1. Describe your incident:
Installed Graylog server, it looks like it’s running but i cant login.
I created root password using the command below:
echo -n “Enter Password: " && head -1 </dev/stdin | tr -d ‘\n’ | sha256sum | cut -d” " -f1
but when logging in error is shown below:
2. Describe your environment:
3. What steps have you already taken to try and solve the problem?
Changed PW but still same error
4. How can the community help?
Any tips?
I understand this is a dumb question, but i have seen this happen often enough i have to ask, you are sure that you didnt get password and secret switched up in server.conf right?
Thank you! That was my bad 
i did get a new issue now. For some reason I’m getting this notification even if i put is_leader = true and running on a single-node
Hey @mouse1122 ,
The error banner does not disappear by itself. Did it come back when you “deleted” it?
Did you apply the server changes by restarting the graylog-server.service?
Greetings
yes it comes back when i delete it. And yes, i did restart the graylog-server.services but error is still popping up
You can try different things.
-
check the Node-ID
node_id_file: …
look at the file. Are the permissions correct, does the file exist?
To be sure you can delete the id and let graylog create a new one:
sudo rm /etc/graylog/server/node-id
sudo systemctl restart graylog-server
-
Check MongoDB connection
-
Check Cluster-Status
curl -X GET http://localhost:9000/api/system/cluster
Hi
Here’s the node-id:
I removed it and restarted the service, unfortunately it didnt recreate the node-id 
Check Cluster-Status
curl -X GET http://localhost:9000/api/system/cluster
Sorry, Im not really very good at this
Oh you recreated the node id?
Can you show me the bind_address, …in your server.conf?
It seems that the api has a problem.
bind addr is set as below:
http_bind_address = [serverIP]:9000
no, i havent recreated the node-id. the server is dead right now lol
I appreciate your patience btw 
I think it is possible to recreat the id file
sudo nano /etc/graylog/server/node-id
48e78d68-a258-488a-8a2f-ad034da0ed37
or
uuidgen | sudo tee /etc/graylog/server/node-id
Permission on that file:
and the api call didnt work because the node is dead 
ermm…the server is alive again but i’m getting the same error
Run the health check of the cluster again
Let me rethink this and i come back.
Try following:
You change the default port 9000 to a different for example 8080
And you use for the bin address a wildcard address
Publish and external stay your fqdn or ip
http_bind_address = 0.0.0.0:8080
http_publish_uri = http://yourip:8080/
http_external_uri = http://yourip:8080/
possibly check your firewall settings
do you have asccess to your api?
fqdn/ip and port are the same to access the web ui
http://<fqdn/ip>:<port>/api/api-browser/
HI Marvin, yes these are set correctly. and i can access http://<fqdn/ip>:/api/api-browser/ this
Okay, here I am again, I installed Graylog 6 by myself and set it up like in the manual.
https://go2docs.graylog.org/current/downloading_and_installing_graylog/installing_graylog.html?tocpath=Installing%20Graylog|_____0
It worked absolutely fine…
I can only assume that maybe your connection to MongoDB on port 27017 (TCP) is sometimes failing, this could be a firewall or routing problem if you are not using the loopback address. I dont know if its possible but you can try to do a TCP dump on that port or change the Mongo URI in your Server.conf.
/etc/mongod.conf
net:
port: 27017
bindIp: 0.0.0.0
And in the server.conf of graylog
mongodb_uri = mongodb://your.mashine.example:27017/graylog
