Kibana does not recognize Elasticsearch license

Elastic Stack Kibana
1

Hi there

We recently upgraded our cluster (8 ES Nodes, 1 Kibana Node) from 8.14.3 to 8.17.5. We ran into various issues along the way due to an issue in VMware and had to transfer all our VMs to a different storage.

The cluster is now healthy again (GET _cluster/health), but Kibana does not recognize that we have an Enterprise license and does not display any of the Enterprise features like for example the Security section, so we also can't see our security alerts. However, all features are still available via the API.

Running GET _license in the Kibana DEV console displays an active enterprise license:

{
  "license": {
    "status": "active",
    "uid": "<uid>",
    "type": "enterprise",
    "issue_date": "2024-10-01T00:00:00.000Z",
    "issue_date_in_millis": 1727740800000,
    "expiry_date": "2027-10-07T23:59:59.999Z",
    "expiry_date_in_millis": 1822953599999,
    "max_nodes": null,
    "max_resource_units": 4,
    "issued_to": "<company>",
    "issuer": "<issuer>",
    "start_date_in_millis": 1727740800000
  }
}

However, Kibana is not aware of the license and even displays a "update your license" message.

Observability > Cases:

image
image2254×196 22.9 KB

Has anyone ever encountered this issue. We are also on it with the official Elastic support, but progress is pretty slow so far.

Thanks and best regards

2

Hi @maario,

Welcome! Sorry to hear progress has been slow. I don't see any obvious issues in the Kibana GitHub repo. Do you see any additional errors in the logs at all?

3

Hi @maario

Since you have an Enterprise license, you should open a support ticket for sure.

You pay for support through that license so this is exactly the kind of issue. You should file a support ticket.

1 Like
4

Hello and thank you for your input :slight_smile:

We are one step further and it seems to be a firewall issue. We found many "authorization header" Kibana logs and accessing Elastic without going through the WAF shows all the missing features. It seems that the license API endpoint can not be contacted correctly by Kibana due to WAF-interference and that is why Kibana does think there is no active license.

image

Does someone have a list of such custom Kibana header parameters that one might have to whitelist?

Here are the ones that we are currently whitelisting in our WAF, but we suspect something changed from 8.14.3 to 8.17.5?

elastic-api-version
kbn-build-number
kbn-license-sig
kbn-name
kbn-system-request
kbn-version
kbn-xsrf
x-elastic-internal-origin
x-elastic-stack-version
x-elastic-license-id
x-kbn-context

5

And I can give the answer to my own question:

Our WAF was blocking some HTTP responses due to unknown header parameters. We only whitelisted request headers so far.

Whitelisting the following header parameters did the trick for us:
kbn-name
kbn-license-sig

Since the WAF was blocking responses with the header parameter "kbn-license-sig", it also explains why features that require a license were not available in Kibana.

4 Likes
6

I'm glad you found a solution @maario. Thanks for sharing!