Getting Data In
Highlighted

Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

Motivator

I upgraded from 6.0 to 6.1 this morning and received the following message in a window titled "Force ACLs":

Splunk Installer was unable to set the CACLS on the Splunk files.  Exitcode='13'

Then it lists the Splunk domain user I specified earlier in the installation. I was logged in as a domain administrator when performing the installation, and the domain account I specified for Splunk was set up following the guides here and here. I haven't noticed any adverse effects as of yet... Has anyone else experienced this error or seen any consequences of it yet?

Tags (4)
Highlighted

Re: Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

New Member

Seconded.

Thus far though, I've only seen the error during our Indexer upgrades.

I didn't see the error during our Cluster Master, Deployment Server, Forwarder, or Search Head upgrades. I don't yet know whether there will be adverse effects.

Update: With 6.1.1 released, are you still seeing issues?

0 Karma
Highlighted

Re: Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

Path Finder

Had the same issue upgrading from 6.0.2 to 6.1.1 on our 3 servers (search head + 2 indexers)

0 Karma
Highlighted

Re: Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

New Member

I had the same message upgrading from 6.0.1 to 6.1.1

0 Karma
Highlighted

Re: Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

Motivator

I was finally able to upgrade to 6.1.1, and yes I still got this error message. I haven't really noticed any issues from it yet, though.

0 Karma
Highlighted

Re: Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

New Member

Received the same message when upgrading from 6.0.2 to 6.1.1 (windows server 2008 R2).

0 Karma
Highlighted

Re: Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

Splunk Employee
Splunk Employee

Is there a common thread here, where the upgrade was for splunk that was running as domain-account? This is as opposed to the default local-system style installation. The pop-up, though present, lets the installation run to completion. Would one of you be willing to open the file explorer, navigate to the splunk installation directory and right click to get the properties of a file and take note of file access rights? What I would look for is to see if the file(s) contain full access rights for the domain-account that splunk runs as.

Also: Can you note if this is a Universal Forwarder or Enterprise install? (or both?)

0 Karma
Highlighted

Re: Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

New Member
  1. Only occurred for me on my Indexers (Splunk Enterprise).
  2. Domain (Service) Account.
  3. Splunk Domain (Service) Account has Full Control of the Splunk directory.
0 Karma
Highlighted

Re: Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

New Member
  1. upgrading from Splunk Enterprise 6.0.1 to 6.1.1
  2. Using a domain service account
  3. Domain service account in the Local Administrators group of the server
  4. Domain service account had Full Control of the Splunk directory
0 Karma
Highlighted

Re: Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

Contributor

I am having the same error could anyone please help me on this?

0 Karma