From 52d2a751ecf1a96ea600741f8793f413c31adc66 Mon Sep 17 00:00:00 2001 From: Visha Angelova <91186315+vishaangelova@users.noreply.github.com> Date: Tue, 3 Jun 2025 23:08:40 +0200 Subject: [PATCH] Add known issue for Elastic Agent failing to enroll into Fleet (#1801) * Add known issue for Elastic Agent failing to enroll into Fleet --------- Co-authored-by: Colleen McGinnis (cherry picked from commit 26b645bb6cc516d24bf689e781d33e27e8f94cfd) --- .../release-notes/release-notes-8.17.asciidoc | 201 +++++++++++++++++- .../release-notes/release-notes-8.18.asciidoc | 86 +++++++- 2 files changed, 277 insertions(+), 10 deletions(-) diff --git a/docs/en/ingest-management/release-notes/release-notes-8.17.asciidoc b/docs/en/ingest-management/release-notes/release-notes-8.17.asciidoc index 02b43adcb..1c3d670c3 100644 --- a/docs/en/ingest-management/release-notes/release-notes-8.17.asciidoc +++ b/docs/en/ingest-management/release-notes/release-notes-8.17.asciidoc @@ -14,6 +14,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> @@ -40,6 +41,34 @@ Review important information about the 8.17.7 release. * Upgrade Go version to v1.24.3 in {{agent}}. {agent-pull}8109[https://github.com/elastic/elastic-agent/pull/8109] +[discrete] +[[known-issues-8.17.7]] +=== Known issues + +[[known-issue-1800-8-17-7]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== [discrete] [[bug-fixes-8.17.7]] @@ -56,6 +85,35 @@ Review important information about the 8.17.7 release. Review important information about the 8.17.6 release. +[discrete] +[[known-issues-8.17.6]] +=== Known issues + +[[known-issue-1800-8-17-6]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== + [discrete] [[enhancements-8.17.6]] === Enhancements @@ -65,9 +123,6 @@ Review important information about the 8.17.6 release. // end 8.17.6 relnotes - - - // begin 8.17.5 relnotes [[release-notes-8.17.5]] @@ -75,6 +130,35 @@ Review important information about the 8.17.6 release. Review important information about the 8.17.5 release. +[discrete] +[[known-issues-8.17.5]] +=== Known issues + +[[known-issue-1800-8-17-5]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== + [discrete] [[enhancements-8.17.5]] === Enhancements @@ -102,8 +186,6 @@ Review important information about the 8.17.5 release. // end 8.17.5 relnotes - - // begin 8.17.4 relnotes [[release-notes-8.17.4]] @@ -138,6 +220,31 @@ In the 9.x releases, the option that appears in the UI for an upgrade across a m ==== +[[known-issue-1800-8-17-4]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== + [discrete] [[new-features-8.17.4]] === New features @@ -209,6 +316,31 @@ In the 9.x releases, the option that appears in the UI for an upgrade across a m ==== +[[known-issue-1800-8-17-3]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== + [discrete] [[enhancements-8.17.3]] === Enhancements @@ -240,6 +372,34 @@ Review important information about the {fleet} and {agent} 8.17.2 release. {fleet-server}:: * Upgrade `golang.org/x/net` to v0.34.0 and `golang.org/x/crypto` to v0.32.0. {fleet-server-pull}4405[#4405] +[discrete] +[[known-issues-8.17.2]] +=== Known issues + +[[known-issue-1800-8-17-2]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== [discrete] [[enhancements-8.17.2]] @@ -296,6 +456,31 @@ As a workaround, you can upgrade your deployment to 8.17.1 in which this issue h ==== +[[known-issue-1800-8-17-1]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== + [discrete] [[new-features-8.17.1]] === New features @@ -320,7 +505,7 @@ The 8.17.1 release added the following new and notable features. {fleet-server}:: * Do not set the `unenrolled_at` attribute when the audit/unenroll API is called. {fleet-server-pull}4221[#4221] {agent-issue}6213[#6213] -* Remove PGP endpoint auth requirement so that air-gapped {agents} can retreive a PGP key from {fleet-server}. {fleet-server-pull}4256[#4256] {fleet-server-issue}4255[#4255] +* Remove PGP endpoint auth requirement so that air-gapped {agents} can retrieve a PGP key from {fleet-server}. {fleet-server-pull}4256[#4256] {fleet-server-issue}4255[#4255] {agent}:: * During uninstall, call the audit or unenroll API before components are stopped, if {agent} is running a {fleet-server} instance. {agent-pull}6085[#6085] {agent-issue}5752[#5752] @@ -357,12 +542,12 @@ impact to your application. [%collapsible] ==== *Details* + -A known issue in the {agent} may prevent it from being targetted with an upgrade action for a future release. +A known issue in the {agent} may prevent it from being targeted with an upgrade action for a future release. This may occur if the Defend integration is used and the agent is stopped on a running instance for too long. An agent may be stopped as part of an upgrade process. *Impact* + -A bug fix is present in the 8.17.1 release of {fleet} that will prevent this from occuring. +A bug fix is present in the 8.17.1 release of {fleet} that will prevent this from occurring. If you have agents that are affected, the workaround is as follows: [source,shell] diff --git a/docs/en/ingest-management/release-notes/release-notes-8.18.asciidoc b/docs/en/ingest-management/release-notes/release-notes-8.18.asciidoc index e45d6ca38..3a9503f53 100644 --- a/docs/en/ingest-management/release-notes/release-notes-8.18.asciidoc +++ b/docs/en/ingest-management/release-notes/release-notes-8.18.asciidoc @@ -40,6 +40,35 @@ Review important information about the 8.18.2 release. {fleet}:: * Update Go version to v1.24.3 {fleet-server-pull}4891[#4891] +[discrete] +[[known-issues-8.18.2]] +=== Known issues + +[[known-issue-1800-8-18-2]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== + // end 8.18.2 relnotes // begin 8.18.1 relnotes @@ -49,6 +78,35 @@ Review important information about the 8.18.2 release. Review important information about the {fleet} and {agent} 8.18.1 release. +[discrete] +[[known-issues-8.18.1]] +=== Known issues + +[[known-issue-1800-8-18-1]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== + [discrete] [[bug-fixes-8.18.1]] === Bug fixes @@ -92,6 +150,31 @@ In the 9.x releases, the option that appears in the UI for an upgrade across a m ==== +[[known-issue-1800-8-18-0]] +.On Windows, {agent} is unable to re-enroll into {fleet} +[%collapsible] +==== + +*Details* + +There is a known issue where an {agent} installed on Windows and previously enrolled into {fleet} is unable to re-enroll. Attempting to enroll the {agent} fails with the following error: + +[source,shell] +---- +Error: the command is executed as root but the program files are not owned by the root user. +---- + +*Impact* + +The issue affects {agent} installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the {agent} directory: + +[source,shell] +---- +icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l +---- + +After the output confirms all files were successfully processed, run the `enroll` command again. + +==== + [discrete] [[new-features-8.18.0]] === New features @@ -127,7 +210,6 @@ The 8.18.0 release Added the following new and notable features. * Validate user pbkdf2 settings for FIPS compliance. {fleet-server-pull}4542[#4542] * Update {fleet-server} Go version to 1.24.0. {fleet-server-pull}4543[#4543] - {agent}:: * Re-enable the OTel subcommand on Windows. {agent-pull}6068[#6068] {agent-issue}4976[#4976] {agent-issue}5710[#5710] * Update the {agent} to only run composable providers if they are referenced in the agent policy. {agent-pull}6169[#6169] {agent-issue}3609[#3609] {agent-issue}4648[#4648] @@ -233,7 +315,7 @@ The 8.18.0 release Added the following new and notable features. //[%collapsible] //==== -//*Details* +//*Details* + //