AQUILA EDR Connection Issues - Windows
When Elastic Agent installs Endpoint, they connect locally to share status and updates. If this connection fails, Elastic Agent shows as Unhealthy, and Endpoint won’t work properly.
How to Check if There's a Problem
-
Check Agent Status
Open PowerShell as Administrator and run:
& "C:\Program Files\Elastic\Agent\elastic-agent.exe" status
Look for messages like:
- Endpoint has missed check-ins
- localhost:6788 cannot be bound to
-
Check Endpoint Settings
Open this file:
C:\Program Files\Elastic\Endpoint\elastic-endpoint.yamlFind the line that says fleet.agent.id.
If the value is 00000000-0000-0000-0000-000000000000, the connection failed.
Check the Logs
Look for these messages in the Endpoint logs:
- Failed to find connection to validate. Is Agent listening on 127.0.0.1:6788?
- Failed to validate connection. Is Agent running as root/admin?
- Unable to make GRPC connection in deadline(60s)
These show a connection problem between Agent and Endpoint.
How to Fix It
- Run Diagnostics
Run this command on PowerShell as Administrator:
& "C:\Program Files\Elastic\Agent\elastic-endpoint.exe" diagnostics
Follow this file path to retrieve the Diagnostics Zip file created.
This will generate a report with possible causes.
-
Check if Ports Are Used by Something Else
Run these:
netstat -an | findstr :6788netstat -an | findstr :6789If another program is using these ports, it could block the connection.
-
Test if Localhost Works
Run this:
ping -4 localhostIt should respond with 127.0.0.1
Reference Link: https://www.elastic.co/guide/en/security/8.18/ts-management.html
If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.
No Comments