Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Agent Gets Unhealthy on updating endpoint policy #5288

Closed
ghost opened this issue Aug 13, 2024 · 7 comments
Closed

Agent Gets Unhealthy on updating endpoint policy #5288

ghost opened this issue Aug 13, 2024 · 7 comments
Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. QA:Validated Validated by the QA Team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Comments

@ghost
Copy link

ghost commented Aug 13, 2024
edited by ghost
Loading

Kibana/Elasticsearch Stack version
Version: 8.16
Build: 77295
Commit: 812401bd0fbcec6f00763b5c048b2fdeea8319bb

Preconditions

Steps

  • Install Elastic Agent with Elastic Defend integration on windows endpoint
  • Navigate to Security > Endpoint Page
  • Do any change in policy configuration
  • Observed after above steps agent and endpoint both went into unhealthy state.

Additional Details

image

  • Elastic Defend error

image

Expected Result

  • Agent should remain on health status on 8.16

Screen-Shot

image

image
@ghost ghost changed the title Agent Unhealthy Status on 8.16 Agent Gets Unhealthy on updating enpdoint policy Aug 13, 2024
@amolnater-qasource amolnater-qasource added bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team impact:high Short-term priority; add to current release, or definitely next. labels Aug 13, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@amolnater-qasource amolnater-qasource removed their assignment Aug 13, 2024
@amolnater-qasource
Copy link

Secondary review for this ticket is Done.

@ghost ghost changed the title Agent Gets Unhealthy on updating enpdoint policy Agent Gets Unhealthy on updating endpoint policy Aug 13, 2024
@pierrehilbert
Copy link
Contributor

Hello,
Is the agent running as unprivileged in your tests?

@amolnater-qasource
Copy link

amolnater-qasource commented Aug 13, 2024
edited
Loading

Hi @pierrehilbert

Thank you for looking into this.

No, the agent is not running unprivileged. The issue is specifically observed on Windows agent even on removing Elastic Defend integration.

UPDATE:
The issue is reproduced on Linux on updating Endpoint from Prevention to Detection.

Linux agent logs:
elastic-agent-diagnostics-2024-08-13T07-28-30Z-00.zip

Please let us know if anything else is required from our end.

Thanks!

@michalpristas
Copy link
Contributor

michalpristas commented Aug 13, 2024
edited
Loading

it's complaining about PID being 0, this should not happen and can mean process exited and structure was updated with default value for int(0)(probably not)

@ycombinator
Copy link
Contributor

This looks like a duplicate of elastic/beats#40542.

@amolnater-qasource amolnater-qasource added the QA:Ready For Testing Code is merged and ready for QA to validate label Sep 10, 2024
@amolnater-qasource
Copy link

Hi Team,

We have revalidated this issue on latest 8.16.0 BC1 kibana cloud environment and we had below observations:

Observations:

Logs:
elastic-agent-diagnostics-2024-10-21T11-46-04Z-00.zip

Screenshot:
Image

Build details:
VERSION: 8.16.0
BUILD: 79314
COMMIT: 5575428dd3aef69366cddb4ccf07a2a26d30ce48
Artifact Link: https://staging.elastic.co/8.16.0-e8d5928a/downloads/beats/elastic-agent/elastic-agent-8.16.0-windows-x86_64.zip

Hence, we are marking this issue as QA:Validated.

Thanks!

@amolnater-qasource amolnater-qasource added QA:Validated Validated by the QA Team and removed QA:Ready For Testing Code is merged and ready for QA to validate labels Oct 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. QA:Validated Validated by the QA Team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ycombinator @pierrehilbert @michalpristas @elasticmachine @amolnater-qasource