Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Encounter errors when installing Splunk forwarder on Windows 2003 DC

remy06
Contributor
‎10-08-2010 04:22 AM

Hi,

I have to reinstall Splunk on a different drive(from C:\ to D:) on our Windows 2003 domain controller.

When I tried to install again I've encountered these errors:
1)
Splunk installer was unable to enable Windows App
Splunk exicode = '2'

I closed it,it continues and encountered the 2nd error:
2)
Splunk installer was unable to start Splunk services
Please make sure you have provided the correct username and/or password,and the user you are trying to run Splunk as has the correct privileges. Exicode='1'

I've checked sevices.msc and splunkd and splunkweb are listed, but unable to start.

I have tried to install using the domain administrator account,and a user account that was given administrator privileges but both unsuccessful.

Now even when I tried to uninstall Splunk,splunkd and splunkweb doesn't get removed from services.msc, even after a reboot of the server.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

remy06
Contributor
‎10-21-2010 04:04 AM

Am not sure what went wrong here. But I've tested and started using WMI alternative to pull events from this server instead.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

amN0P
Explorer
‎06-15-2012 02:34 PM

I am encountering the same issue with 4.3.2 I have tried a lot of different things (checked alternate machines, tried 4.3.1 etc) all running with admin rights. Can someone please post the remedy.

0 Karma
Reply
Solved! Jump to solution

ngoctuanqn
New Member
‎03-25-2011 03:24 AM

thanks u so much !!!

0 Karma
Reply
Solved! Jump to solution

jlford30
Explorer
‎02-03-2011 07:59 PM

SO do this:

1) Start > Run > services.msc 2) Find Splunkd 3) Right Click properties 4) Go to Log-on Tab 5) Re-fill in the: This Account Information 6) Click Apply 7) Click Ok 8) Start the 2 splunk services after allowing log-on services.

Reply
Solved! Jump to solution

jlford30
Explorer
‎02-03-2011 07:42 PM

Having the same issue. I even logged into the server with the newly created splunk service account with Domain Admin priv and still have this message. Exitcode = 4

Any remedies?

0 Karma
Reply
Solved! Jump to solution
Solution

remy06
Contributor
‎10-21-2010 04:04 AM

Am not sure what went wrong here. But I've tested and started using WMI alternative to pull events from this server instead.

0 Karma
Reply
Solved! Jump to solution

remy06
Contributor
‎10-11-2010 01:55 AM

Splunk does not require a reboot to uninstall if Im not wrong.I simply uninstall the previous version of Splunk at C:\, before I attempt to install it again on D:\

0 Karma
Reply
Solved! Jump to solution

ftk
Motivator
‎10-08-2010 01:11 PM

Did you uninstall Splunk cleanly before attempting to install again?

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...