I am trying to push my first app through the search head deployer. this is a brand new Splunk 7.3.1 environment with 3 search heads, 1 search head deployer, an indexer cluster with 2 indexers and a master. I was able to create new indexes, replicate them and get data into them via forwarders.
Now i am trying to push an app that i had from an older Splunk installation (6.0)
I have copied the app folder to C:\program Files\Splunk\etc\cshcluster\apps\
when i do apply shcluster-bundle i get this error
Error while creating deployable apps: Error moving tmp_staging_area="C:\Program Files\Splunk\var\run\splunk\deploy.b94554b735abfbef.tmp" to dst="C:\Program Files\Splunk\var\run\splunk\deploy": Access is denied.
I tried giving Everyone full permission on the var\run\splunk folder
The deploy folder isnt there. if i try to create manually, as soon i run the above command the deploy folder gets deleted.
i see some session files gets created
session-cdddb8bfb120d499621edad0785d147ba3cc36d1
session-cdddb8bfb120d499621edad0785d147ba3cc36d1.lock

Not able to figure out what the problem is? Any help is greatly appreciated.