Deployment Architecture

Error [00000010] Instance name "" Search head's authentication credentials rejected by peer. Try re-adding the peer. Last Connect Time:2018-07-10T16:07:50.000+00:00; Failed 1 out of 1 times.


I'm just trying to connect 1 search head to 1 indexer.

Search head splunkd log

07-09-2018 17:21:46.755 +0000 WARN GetRemoteAuthToken - Unable to get authentication token from peeruri="https‍://".
07-09-2018 17:21:46.755 +0000 WARN DistributedPeer - Peer:https‍:// Authentication Failed
Indexer splunkd.log

07-09-2018 17:21:46.747 +0000 WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user
07-09-2018 17:21:46.755 +0000 WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user

Both have the same trusted.pem under the distsearchkeys directory. Both have the same admin passwords in $SPLUNK_HOME/etc/passwd.

Any help appreciated.

Tags (1)
0 Karma


Hi @aksharp ,

Usually it happens when your search peers (indexers) does not "trust" search head. It could be due to the rebuild of your server or migration to new server etc. To re-trust, as mentioned in the error, try re-adding the peers , (reference : which will overwrite the "stale" tokens/certs which were used to authenticate.

Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Platform Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...