You are upgrading to ATP 3.1 and the upgrade fails to complete. A review of the upgrade log (/var/log/symantec/update.log) shows the message, "connection refused."
ATP version prior to 3.1 with Elasticsearch plugin(s) installed for Elasticsearch.
This issue occurs when an Elasticsearch plugin such as head or marvel is installed for Elasticsearch when the upgrade process is started.
To resolve this issue, either remove the plugin directory or uninstall the plugin(s) before starting the upgrade process. If you've already started the upgrade process, then force-remove the directory. The plugin directory is /usr/share/elasticsearch/plugin/.
Subscribing will provide email updates when this Article is updated. Login is required.