Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

khusain_splunk
Splunk Employee
Splunk Employee
‎10-29-2018 10:25 PM

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

10-11-2018 09:09:59.340 +0800 WARN ClientSessionsManager - Client with Id 'XXXXX-XX-XXX-XXX-XXXX' has changed some of its properties on the latest phone home.Old properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX. New properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

View solution in original post

Reply
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

Reply
Solved! Jump to solution

splunkyj
Path Finder
‎12-24-2020 09:43 AM

This worked for me as well. However, I would like to add there are 2 other places to ensure that your instance name matches the hostname - which is commonly related to this issue as well. 

in $SPLUNK_HOME/etc/system/local/inputs.conf  
check host=setting that may be the old hostname  

 in $SPLUNK_HOME/etc/system/local/server.conf  
 check servername= setting that may have the old hostname

Give me a thumbs up if you found this helpful 🙂

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎10-30-2018 06:40 AM

A thread with the same message - Client with Id ... has changed some of its properties on the latest phone home.

It's at - What do I look at in splunkd.log to troubleshoot deployment client issues?

Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...