0

I am trying to enroll agent onto my fleet server, the server is live but whenever I try to connect my agent it doesn't work.

  • I keep encountering the same error:

    {"log.level":"warn","@timestamp":"2023-06-06T19:28:55.258+0100","log.logger":
"tls","log.origin": {"file.name":"tlscommon/tls_config.go","file.line":104},"message":
"SSL/TLS verifications disabled.","ecs.version":"1.6.0"} 
{"log.level":"info","@timestamp":"2023-06-06T19:28:55.564+0100","log.origin":
{"file.name":"cmd/enroll_cmd.go","file.line":478},"message":"Starting enrollment to 
URL: https://10.0.2.15:443/","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-06-06T19:28:55.790+0100","log.logger":"tls",
"log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":
"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
Error: fail to enroll: fail to execute request to fleet-server: dial tcp 10.0.2.15:443: 
connectex: No connection could be made because the target machine actively refused it.
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.8/fleet-troubleshooting.html
Error: enroll command failed with exit code: 1

I have tried to run the same commands with --insecure and as a admin but it doesn't work, I am running both the fleet server (kali purple) and the agent(Windows) on VMs.

Farkhod Abdukodirov
  • 877
  • 7
  • 24
Charnpreet Singh
  • 1
  • Shouldn't you be using port 9200 instead of 443? https://www.elastic.co/guide/en/fleet/8.8/fleet-troubleshooting.html#:~:text=Note%3A%20Port%20443%20is%20commonly%20used%20in%20Elastic%20Cloud.%20However%2C%20with%20self%2Dmanaged%20deployments%2C%20your%20Elasticsearch%20may%20run%20on%20port%209200%20or%20something%20entirely%20different. – OverflowStack Jun 07 '23 at 04:59
  • I believe you are trying to reach the fleet server, which usually expose the port 8220. – Paulo Jun 07 '23 at 05:46

1 Answers1

0

Tldr;

By default the fleet-server expose the port 8220, you may want to try the following ip:

  • https://10.0.2.15:8220
Paulo
  • 8,690
  • 5
  • 20
  • 34
  • I tried to search for that but it did not appear it shows 404 what would you advise me to do? – Charnpreet Singh Jun 08 '23 at 11:50
  • Show us the configuration for the fleet server – Paulo Jun 08 '23 at 13:47
  • curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.8.0-linux-x86_64.tar.gz tar xzvf elastic-agent-8.8.0-linux-x86_64.tar.gz cd elastic-agent-8.8.0-linux-x86_64 sudo ./elastic-agent install \ --fleet-server-es=https://10.0.2.15:9200 \ --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2ODYzMzUxNjk2ODQ6LXh1NmZBZUZRa21ud01SeFFiM1RHdw \ --fleet-server-policy=fleet-server-policy \ --fleet-server-es-ca-trusted-fingerprint=43521e7d1aed54626c69af9267f6868d50d62f224940027360f4501605ae2a93 \ --fleet-server-port=8220 – Charnpreet Singh Jun 09 '23 at 18:26
  • https://gitlab.com/kalilinux/kali-purple/documentation/-/blob/main/301_kali-purple/installation.txt i followed this guide exactly and restarted kibana and elastic search once right at the end,everything works besides enrolling agents as the target machine actively refuses it. – Charnpreet Singh Jun 09 '23 at 18:40
  • Put all this information in your question for more readability – Paulo Jun 09 '23 at 21:26