Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Universal Forwarder Deployment with SCCM

asofo
Path Finder
‎11-04-2015 05:28 AM

Hello,

We are trying to deploy the Splunk Universal Forwarder using Microsoft SCCM. I can successfully install the MSI from the command line using:

msiexec /i "splunkforwarder-6.3.0-aa7d4b1ccb80-x64-release.msi" AGREETOLICENSE=Yes DEPLOYMENT_SERVER="mydeploymentserver:8089" /quiet

However when our SCCM admin uses the same command in his deployment manager, the installation fails. According to the SCCM log, the error is:

[LOG[Failed to clear product> advertisement, error code> 1603]LOG]!> date="10-29-2015" component="execmgr"> context="" type="3" thread="17300"> file="msiexecution.cpp:264"

I know this is most likely an SCCM issue, but wanted to see if anyone out there has received a similar error or had a similar issue.

Thanks!

0 Karma
Reply

shartwell
Explorer
‎11-05-2015 04:04 PM

Could be the "/q" switch SCCM adds to packages when it deploys them.
Splunk already has a "/quiet" switch and the two together will prevent SCCM from deploying it.
You'll need to create a batch file which executes the MSI to get around this problem.

Reply

bohanlon_splunk
Splunk Employee
Splunk Employee
‎11-04-2015 06:29 AM

Sounds like this:
https://support.microsoft.com/en-us/kb/834484

0 Karma
Reply

asofo
Path Finder
‎11-04-2015 08:58 AM

I saw that earlier, but the machines are Windows 7 and I checked all permissions. The weird thing is that there weren't any problems with the 6.0.1 version of the Universal Forwarder.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...