We checked the following as possible causes for this issue:
- outputs.conf for multiple entries using same port
- more than one instance of Splunk running
- Firewall issues
- Event Logs show:
Audit Failure 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5157 Filtering Platform Connection
Audit Success 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5156 Filtering Platform Connection
Audit Failure 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5157 Filtering Platform Connection
Audit Success 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5156 Filtering Platform Connection
The issues was fixed by this Microsoft KB article:
http://support.microsoft.com/kb/2654852
