-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Elastic Agent service fails to start on windows with default installation #26213
Comments
Pinging @elastic/agent (Team:Agent) |
How are you performing the run of the Elastic Agent that did work? From inside the Program Files directory? |
@blakerouse if I run it from inside program files directory it works, but also if I go to the service configuration and change the account to Administrator in session data. |
@alvarolobato |
Yes, change the user that starts the service. |
@alvarolobato You changed it to "Administrator" and it worked, but running as "SYSTEM" did not? Just want to confirm? |
@blakerouse Ah, sorry missed this, correct it didn't work running with the default settings the service is installed. |
I've tried putting it back to local system account and restarting and it fails to start again, as originally. |
I just installed Elastic Agent 7.13.2 on Windows Server 2008 R2 Enterprise (only 2008 Windows server I could find), and after updating the root CA's (they are so old they are out of date) I was able to download Elastic Agent and install it. Installation was successful and the service started as expected. |
@alvarolobato Can you attach the following output (the csv file) so I can review the permissions: From Powershell (As Administrator):
|
out put the following:
Get acl Directory: C:\Program Files\Elastic Agent BUILTIN\Administrators NT SERVICE\TrustedInstaller Allow FullControl... PS C:\AccessChk> ./accesschk.exe "NT AUTHORITY\SYSTEM" -q -d "C:\Program Files\Elastic\Agent" Accesschk v6.13 - Reports effective permissions for securable objects RW C:\Program Files\Elastic\Agent PS C:\AccessChk> .\accesschk.exe -ucqv "Elastic Agent" Accesschk v6.13 - Reports effective permissions for securable objects Elastic Agent |
agent-perms.csv |
@michalpristas added some of the data you asked for, also tried running the agent in Debug from CLI here is the out put log, nothing special, Fleet shows agent as healthy, but no data still: |
In both cases it looks like the permissions are wrong for the following files:
Might though here is maybe you started Elastic Agent from the extracted directory then proceeded with installation and that is what caused the issue? Can you try to perform the following to see if it fixes it:
Rename the backup Then re-run enroll Do this all inside of the Then start the service from |
Thanks @blakerouse adding the system permissions to those files fixed it for me, without having to enroll again. |
It stopped again, I'll do the full test you are asking, will come back here later. |
@blakerouse I followed the steps above and same result. The two yamls lost the system permissions and the service fails to start. Find the ACLs attached. If I add the permissions to the files it still fails. I didn't get it to run before, it was just that it took a while to fail. |
@blakerouse let me know if you need anything else from me |
@alvarolobato When you say it lost the permissions again, do you mean a re-install removed them? or just the service is running and its reseting the permissions? |
@blakerouse the re-install removed the permissions. |
Okay I think that Elastic Agent needs to improve its acl setting to ensure that the SYSTEM user is placed on those files. I think to make it even better Elastic Agent install process should recursively reset the permissions to all files under |
For confirmed bugs, please report:
These are the steps I followed in Windows 10:
There are no logs in the agent's folder with the exception of a new elastic-agent- file which is created every time I try to start the service, that only contains this line:
If I run the agent from the command line it works correctly and the status in Kibana changes to healthy
I found a WA which is going to the service, click on properties and instead of using the local account, add the credentials for the Administrator user, the service will start and work as expected.
The text was updated successfully, but these errors were encountered: