Solved: Re: Universal Forwarder Installation Fails While I...

snowmizer · ‎12-18-2014

I'm trying to install the v6.2.1 Windows 2008 64-bit version of the universal forwarder. It is failing during the installation. When I look at the log file I see the following:

InstallRegmonDrvCA
InstallRegmonDrv: Warning: Invalid property ignored: FailCA=.
InstallRegmonDrv: Info: Driver inf file: C:\Program Files\SplunkUniversalForwarder\bin\splunkdrv-win6.inf.
InstallRegmonDrv: Error: DriverPackageInstall failed with: 0xa.
InstallRegmonDrv: Warning: Failed to install regmon driver.
InstallRegmonDrv: Error 0x80004005: Cannot install regmon driver.
CustomAction InstallRegmonDrv returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 15:13:28: InstallFinalize. Return value 3.

Looking up the 0x80004005 error this points to permissions problem.

Anyone else seen this and have any solutions on how to fix?

Thanks.

mwong · ‎02-12-2015

I have the same issue, I run a command "sfc /scannow" in a command prompt, It did fix some issue. After that, I can install the Splunk 6.2.1.

View solution in original post

supergreen · ‎05-22-2015

When will the SPL-94693 fix be available in the maintenace release?

supergreen · ‎05-22-2015

I was trying to install 6.2.3 (x64) version BTW and running sfc /scannow does solve issue. Thanks!

mwong · ‎02-12-2015

I have the same issue, I run a command "sfc /scannow" in a command prompt, It did fix some issue. After that, I can install the Splunk 6.2.1.

LewisWheeler · ‎08-16-2016

This fixed for me as well.

snowmizer · ‎03-16-2015

I ran this on our problem servers and was able to install the forwarders as well.

Thanks.

jcrabb_splunk · ‎12-19-2014

Thank you for notifying us about the issue. I've opened bug SPL-94693. I will update this when I have been provided additional information.

Jacob
Sr. Technical Support Engineer

e2eadmin · ‎03-18-2015

I have the same issue, but running the command "sfc /scannow" does NOT fix the issue. Are there any updates to SPL-94693? Thanks.

jcrabb_splunk · ‎03-18-2015

SPL-94693 fix will likely be in the next maintenance release. The workaround is as described by mwong. Please be sure to reboot after running sfc /scannow. If that does not work, be certain all available updates are installed and repeat the steps. If after that the issue still exists, I would encourage you to file a case with Splunk so it can be reviewed.

Jacob
Sr. Technical Support Engineer

snowmizer · ‎12-19-2014

We did a little more testing and figured out that the forwarder thinks the release is incompatible because the server is an Intel server and the install thinks it's an AMD64.

Universal Forwarder Installation Fails While Installing RegMon Driver

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor