Not enough Privileges Elastic_agent.metricbeat logs errors on Windows

Hello,

The elastic_agent.metricbeat contains a lot of errors such as:

Error fetching data for metricset system.process_summary: Not enough privileges to fetch information: Not enough privileges to fetch information: GetInfoForPid: could not get all information for PID 0: error fetching name: OpenProcess failed for pid=0: The parameter is incorrect.
error fetching status: OpenProcess failed for pid=0: The parameter is incorrect.
GetInfoForPid: could not get all information for PID 4: error fetching name: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument
GetInfoForPid: could not get all information for PID 300: error fetching name: GetProcessImageFileName failed for pid=300: GetProcessImageFileName failed: invalid argument

and

Error fetching data for metricset system.process: Not enough privileges to fetch information: Not enough privileges to fetch information: GetInfoForPid: could not get all information for PID 0: error fetching name: OpenProcess failed for pid=0: The parameter is incorrect.
error fetching status: OpenProcess failed for pid=0: The parameter is incorrect.
GetInfoForPid: could not get all information for PID 4: error fetching name: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument
GetInfoForPid: could not get all information for PID 300: error fetching name: GetProcessImageFileName failed for pid=300: GetProcessImageFileName failed: invalid argument
non fatal error fetching PID some info for 348, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 1080, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 1336, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 1428, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 1504, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 1524, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: GetUserProcessParams failed: Invalid access to memory location.
non fatal error fetching PID some info for 1540, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: GetUserProcessParams failed: Access is denied.
non fatal error fetching PID some info for 3188, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 5644, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: GetUserProcessParams failed: Access is denied.
non fatal error fetching PID some info for 5680, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 14328, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 14180, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 2036, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 27984, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 26256, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.
non fatal error fetching PID some info for 18508, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.

This a on an Elastic Security serverless with Agent on a Windows Pro installed as Admin.

Willem

Same here for my Windows Servers (2019 and 2022) on and 'old' (non-serverless) Cloud environment. Errors since upgrading to 8.17.0

1 Like

Hi @hermalam,

I am also facing same issue with fresh installation of elastic agent on windows 2019 server.

{"log.level":"error","@timestamp":"2025-01-05T22:25:14.332+0530","message":"Error fetching data for metricset system.process: Not enough privileges to fetch information: Not enough privileges to fetch information: GetInfoForPid: could not get all information for PID 0: error fetching name: OpenProcess failed for pid=0: The parameter is incorrect.\nerror fetching status: OpenProcess failed for pid=0: The parameter is incorrect.\nGetInfoForPid: could not get all information for PID 4: error fetching name: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument\nnon fatal error fetching PID some info for 172, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.\nnon fatal error fetching PID some info for 444, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.\nnon fatal error fetching PID some info for 584, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.\nnon fatal error fetching PID some info for 692, metrics are valid, but partial: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information:

If you have any solution kindly share with me that would be helpful for me.

Much Appreciated for your answers.

Regards,
Eshwar

1 Like

Assuming you all read this...

I pinged internally to see if we get a response...

Yes, installation is done with Administrator user and single elastic agent has been installed on the server.

Regards,
Eshwar

Here are some notes from internal...

Some of these look like [metricbeat/system][windows] - Metricbeat reports DEGRADED while running in privileged mode · Issue #40484 · elastic/beats · GitHub which looks like it was improved and will be in 8.17.1.It’s hard to say without knowing that all the PIDs in the discuss posts are Windows protected processes, but some of them are (e.g PID 4).

Comment on #40484 [metricbeat/system][windows] - Metricbeat reports DEGRADED while running in privileged mode

@cmacknz the errors reported are similar to #40542 (comment) - id: system/metrics-default
state:
message: 'Healthy: communicating with pid ''1556'''
pid: 0
state: 2

P.S. there has been a lot of improvement in this area and one of the improvements was making it so we can actually see this type of problem, likely this failure was happening silently in previous versions.