Log Collector - Check OS Version

Windows OS Version Compatibility Issues 

 Elastic Agent supports Windows Server versions (e.g., 2016+), Windows 10/11, but drops support for EOL versions like Windows 8 and Server 2012 from 7.17.19 onwards. It does not support 32-bit systems or ARM processors. Common issues arise from attempting installations on unsupported or EOL versions, leading to failures in enrollment, data collection, or security integrations like Elastic Defend (which requires Windows Security Center, absent on Servers). 

 Common Problems 

 

 Installation or upgrades fail on EOL versions (e.g., Windows Server 2012R2), causing BSOD or rollback due to incompatibility checks. 

 Elastic Defend not recognized or installable on Windows Server editions, as they lack Windows Security Center. 

 Agent starts loops or stuck in updating state on Windows 10 with specific versions (e.g., 8.5.3 or during failed upgrades). 

 No support for ARM processors, leading to installation errors on ARM-based Windows devices. 

 Uninstall failures on Windows Server with newer versions (e.g., 9.1.4), leaving corrupted installations. 

 Integration issues (e.g., Windows security events not processed) in certain agent versions like 9.1.4 or 8.19.4. 

 

 Symptoms 

 

 BSOD or automatic rollback during upgrades on unsupported versions. (Rare case, happened on unsupported OS) 

 Agent status stuck in "updating" or "unhealthy," with no data ingested. 

 Errors like "unsupported OS" or "compatibility check failed" in installation logs. 

 Service start loops or agent not running properly on older Windows 10 builds. 

 Defend integration shows as unavailable or degraded on Servers. 

 Uninstall errors leaving broken symlinks or processes. 

 

 Fixes 

 

 Upgrade to a supported Windows version (e.g., Server 2016+ or Windows 10/11 non-ARM). 

 For Defend, use non-Server editions or alternative integrations; avoid upgrades that trigger BSOD. 

 Manually uninstall via command line (e.g., elastic-agent uninstall) and reinstall a compatible version. 

 Update to latest agent versions (e.g., 9.1.4+ fixes for security events) and verify in Fleet. 

 Check support matrix before install; use x86_64 hardware only. 

 For start loops, restart service or downgrade/upgrade agent version. 

 

 Sources : Elastic Defend not recognized from Windows Server operating system - Elastic Security / Endpoint Security - Discuss the Elastic Stack Elastic Defend on windows 2012R2 - Elastic Security - Discuss the Elastic Stack Can't uninstall agent 9.1.4 on Windows server · Issue #10546 · elastic/elastic-agent OSquery fails to run after upgrade from versions before v8.15.4 due to stricter extension permission checks · Issue #6792 · elastic/elastic-agent Elastic Agent known issues | Elastic Agent [Fleet] Agent gets stuck in the updating state if the upgrade action fails · Issue #2508 · elastic/elastic-agent Elastic agent start loop - Security - Spiceworks Community Upgrades that fail and are rolled back can break the elastic-agent command symlink · Issue #2264 · elastic/elastic-agent 

 Linux OS Version Compatibility Issues 

 Elastic Agent requires native Linux installs (no WSL), supports x86_64 and aarch64 (from 7.16+), but not 32-bit. Minimum distro versions include RHEL/CentOS 7+, Ubuntu 18.04+, with drops for EOL like CentOS 8, Debian 9/10 from 7.17.19/23. Issues often occur on unsupported distros or kernels, affecting installation, data collection, or integrations. 

 Common Problems 

 

 No support for older distros like RHEL 5/6, CentOS 8, Debian 9/10, leading to install failures. 

 WSL (Windows Subsystem for Linux) unsupported, causing agent to fail enrollment or run. 

 Compatibility issues on EOL distros (e.g., CentOS/RHEL 7 dropped from 7.17.23, Users can still install older agent version), resulting in no updates or stability problems. 

 OSquery or other integrations fail after upgrades on unsupported kernels/versions (e.g., post-8.15.4). 

 Agent stuck in updating or unenrolled state on certain distros during version mismatches. 

 No data collected on specific versions like 8.15.0 due to compatibility checks. 

 

 Symptoms 

 

 Installation errors like "unsupported distribution" or "GO lang incompatibility." 

 Agent shows "unhealthy" or "updating" indefinitely, with rollback logs. 

 No metrics/logs ingested despite agent running. 

 Unenrollment or duplicate processes after policy updates on mismatched versions. 

 Stability issues post-EOL, like failed check-ins. 

 

 Fixes 

 

 Migrate to supported distros (e.g., RHEL 7+ for older, or 8+ for full support). 

 Use native Linux instead of WSL; install via package managers like yum/apt. 

 Upgrade agent to versions that align with your distro (e.g., avoid post-7.17.23 on RHEL 7). 

 Remove conflicting integrations (e.g., OSquery) before upgrade, then reinstall. 

 Force unenroll/re-enroll in Fleet for stuck states. 

 Check GO support for your distro; upgrade OS if near EOL. 

 

 Sources: Agent support for OS windows server and red hat - Elastic Stack / Beats - Discuss the Elastic Stack Elastic Agent support RHEL 6 - Elastic Stack / Elastic Agent - Discuss the Elastic Stack 8.7.0 and 8.6.2 agents get stuck in the updating state if the osquery.db file cannot be copied to the next version · Issue #2433 · elastic/elastic-agent Elastic-Agents unexpectedly unenrolled after update to 8.16.x · Issue #6213 · elastic/elastic-agent Some policy updates can cause duplicate Endpoint processes · Issue #2008 · elastic/elastic-agent 

 macOS OS Version Compatibility Issues 

 Elastic Agent supports macOS 11+ (Big Sur+), with x86_64 and aarch64 (M1/M2) from 8.2+. Drops support for EOL like 10.14/10.15 from 7.17.19. Issues are common on newer versions like Sequoia (support in progress) or Ventura, often involving SIP, extensions, or version-specific errors. 

 Common Problems 

 

 Support for macOS Sequoia (15.x) in progress, but Elastic Defend installation may not be fully supported yet. 

 Errors initializing version info or running on Ventura (13.x+), especially M1 chips. 

 Dropped support for older macOS (10.14/10.15), causing install/upgrade failures. 

 Network issues like external NIC blocked by agent in Monterey (12.x+). 

 OSquery fails post-upgrade on versions before 8.15.4 due to checks. 

 Agent stuck updating or unenrolled on version mismatches. 

 

 Symptoms 

 

 Installation errors like "failed to fix permissions" on Ventura/M1. 

 Agent degrades or shows unhealthy due to unsupported extensions on Sequoia. 

 No data or logs ingested post-upgrade. 

 Network connectivity loss after install on older macOS versions. 

 Rollback logs or stuck "updating" status. 

 Unenrollment after updates. 

 

 Fixes 

 

 Upgrade to supported macOS (11+ for Intel, 8.2+ for M1/M2). 

 For Sequoia, wait for official support or test Defend manually. 

 Run as root (sudo elastic-agent run) for troubleshooting on Ventura+. 

 Approve network extensions in System Settings for NIC issues. 

 Uninstall OSquery before upgrade, then reinstall. 

 Force policy reset or re-enroll for stuck states. 

 

 Sources : macOS Sequoia (15.x) Support - Elastic Security - Discuss the Elastic Stack Error initializing version information: reading package version from file....package.version: no such file or directory · Issue #3285 · elastic/elastic-agent External NIC Blocked by Elastic Agent - Elastic Security / Endpoint Security - Discuss the Elastic Stack [Fleet] Agent gets stuck in the updating state if the upgrade action fails · Issue #2508 · elastic/elastic-agent Compatibility Support Matrix | Elastic