Splunk Dev

error when I am trying to install splunkclouduf.spl on windows

marceloamorim
New Member

Hello guys,

I would like you help on this:

I am getting this error when I am trying to install splunkclouduf.spl on windows Server 2012.

Did not find "disabled" setting of "kvstore" stanza in server bundle.
Couldn't complete HTTP request: Winsock error #10022

Event Viewer:

Faulting application name: SplunkD.EXE, version: 2048.256.24031.1943, time stamp: 0x5ddf0b24
Faulting module name: ucrtbase.DLL, version: 10.0.10586.212, time stamp: 0x56fa10e8
Exception code: 0xc0000409
Fault offset: 0x00000000000698fe
Faulting process id: 0x142c
Faulting application start time: 0x01d5cc7ddfb89889
Faulting application path: C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE
Faulting module path: C:\Program Files\SplunkUniversalForwarder\bin\ucrtbase.DLL
Report Id: 1e9fe115-3871-11ea-941d-44a8421b43ed
Faulting package full name:
Faulting package-relative application ID:

Tags (1)
0 Karma

DavidHourani
Super Champion

Hi @marceloamorim,

Did you follow the steps here for the install :
https://docs.splunk.com/Documentation/Splunk/latest/AddMSADCloud/Forwardercertificate#Install_the_fo...

If so could you please paste in what errors/warnings you're getting in your internal logs ?

Cheers,
David

0 Karma

marceloamorim
New Member

Hey @DavidHourani , Thanks for answer!

Yes, I have followed this article, but when I type "splunk install app -auth :", I receive this message error:

Did not find "disabled" setting of "kvstore" stanza in server bundle.
Couldn't complete HTTP request: Winsock error #10022

This error is from event viewer:

Faulting application name: SplunkD.EXE, version: 2048.256.24031.1943, time stamp: 0x5ddf0b24
Faulting module name: ucrtbase.DLL, version: 10.0.10586.212, time stamp: 0x56fa10e8
Exception code: 0xc0000409
Fault offset: 0x00000000000698fe
Faulting process id: 0x142c
Faulting application start time: 0x01d5cc7ddfb89889
Faulting application path: C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE
Faulting module path: C:\Program Files\SplunkUniversalForwarder\bin\ucrtbase.DLL
Report Id: 1e9fe115-3871-11ea-941d-44a8421b43ed
Faulting package full name:
Faulting package-relative application ID:

0 Karma

DavidHourani
Super Champion

could you please post what's in internal logs ? In splunkd.log

0 Karma

marceloamorim
New Member

Hey @DavidHourani

here is the logs,

01-17-2020 08:05:00.383 -0800 WARN DC:DeploymentClient - DeploymentClient explicitly disabled through config.
01-17-2020 08:05:00.383 -0800 WARN SHCConfig - Default pass4symkey is being used. Please change to a random one.
01-17-2020 08:05:00.633 -0800 WARN UserManagerPro - Can't find [distributedSearch] stanza in distsearch.conf, using default authtoken HTTP timeouts
01-17-2020 08:05:00.992 -0800 WARN X509Verify - X509 certificate (O=SplunkUser,CN=SplunkServerDefaultCert) should not be used, as it is issued by Splunk's own default Certificate Authority (CA). This puts your Splunk instance at very high-risk of the MITM attack. Either commercial-CA-signed or self-CA-signed certificates must be used; see:
01-17-2020 08:05:01.008 -0800 ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf.

thanks in advance.

Marcelo Amorim

0 Karma

DavidHourani
Super Champion

is there any local firewall running on your machine ? Anything that might be blocking the traffic ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...