I'm had tried to install Elasticsearch on a Windows server about 8 times but I am only experiencing problems. (On a single server (for a start) to for testing.)
Steps:
A) Downloaded the software (Elasticsearch and Kibana).
B) Unpacked the files (7-Zip) on server (Windows Server 2022 Standard - 21H2).
C) Read the installation guide (Install Elasticsearch with .zip on Windows | Elastic Docs).
D) Since it is not a multihost cluster I have not done any configuration for a multi cluster installation. (Should not be necessary according to the guide.)
E) Started the application from a command line (PowerShell - not as an administrator) using "bin\elasticsearch.bat".
F) Started Kibana from a command line (PowerShell - not as an administrator) using "bin\kibana.bat".
G) A message in Kibana told me that I needed to enter af "enrollment token" - and where to find it.
H) A "enrollment token" should have been created when Elasticsearch was started for the first time..... but no token was created.
I) Then I tried to run "elasticsearch-create-enrollment-token.bat" but got the message "Use this option to force execution of the command against a cluster that is currently unhealthy"
J) When I looked into the "console text" from when Elasticsearch was first run, I found this message 'Cluster health status changed from [YELLOW] to [RED] (reason: [reconcile-desired-balance])." previous.health="YELLOW" reason="reconcile-desired-balance" '
Now I'm ready to explode .... again again
Question:
Is it possible to install Elasticsearch on a Windows Server? (We do not have a "mixed server environment" and will not be using Docker or Linux).
If so:
-- 2.1) Where do I find a guide for installing Elasticsearch that actually corresponds to the latest version of Elasticsearch?
-- 2.2) When do Elasticsearch creates a "Enrollment token" for Kibana? (And how do I get this?)
-- 2.3) How can a Cluster Health be unhealthy when I am NOT using a cluster and/or have/should have configured a cluster?
I'm had tried to install Elasticsearch on a Windows server about 8 times but I am only experiencing problems. (On a single server (for a start) to for testing.)
Steps:
A) Downloaded the software (Elasticsearch and Kibana).
B) Unpacked the files (7-Zip) on server (Windows Server 2022 Standard - 21H2).
C) Read the installation guide (Install Elasticsearch with .zip on Windows | Elastic Docs).
D) Since it is not a multihost cluster I have not done any configuration for a multi cluster installation. (Should not be necessary according to the guide.)
E) Started the application from a command line (PowerShell - not as an administrator) using "bin\elasticsearch.bat".
F) Started Kibana from a command line (PowerShell - not as an administrator) using "bin\kibana.bat".
G) A message in Kibana told me that I needed to enter af "enrollment token" - and where to find it.
H) A "enrollment token" should have been created when Elasticsearch was started for the first time..... but no token was created.
I) Then I tried to run "elasticsearch-create-enrollment-token.bat" but got the message "Use this option to force execution of the command against a cluster that is currently unhealthy"
J) When I looked into the "console text" from when Elasticsearch was first run, I found this message 'Cluster health status changed from [YELLOW] to [RED] (reason: [reconcile-desired-balance])." previous.health="YELLOW" reason="reconcile-desired-balance" '
Now I'm ready to explode .... again again
Question:
Is it possible to install Elasticsearch on a Windows Server? (We do not have a "mixed server environment" and will not be using Docker or Linux).
If so:
-- 2.1) Where do I find a guide for installing Elasticsearch that actually corresponds to the latest version of Elasticsearch?
-- 2.2) When do Elasticsearch creates a "Enrollment token" for Kibana? (And how do I get this?)
-- 2.3) How can a Cluster Health be unhealthy when I am NOT using a cluster and/or have/should have configured a cluster?
Did you edit either the elasticsearch.yml or kibana.yml?
And just to be clear, exactly which version are you running of elasticsearch and Kibana?
I would clean up everything....
If you download unzip, do not touch any configuration files And start elasticsearch from the command line with the command given...
In the console it will print a password and a kibana enrollment token. You have to keep an eye out for it because more logs will come after that....
If you let it come all the way up... Eventually it will go from red to yellow... The cluster will stay at yellow because it has a single node.... Which for a single node is healthy... The reason it stays yellow is it s telling you that it's only a single node and you could have data loss but it'll function fine.
The cluster on startup go back and forth between red and yellow a couple times but it'll settle on yellow.
Then on the same server start kibana without editing any configuration files put that enrollment token in.when asked.
That should work ...
At this point everything is bound to that local host, but get that running and perhaps we can then help you if you want to reach elasticsearch from the network.
......
Go these console log messages (ignore the special formatting characters...
[2025-06-25T15:46:17,727][INFO ][o.e.x.s.e.InternalEnrollmentTokenGenerator] [stephenb-w2022] Will not generate node enrollment token because node is only bound on localhost for transport and cannot connect to nodes from other hosts
Elasticsearch security features have been automatically configured!
Authentication is enabled and cluster connections are encrypted.
Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
tddfghdfghdfghKgeW9y+XNQ7
HTTP CA certificate SHA-256 fingerprint:
8128621a74f47f724bd3e45ccf3e521eb8513fac8744f2d6ecdf335dac0d391a
Configure Kibana to use this cluster:
Run Kibana and click the configuration link in the terminal when Kibana starts.
Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZdfghdfghdfghdfghAuMC4wLjQ6OTIwMCJdLCJmZ3IiOiI4MTI4NjIxYTc0ZjQ3ZjcyNGJkM2U0NWNjZjNlNTIxZWI4NTEzZmFjODc0NGYyZDZlY2RmMzM1ZGFjMGQzOTFhIiwia2V5IjoidU1MRXA1Y0J6Z1c0TXRKZnZNZ2Y6OXBXNHhLZ3V0cGZTWXA3WjJkTGdEdyJ9
Configure other nodes to join this cluster:
On this node:
Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.
Uncomment the transport.host setting at the end of config/elasticsearch.yml.
Restart Elasticsearch.
On other nodes:
Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
......
< The Last Logs>
[2025-06-25T17:09:52,912][INFO ][o.e.c.r.a.AllocationService] [stephenb-w2022] current.health="GREEN" message="Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.ds-.logs-deprecation.elasticsearch-default-2025.06.25-000001][0], [.security-7][0]]])." previous.health="RED" reason="shards started [[.ds-.logs-deprecation.elasticsearch-default-2025.06.25-000001][0], [.security-7][0]]"
As @stephenb said, ES 7,8,9 runs on Windows. I have faced only with an issue - the capital drive letter(must be used C:\elasticsearch, not c:\elasticsearch)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
