Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk UF is not connecting with Deployment Server

ankit13
Loves-to-Learn Lots
yesterday

Hii everyone,

I have installed Splunk uf 10.0.5 on windows server 2016. The UF needs to connected to DS whose version is 10.2.0. But the UF is not connecting with DS. I have tried checking whether there is a network issue or port is blocked. But Test-Net connection shows that it successfully connects my DS on 8089 port.  Netstat -ano shows that ports are open. When checked the splunkd.log of uf it shows that error not connected to DS, handshake failed or socket error. I am attaching the splunkd.log image for the reference.

ankit13_2-1781429991539.png

when I checked the splunkd.log of DS its shows socket error while idling. below is the image attached from DS for the reference.

ankit13_1-1781429756439.jpeg

 

Any idea?

Thanks in advance,

Regards,

Ankit Singh

Labels (2)
Labels
0 Karma
Reply

kml_uvce
Builder
yesterday

The issue might be - TLS/cipher mismatch between UF 10.0.5 and DS 10.2.0. Different minor versions can ship different sslVersions / cipherSuite / ecdhCurves defaults, and a FIPS-on-one-side-only setup fails identically. also check if UF tries to connect to DS ove unecrypted HTTP.

 

kamal singh bisht
0 Karma
Reply

ankit13
Loves-to-Learn Lots
14 hours ago

Hii,

I have installed Splunk uf 10.2.1 but the issue remains the same. Also, i have checked the suing the OpenSSL and it is getting connected. When checked on DS for the logs related to that server it shows socket error.

ankit13_0-1781509584099.png


While i have another windows server 2012 server in the same environment but it is properly working.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
13 hours ago

How about you help us help you?

Check the config (with btool), compare the contents of deploymentclient.conf on both working and non-working UF...

0 Karma
Reply

ankit13
Loves-to-Learn Lots
13 hours ago

The deploymentclient.conf of both servers are same.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
10 hours ago
Please add those configurations here.
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
yesterday

This kind of errors usually happens with mismatched TLS settings. My guess would be that you have TLS enabled on management port on DS (which is default setting), but your UF tries to connect to DS over unencrypted HTTP.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...