Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

khusain_splunk
Splunk Employee
Splunk Employee
‎10-29-2018 10:25 PM

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

10-11-2018 09:09:59.340 +0800 WARN ClientSessionsManager - Client with Id 'XXXXX-XX-XXX-XXX-XXXX' has changed some of its properties on the latest phone home.Old properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX. New properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

View solution in original post

Reply
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

Reply
Solved! Jump to solution

splunkyj
Path Finder
‎12-24-2020 09:43 AM

This worked for me as well. However, I would like to add there are 2 other places to ensure that your instance name matches the hostname - which is commonly related to this issue as well. 

in $SPLUNK_HOME/etc/system/local/inputs.conf  
check host=setting that may be the old hostname  

 in $SPLUNK_HOME/etc/system/local/server.conf  
 check servername= setting that may have the old hostname

Give me a thumbs up if you found this helpful 🙂

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎10-30-2018 06:40 AM

A thread with the same message - Client with Id ... has changed some of its properties on the latest phone home.

It's at - What do I look at in splunkd.log to troubleshoot deployment client issues?

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...