Unable to Authenticate user [kibana_system] for REST request

I have just installed Elasticsearch 8.4. I can successfully connect to Elasticsearch, but when I try connecting to Kibana, I get the below error:

Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]","log":{"level":"ERROR","logger":"elasticsearch-service"}

{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.4.0"},"@timestamp":"2022-10-25T23:52:37.726+00:00","message":"Browser executable: /usr/share/kibana/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell","log":{"level>

{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.4.0"},"@timestamp":"2022-10-26T00:12:36.205+00:00","message":"Timeout: it took more than 1200000ms","error":{"message":"Timeout: it took more than 1200000ms","type":"Error","stack_trace":"Error>

message":"Failure installing common resources shared between all indices. 

It says it can't authenticate user Kibana_system. I followed the documentation for setup. Here's everything I have done:

I configured my elastic.yml as follows:

cluster.name: testing

node.name: elasticTesting

path.data: /var/lib/elasticsearch

path.logs: /var/log/elasticsearch

network.host: 0.0.0.0

http.port: 9200

discovery.seed_hosts: []

xpack.security.enabled: true

xpack.security.enrollment.enabled: true

xpack.security.http.ssl:

enabled: true

keystore.path: certs/http.p12

xpack.security.transport.ssl:

enabled: true

verification_mode: certificate

keystore.path: certs/transport.p12

truststore.path: certs/transport.p12

cluster.initial_master_nodes: ["elasticTesting"]

http.host: 0.0.0.0

I reset the Kibana user password to changeme by running /usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u kibana_system

I then configured my kibana.yml as follows:

server.port: 5601

server.host:"10.0.4.23"

server.publicBaseUrl: "http://10.0.4.23:5601"

elasticsearch.hosts: ["https://10.0.4.23:9200 "]

elasticsearch.username: "kibana_system"

elasticsearch.password: "changeme"

elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/http_ca.crt"]

logging:

  appenders:

    file:

      type: file

      fileName: /var/log/kibana/kibana.log

      layout:

        type: json

  root:

    appenders:

      - default

      - file

pid.file: /run/kibana/kibana.pid

Any ideas on how I can fix these?

Can you curl Elasticsearch with these details and post the output?

The kibana_system user is not intended as a UI user and it only to allow Kibana to connect to Elasticsearch, you need another one.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.