised a ticket with Elastic support and they provide us with Artifacts that we used and manage to remove almost the endpoint, the only thing left is the service, we can still see Elastic Endpoint in the services but disabled, we will need to remove it to be able to install a new endpoint.
We used below command to delete the service but it did not work.
Then I've just seen your ticket, it was escalated to us.
I've already passed on this to support, but may ask here directly since you seem to be online. Was the C:\Program Files\Elastic\Endpoint directory removed?
Anyway thanks for letting us know it's the same case.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.