Getting Data In

Universal Forwarder Installation Fails While Installing RegMon Driver

snowmizer
Communicator

I'm trying to install the v6.2.1 Windows 2008 64-bit version of the universal forwarder. It is failing during the installation. When I look at the log file I see the following:

InstallRegmonDrvCA
InstallRegmonDrv: Warning: Invalid property ignored: FailCA=.
InstallRegmonDrv: Info: Driver inf file: C:\Program Files\SplunkUniversalForwarder\bin\splunkdrv-win6.inf.
InstallRegmonDrv: Error: DriverPackageInstall failed with: 0xa.
InstallRegmonDrv: Warning: Failed to install regmon driver.
InstallRegmonDrv: Error 0x80004005: Cannot install regmon driver.
CustomAction InstallRegmonDrv returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 15:13:28: InstallFinalize. Return value 3.

Looking up the 0x80004005 error this points to permissions problem.

Anyone else seen this and have any solutions on how to fix?

Thanks.

1 Solution

mwong
Splunk Employee
Splunk Employee

I have the same issue, I run a command "sfc /scannow" in a command prompt, It did fix some issue. After that, I can install the Splunk 6.2.1.

View solution in original post

supergreen
Engager

When will the SPL-94693 fix be available in the maintenace release?

0 Karma

supergreen
Engager

I was trying to install 6.2.3 (x64) version BTW and running sfc /scannow does solve issue. Thanks!

mwong
Splunk Employee
Splunk Employee

I have the same issue, I run a command "sfc /scannow" in a command prompt, It did fix some issue. After that, I can install the Splunk 6.2.1.

LewisWheeler
Communicator

This fixed for me as well.

0 Karma

snowmizer
Communicator

I ran this on our problem servers and was able to install the forwarders as well.

Thanks.

jcrabb_splunk
Splunk Employee
Splunk Employee

Thank you for notifying us about the issue. I've opened bug SPL-94693. I will update this when I have been provided additional information.

Jacob
Sr. Technical Support Engineer
0 Karma

e2eadmin
Explorer

I have the same issue, but running the command "sfc /scannow" does NOT fix the issue. Are there any updates to SPL-94693? Thanks.

0 Karma

jcrabb_splunk
Splunk Employee
Splunk Employee

SPL-94693 fix will likely be in the next maintenance release. The workaround is as described by mwong. Please be sure to reboot after running sfc /scannow. If that does not work, be certain all available updates are installed and repeat the steps. If after that the issue still exists, I would encourage you to file a case with Splunk so it can be reviewed.

Jacob
Sr. Technical Support Engineer
0 Karma

snowmizer
Communicator

We did a little more testing and figured out that the forwarder thinks the release is incompatible because the server is an Intel server and the install thinks it's an AMD64.

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...