Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

khusain_splunk
Splunk Employee
Splunk Employee
‎10-29-2018 10:25 PM

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

10-11-2018 09:09:59.340 +0800 WARN ClientSessionsManager - Client with Id 'XXXXX-XX-XXX-XXX-XXXX' has changed some of its properties on the latest phone home.Old properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX. New properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

View solution in original post

Reply
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

Reply
Solved! Jump to solution

splunkyj
Path Finder
‎12-24-2020 09:43 AM

This worked for me as well. However, I would like to add there are 2 other places to ensure that your instance name matches the hostname - which is commonly related to this issue as well. 

in $SPLUNK_HOME/etc/system/local/inputs.conf  
check host=setting that may be the old hostname  

 in $SPLUNK_HOME/etc/system/local/server.conf  
 check servername= setting that may have the old hostname

Give me a thumbs up if you found this helpful 🙂

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎10-30-2018 06:40 AM

A thread with the same message - Client with Id ... has changed some of its properties on the latest phone home.

It's at - What do I look at in splunkd.log to troubleshoot deployment client issues?

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...