[BUG] Agent error after enrollment successful #542
Comments
axenstarr
added
the
bug
|
From the logs you've shared, I notice that this isn't actually an error, but rather a warning message about SSL/TLS verification being disabled. |
|
by default if you install with --insecure it skips TLS verification (TLS is still happening its just not verifying) This is like if you had an https website setup but do not have the certificates trust in your local store. So, your browser will come up and say "Website not trusted do you wish to continue" In order to enroll an agent without this warning you need to do one of 2 things: Generate your certs using your organizations CA see this issue here for working through that with another user: Or the self signed ca that we create by default during install will have to be added to each of your endpoints trusted stores something like this: This will allow you to remove --insecure from the agent enrollment command and that tls warning will no longer happen. Same thing for browsing to the kibana website. But to summarize we are using a self generated ca during install. Your endpoints have to no idea of this certs existence until you add it as a trusted ca |
At the end of a agent enrollment I get this error. The agent installs ok but not exactly sure how to fix this error message.
==] Enrolling Elastic Agent with Fleet [14s]
.\elastic-agent.exe : {"log.level":"warn","@timestamp":"2024-12-27T11:11:29.116-0800","log.logger":"tls","log.origin":{"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig
).ToConfig","file.name":"tlscommon/tls_config.go","file.line":107},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
At line:5 char:1
{"log.level":"info","@timestamp":"2024-12-27T11:11:29.584-0800","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/cmd.(*enrollCmd).enrollWithBackoff","file.name":"cmd/enrol
l_cmd.go","file.line":518},"message":"Starting enrollment to URL: https://10.6.10.175:8220/","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-12-27T11:11:29.843-0800","log.logger":"tls","log.origin":{"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig","file.name
":"tlscommon/tls_config.go","file.line":107},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-12-27T11:11:47.086-0800","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/cmd.(*enrollCmd).daemonReloadWithBackoff","file.name":"cmd
/enroll_cmd.go","file.line":481},"message":"Restarting agent daemon, attempt 0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-12-27T11:11:47.091-0800","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/cmd.(*enrollCmd).Execute","file.name":"cmd/enroll_cmd.go",
"file.line":299},"message":"Successfully triggered restart on running Elastic Agent.","ecs.version":"1.6.0"}
[ ==] Waiting For Enroll... [14s] Successfully enrolled the Elastic Agent.
Server:
The text was updated successfully, but these errors were encountered: