All Apps and Add-ons

Why am I getting connection resets after installing and restarting the Splunk App for VMware on Splunk 6.2.1?

rdrr66
Engager

Working on a POC.

Installed splunk 6.2.1 logged in and changed the admin passwd. I then was able to install a few apps, Splunk App for Unix and Linux, and the example dashboard. Restarted and everything looked good. Then I went to install Splunk App for VMware, by unzipping splunk_app_vmware-3.1.3-246514.zip in the $SPLUNKHOME directory as the splunk user. Restart the application and now I am getting connection resets.

In the splunkd.log

02-05-2015 16:55:30.036 -0500 WARN  HttpListener - Socket error from X.X.X.X while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

If I remove the Splunk App for VMware, splunk works fine. I have gone through the default install twice and had the same result each time.

1 Solution

David
Splunk Employee
Splunk Employee

It looks to me like you're trying to connect to http://x.x.x.x/ and Splunk is expecting https://x.x.x.x/. Many premium Splunk apps will enable SSL by default (you should do it anyway!), but it can be surprising if you miss the warning. Try connecting on https and see if you're able to get to Splunk.

I was able to find this same error with that solution by googling for the error message (it's not Splunk specific, thankfully):
http://stackoverflow.com/questions/20047840/lighttpd-ssl-error
http://stackoverflow.com/questions/24175755/ssl-error-on-tornado-server

View solution in original post

David
Splunk Employee
Splunk Employee

It looks to me like you're trying to connect to http://x.x.x.x/ and Splunk is expecting https://x.x.x.x/. Many premium Splunk apps will enable SSL by default (you should do it anyway!), but it can be surprising if you miss the warning. Try connecting on https and see if you're able to get to Splunk.

I was able to find this same error with that solution by googling for the error message (it's not Splunk specific, thankfully):
http://stackoverflow.com/questions/20047840/lighttpd-ssl-error
http://stackoverflow.com/questions/24175755/ssl-error-on-tornado-server

rdrr66
Engager

Thanks that was it, guess I missed that in the install guide. Shouldn't rush through those things...

0 Karma

Masa
Splunk Employee
Splunk Employee

The message itself is the server was SSL-enabled but it received a non-SSL HTTP request. VMware app enabled splunkweb SSL. Any proxy between your browser and the Search head?

0 Karma

cam343
Path Finder

I know this is an old thread, but further to this my issue was that ...etc/system/local/server.conf had:

enableSplunkdSSL = false

In it, removing that line / setting it to true fixed my issue

Masa
Splunk Employee
Splunk Employee

Thank you, cam343. It is good to know non-SSL splunkd will cause this issue, too.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...