I upgraded from 6.0 to 6.1 this morning and received the following message in a window titled "Force ACLs":
Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'
Then it lists the Splunk domain user I specified earlier in the installation. I was logged in as a domain administrator when performing the installation, and the domain account I specified for Splunk was set up following the guides here and here. I haven't noticed any adverse effects as of yet... Has anyone else experienced this error or seen any consequences of it yet?
Thus far though, I've only seen the error during our Indexer upgrades.
I didn't see the error during our Cluster Master, Deployment Server, Forwarder, or Search Head upgrades. I don't yet know whether there will be adverse effects.
Update: With 6.1.1 released, are you still seeing issues?
Had the same issue upgrading from 6.0.2 to 6.1.1 on our 3 servers (search head + 2 indexers)
I was finally able to upgrade to 6.1.1, and yes I still got this error message. I haven't really noticed any issues from it yet, though.
Received the same message when upgrading from 6.0.2 to 6.1.1 (windows server 2008 R2).
Is there a common thread here, where the upgrade was for splunk that was running as domain-account? This is as opposed to the default local-system style installation. The pop-up, though present, lets the installation run to completion. Would one of you be willing to open the file explorer, navigate to the splunk installation directory and right click to get the properties of a file and take note of file access rights? What I would look for is to see if the file(s) contain full access rights for the domain-account that splunk runs as.
Also: Can you note if this is a Universal Forwarder or Enterprise install? (or both?)