Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

khusain_splunk
Splunk Employee
Splunk Employee
‎10-29-2018 10:25 PM

Universal forwarder is unable to connect Deployment server . I see below error in Deployment server for the client Ip

10-11-2018 09:09:59.340 +0800 WARN ClientSessionsManager - Client with Id 'XXXXX-XX-XXX-XXX-XXXX' has changed some of its properties on the latest phone home.Old properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX. New properties are: ip=XX.XX.XX.XXX dns=XX.XX.XX.XX hostname=XXXXXXX build=4b804538c686 uts=windows-x64 name=XXXXX-XX-XXX-XXX-XXXX.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

View solution in original post

Reply
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-05-2018 09:29 PM

This issue happens due to duplicate GUID issue [If you have cloned multiple instances from the same OS image].

You can follow the below steps to resolve the issue:

gin to problem Universal forwarder .

  • Go to /opt/splunkforwarder/etc/ and rename instance.cfg to backup_instances.cfg

  • Restart the UF splunk service

  • Go to /opt/splunkforwarder/etc/ and check that new instance.cfg has been created

  • Go to DS and run below to see if the UF is connected and listed:
    splunk list deploy-clients

  • List item

Reply
Solved! Jump to solution

splunkyj
Path Finder
‎12-24-2020 09:43 AM

This worked for me as well. However, I would like to add there are 2 other places to ensure that your instance name matches the hostname - which is commonly related to this issue as well. 

in $SPLUNK_HOME/etc/system/local/inputs.conf  
check host=setting that may be the old hostname  

 in $SPLUNK_HOME/etc/system/local/server.conf  
 check servername= setting that may have the old hostname

Give me a thumbs up if you found this helpful 🙂

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎10-30-2018 06:40 AM

A thread with the same message - Client with Id ... has changed some of its properties on the latest phone home.

It's at - What do I look at in splunkd.log to troubleshoot deployment client issues?

Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...