I'm trying to install the v6.2.1 Windows 2008 64-bit version of the universal forwarder. It is failing during the installation. When I look at the log file I see the following:
InstallRegmonDrvCA
InstallRegmonDrv: Warning: Invalid property ignored: FailCA=.
InstallRegmonDrv: Info: Driver inf file: C:\Program Files\SplunkUniversalForwarder\bin\splunkdrv-win6.inf.
InstallRegmonDrv: Error: DriverPackageInstall failed with: 0xa.
InstallRegmonDrv: Warning: Failed to install regmon driver.
InstallRegmonDrv: Error 0x80004005: Cannot install regmon driver.
CustomAction InstallRegmonDrv returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 15:13:28: InstallFinalize. Return value 3.
Looking up the 0x80004005 error this points to permissions problem.
Anyone else seen this and have any solutions on how to fix?
Thanks.
I have the same issue, I run a command "sfc /scannow" in a command prompt, It did fix some issue. After that, I can install the Splunk 6.2.1.
When will the SPL-94693 fix be available in the maintenace release?
I was trying to install 6.2.3 (x64) version BTW and running sfc /scannow does solve issue. Thanks!
I have the same issue, I run a command "sfc /scannow" in a command prompt, It did fix some issue. After that, I can install the Splunk 6.2.1.
This fixed for me as well.
I ran this on our problem servers and was able to install the forwarders as well.
Thanks.
Thank you for notifying us about the issue. I've opened bug SPL-94693. I will update this when I have been provided additional information.
I have the same issue, but running the command "sfc /scannow" does NOT fix the issue. Are there any updates to SPL-94693? Thanks.
SPL-94693 fix will likely be in the next maintenance release. The workaround is as described by mwong. Please be sure to reboot after running sfc /scannow. If that does not work, be certain all available updates are installed and repeat the steps. If after that the issue still exists, I would encourage you to file a case with Splunk so it can be reviewed.
We did a little more testing and figured out that the forwarder thinks the release is incompatible because the server is an Intel server and the install thinks it's an AMD64.