which resulted in the following SplunkInstall.log error:
SetupServiceConfig: Error: ChangeServiceConfig failed 0x421
SetupServiceConfig: Error: 0x80004005: Cannot setup splunkd
CustomAction SetupServiceConfig returned actual error code 1603
(note this may not be 100% accurate if translation happened inside sandbox)
Instead, I tried to install Splunk to run as a "Local System" user (since I know this works when I use the MSI GUI) and then (prior to Splunk's first launch) manually change Splunk to run as the MSA. I got further along the process this way, as I was able to successfully install Splunk using the following cmdline:
The issue I am now facing is neither Splunkd Service service nor Splunk Web (legacy) are starting. When I attempted to start Splunk via cmdline, I found the following error in $SPLUNK_HOME\var\log\splunk\splunkd-utility.log:
ERROR UserManagerPro - The password cannot be set to the default password
ERROR AdminHandler:AuthenticationHandler - The password cannot be set to the default password.
Side Note: $SPLUNK_HOME\etc\passwd ends in the following test
When I attempted to start the service from the Windows' GUI "Services", I received the following pop-up error:
Windows could not start the Splunkd Service service on Local Computer
Error 1067: The process terminated unexpectedly.