Upgrade to ATP 3.1 fails with "connection refused" message in the update log

book

Article ID: 171160

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

You are upgrading to ATP 3.1 and the upgrade fails to complete. A review of the upgrade log (/var/log/symantec/update.log) shows the message, "connection refused."

Cause

This issue occurs when an Elasticsearch plugin such as head or marvel is installed for Elasticsearch when the upgrade process is started.

Environment

ATP version prior to 3.1 with Elasticsearch plugin(s) installed for Elasticsearch.

Resolution

To resolve this issue, either remove the plugin directory or uninstall the plugin(s) before starting the upgrade process. If you've already started the upgrade process, then force-remove the directory. The plugin directory is /usr/share/elasticsearch/plugin/.