Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Why am I getting splunk-MonitorNoHandle errors in ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why am I getting splunk-MonitorNoHandle errors in the splunkd.log from domain controllers with universal forwarders installed?
Hi,
I'm receiving a bunch of splunk-MonitorNoHandle errors in the splunkd log. These errors are coming from domain controllers with the Universal Forwarder installed with apps Splunk_TA_windows, TA-DNSServer-NT6, and TA-DomainController-NT6. I can't seem to find anything online about these error messages and what they could mean. Does anyone have experience with these errors?
message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"" splunk-monitornohandle - DisplayError: The system cannot find the file specified.\r\n
message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"" splunk-monitornohandle - GetServiceHandle - OpenService failure for 'SplunkMonitorNoHandle'! Error = 1060
message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"" splunk-monitornohandle - StopDriver: Failed to get service handle 0x424
message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"" splunk-monitornohandle - runWinMonitorNoHandleMon: Could not connect to filter driver 0x80070002
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was getting these errors also. There is a file called SplunkMonitorNoHandledrv.inf in the bin directory. After i installed the file the errors were resolved and i was able to successfully monitor the DNS debug file
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Installing the inf file seems to have done the trick on our servers as well.
One thing we noted: most servers were OK, but some 2008 R2 servers were not.
Apart from that, it seems that it is Server 2012, and 2008 core / 2012 core that have failed to pick this up on their own.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found that also. Half were ok but the other half had issues. At least it's a simple fix
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After i installed the file the errors
were resolved and i was able to
successfully monitor the DNS debug
file
What do you mean by "installed the file"? You say the file is already there. (...?)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is already there. It is an inf file so you can right-click it and select install.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah.. literally install it 🙂 I thought maybe you meant moving it to some specific folder. Tnx!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No worries mate. Hope it helps
Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA
.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...
A Season of Skills: New Splunk Courses to Light Up Your Learning Journey
