Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

khusain_splunk
Splunk Employee
Splunk Employee
‎10-29-2018 10:25 PM

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

10-11-2018 09:09:59.340 +0800 WARN ClientSessionsManager - Client with Id 'XXXXX-XX-XXX-XXX-XXXX' has changed some of its properties on the latest phone home.Old properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX. New properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

View solution in original post

Reply
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

Reply
Solved! Jump to solution

splunkyj
Path Finder
‎12-24-2020 09:43 AM

This worked for me as well. However, I would like to add there are 2 other places to ensure that your instance name matches the hostname - which is commonly related to this issue as well. 

in $SPLUNK_HOME/etc/system/local/inputs.conf  
check host=setting that may be the old hostname  

 in $SPLUNK_HOME/etc/system/local/server.conf  
 check servername= setting that may have the old hostname

Give me a thumbs up if you found this helpful 🙂

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎10-30-2018 06:40 AM

A thread with the same message - Client with Id ... has changed some of its properties on the latest phone home.

It's at - What do I look at in splunkd.log to troubleshoot deployment client issues?

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...