You are upgrading to ATP 3.1 and the upgrade fails to complete. A review of the upgrade log (/var/log/symantec/update.log) shows the message, "connection refused."

This issue occurs when an Elasticsearch plugin such as head or marvel is installed for Elasticsearch when the upgrade process is started.

ATP version prior to 3.1 with Elasticsearch plugin(s) installed for Elasticsearch.

To resolve this issue, either remove the plugin directory or uninstall the plugin(s) before starting the upgrade process. If you've already started the upgrade process, then force-remove the directory. The plugin directory is /usr/share/elasticsearch/plugin/.