Loading

Fleet Server known issues

Stack

Known issues are significant defects or limitations that may impact your implementation. These issues are actively being worked on and will be addressed in a future release. Review the Fleet Server known issues to help you make informed decisions, such as upgrading to a new version.

Manual DEB/RPM upgrades of Fleet-managed agents fail when "Agent tamper protection" is enabled

Applies to: Elastic Agent 8.19.2, 9.1.2

On August 19, 2025, a known issue was discovered where manual DEB/RPM upgrades of Fleet-managed Elastic Agents fail if the Elastic Defend integration is installed and Agent tamper protection is enabled in the agent policy. When this occurs, the log contains an output similar to the following:

Invalid uninstall token: exit status 28

This issue only impacts manual DEB/RPM upgrades from Elastic Agent 8.19.2 or 9.1.2. Managed upgrades performed through Fleet are not affected.

For more information, refer to PR #9462.

Workaround

You can use one of the following workarounds to resolve the issue:

  • Stop the elastic-agent service:

    Before installing the Elastic Agent DEB/RPM package, run systemctl stop elastic-agent, then proceed with the installation. This solution works even when reinstalling the same version of Elastic Agent.

  • Temporarily remove the Elastic Defend integration:

    Before upgrading, move the agent to an agent policy without the Elastic Defend integration. Wait for the change to take effect, proceed with the upgrade, then move the agent to its previous policy.

  • Disable Agent tamper protection:

    Before upgrading, disable Agent tamper protection in the agent policy. Wait for the change to take effect, proceed with the upgrade, then move the agent back to its previous policy.

Fixed in: Elastic Agent 8.19.3, 9.1.3

[Windows] Elastic Agent is unable to re-enroll into Fleet

Applies to: Elastic Agent 9.0.0, 9.0.1, 9.0.2 (Windows only)

On April 9, 2025, a known issue was discovered where an Elastic Agent installed on Windows and previously enrolled into Fleet is unable to re-enroll. Attempting to enroll the Elastic Agent fails with the following error:

Error: the command is executed as root but the program files are not owned by the root user.

For more information, check Issue #7794.

Workaround

Until a bug fix is available in a later release, you can resolve the issue temporarily using the following workaround:

  1. Change the ownership of the Elastic Agent directory:
icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l
  1. After the output confirms all files were successfully processed, run the enroll command again.