Getting Data In

Why am I getting an error installing a universal forwarder on WIndows server 2008 R2 with a Powershell script?

jamesonf
New Member

Out of the 37 of our servers which this processed worked successfully without issue, I am running into an error on our final two servers. I would appreciate any assistance possible with this issue. In order to install the splunk forwarder, I am using the following PowerShell script:

####################################################
# Splunk Forwarder Production Install              #
#                                                  #
# Intended for use only with [REDACTED] servers. #
#                                                  #
# Last updated: 03.26.2015                         #
####################################################


############## Variable Declarations ###############

## Deployment specific variables
# $campus - Enter campus, in or bl
$campus = "bl"
# $dept - Enter campus code
$dept = "REDACTED"

## Declare static variables
$hostname = $env:COMPUTERNAME.ToLower()
$arch = $env:PROCESSOR_ARCHITECTURE
$os = "win"
$dpsrv = "in-hnet-dps01.hnet.iupui.edu:8089"
$filename = "deploymentclient.conf"
$path1 = "C:\Program Files\SplunkUniversalForwarder\etc\apps\zzz_config_base"
$path2 = "C:\Program Files\SplunkUniversalForwarder\etc\apps\zzz_config_base\local\"
$fullfile = $path2+$filename
$msi64 = "splunkforwarder-6.2.3-264376-x64-release.msi"
$msi86 = "splunkforwarder-6.2.1-245427-x86-release.msi"
$service = "SplunkForwarder"
$file = @"
[deployment-client]
clientName = $campus-$os-$dept-$hostname

[target-broker:deploymentServer]
targetUri=$dpsrv
"@

############## Begin function logic ###############

## Detect server architecture
Function Get-Arch
{
    echo "Detecting architecture..."
    If ($arch -eq "AMD64")
    {
        echo "...done."
        Install-x64
    }
    ElseIf ($arch -eq "x86")
    {
        echo "...done."
        Install-x86
    }
    Else
    {
        Error-Handling "architecture detection"
    }
}

## Install x64 version of forwarder
function Install-x64
{
    echo "Installing x64 forwarder..."
    msiexec.exe /i $msi64 AGREETOLICENSE=Yes /log log.txt /quiet | out-null
    If ($LASTEXITCODE -eq "0")
    { 
        echo "...done."
        Put-File $campus
    }
    ElseIf ($LASTEXITCODE -ne "0")
    {
        Error-Handling "splunk installation x64"
    }
}

## Install x86 version of forwarder 
function Install-x86
{
    echo "Installing x86 forwarder..."
    msiexec.exe /i $msi86 AGREETOLICENSE=Yes /log log.txt /quiet | out-null
    If ($LASTEXITCODE -eq "0")
    { 
        echo "...done."
        Put-File $campus
    }
    ElseIf ($LASTEXITCODE -ne "0")
    {
        Error-Handling "splunk installation x86"
    }
}

## Create config directory and conf file
Function Put-File
{
    echo "Creating base directory and conf file..."
    If (Test-Path $fullfile)
    {
        del $fullfile
    }
    Else
    {
        New-Item -ItemType directory -Path "$path1"
        New-Item -ItemType directory -Path "$path2"
    }

    $file > $fullfile
    echo "...done."
    echo "Restarting Splunk service..."
    Stop-Service -Name "$service"
    #Set-Service -Name "$service" -StartupType Disabled
    Start-Service -Name "$service"
    echo "...done."
}

## Output any errors that occur
Function Error-Handling ($error)
{
    Write-Output "Encountered an error at $error."
}

############## Begin script execution #############

Get-Arch
echo "Script complete."

Yet, I continue to receive an error; log details may be found below:

=== Logging started: 6/16/2015  9:42:41 ===
Action start 9:42:41: INSTALL.
Action start 9:42:41: SetAllUsers.
SetAllUsers:  Info: Registry setting for current user is not found.
SetAllUsers:  Info: ALLUSERS value for the existing installation: -1.
SetAllUsers:  Info: Set ALLUSERS property to 1.
SetAllUsers:  Info: Leave SetAllUsers: 0x0.
Action ended 9:42:41: SetAllUsers. Return value 1.
Action start 9:42:41: FindRelatedProducts.
Action ended 9:42:41: FindRelatedProducts. Return value 0.
Action start 9:42:41: GetPreviousSettings.
GetPreviousSettings:  Info: found installed splunk products: 
GetPreviousSettings:  Info: ProductCode: {E9FDEF0E-18D8-4DC9-A263-1539E24FCCF1}, ProductName: UniversalForwarder, ProductVersion: 6.2.3.264376 
GetPreviousSettings:  Info: skip installing drivers. To override this setting use FORCEINSTALLDRIVERS=1
GetPreviousSettings:  Info: Number of splunk products installed: 1
GetPreviousSettings:  Info: Leave GetPreviousSettings: 0x0.
Action ended 9:42:41: GetPreviousSettings. Return value 1.
Action start 9:42:41: CheckSupportedOs.
Action ended 9:42:41: CheckSupportedOs. Return value 1.
Action start 9:42:41: ValidateProductID.
Action ended 9:42:41: ValidateProductID. Return value 1.
Action start 9:42:41: CostInitialize.
Action ended 9:42:41: CostInitialize. Return value 1.
Action start 9:42:41: FileCost.
Action ended 9:42:41: FileCost. Return value 1.
Action start 9:42:41: CostFinalize.
Action ended 9:42:41: CostFinalize. Return value 1.
Action start 9:42:41: StopSplunkService.
StopSplunkService:  Info: Properties: splunkHome: C:\Program Files\SplunkUniversalForwarder\, svcName: SplunkForwarder.
StopSplunkService:  Info: Enter.
StopSplunkService:  Info: SplunkForwarder service does not exists.
Action ended 9:42:41: StopSplunkService. Return value 1.
Action start 9:42:41: InstallValidate.
Action ended 9:42:41: InstallValidate. Return value 1.
Action start 9:42:41: InstallInitialize.
Action ended 9:42:41: InstallInitialize. Return value 1.
Action start 9:42:41: SaveInstallLocation.
Action ended 9:42:41: SaveInstallLocation. Return value 1.
Action start 9:42:41: CheckLicenseAgreement.
Action ended 9:42:41: CheckLicenseAgreement. Return value 1.
Action start 9:42:41: ProcessComponents.
Action ended 9:42:42: ProcessComponents. Return value 1.
Action start 9:42:42: UnpublishFeatures.
Action ended 9:42:42: UnpublishFeatures. Return value 1.
Action start 9:42:42: StopSplunkServiceDefData.
Action ended 9:42:42: StopSplunkServiceDefData. Return value 1.
Action start 9:42:42: StopSplunkServiceDef.
Action ended 9:42:42: StopSplunkServiceDef. Return value 1.
Action start 9:42:42: RemoveAccountFromGroupsData.
Action ended 9:42:42: RemoveAccountFromGroupsData. Return value 1.
Action start 9:42:42: RemoveAccountFromGroups.
Action ended 9:42:42: RemoveAccountFromGroups. Return value 1.
Action start 9:42:42: RemoveRightsFromRegistryData.
Action ended 9:42:42: RemoveRightsFromRegistryData. Return value 1.
Action start 9:42:42: RemoveRightsFromRegistry.
Action ended 9:42:42: RemoveRightsFromRegistry. Return value 1.
Action start 9:42:42: RemoveGroupAndRightsFromRegData.
Action ended 9:42:42: RemoveGroupAndRightsFromRegData. Return value 1.
Action start 9:42:42: RemoveGroupAndRightsFromReg.
Action ended 9:42:42: RemoveGroupAndRightsFromReg. Return value 1.
Action start 9:42:42: UninstallSplunkServiceData.
Action ended 9:42:42: UninstallSplunkServiceData. Return value 1.
Action start 9:42:42: UninstallSplunkService.
Action ended 9:42:42: UninstallSplunkService. Return value 1.
Action start 9:42:42: UninstallRegmonDrvData.
Action ended 9:42:42: UninstallRegmonDrvData. Return value 1.
Action start 9:42:42: UninstallRegmonDrv.
Action ended 9:42:42: UninstallRegmonDrv. Return value 1.
Action start 9:42:42: UninstallNetmonDrvData.
Action ended 9:42:42: UninstallNetmonDrvData. Return value 1.
Action start 9:42:42: UninstallNetmonDrv.
Action ended 9:42:42: UninstallNetmonDrv. Return value 1.
Action start 9:42:42: UninstallNohandleDrvData.
Action ended 9:42:42: UninstallNohandleDrvData. Return value 1.
Action start 9:42:42: UninstallNohandleDrv.
Action ended 9:42:42: UninstallNohandleDrv. Return value 1.
Action start 9:42:42: RemoveFiles.
Action ended 9:42:42: RemoveFiles. Return value 0.
Action start 9:42:42: RemoveSplunkHomeData.
Action ended 9:42:42: RemoveSplunkHomeData. Return value 1.
Action start 9:42:42: RemoveSplunkHome.
Action ended 9:42:42: RemoveSplunkHome. Return value 1.
Action start 9:42:42: InstallFiles.
Action ended 9:42:42: InstallFiles. Return value 1.
Action start 9:42:42: SetAclsData.
Action ended 9:42:42: SetAclsData. Return value 1.
Action start 9:42:42: SetAcls.
Action ended 9:42:42: SetAcls. Return value 1.
Action start 9:42:42: EnableEventLogsData.
Action ended 9:42:42: EnableEventLogsData. Return value 1.
Action start 9:42:42: EnableEventLogs.
Action ended 9:42:42: EnableEventLogs. Return value 1.
Action start 9:42:42: StartSplunkServiceData.
Action ended 9:42:42: StartSplunkServiceData. Return value 1.
Action start 9:42:42: StartSplunkService.
Action ended 9:42:42: StartSplunkService. Return value 1.
Action start 9:42:42: RegisterUser.
Action ended 9:42:42: RegisterUser. Return value 0.
Action start 9:42:42: RegisterProduct.
Action ended 9:42:42: RegisterProduct. Return value 1.
Action start 9:42:42: PublishFeatures.
Action ended 9:42:42: PublishFeatures. Return value 1.
Action start 9:42:42: PublishProduct.
Action ended 9:42:42: PublishProduct. Return value 1.
Action start 9:42:42: InstallFinalize.
StopSplunkServiceDef:  Warning: Invalid property ignored: FailCA=.
StopSplunkServiceDef:  Info: Properties: splunkHome: C:\Program Files\SplunkUniversalForwarder, svcName: SplunkForwarder.
StopSplunkServiceDef:  Info: Enter.
StopSplunkServiceDef:  Info: SplunkForwarder service does not exists.
RemoveAccountFromGroups:  Warning: Invalid property ignored: FailCA=.
RemoveAccountFromGroups:  Warn: empty user name from registry
RemoveRightsFromRegistry:  Warning: Invalid property ignored: FailCA=.
RemoveRightsFromRegistry:  Warn: cannot open key: SYSTEM\CurrentControlSet\services\SplunkForwarder.
RemoveRightsFromRegistry:  Warn: cannot RemoveRightsFromRegistry.
RemoveGroupAndRightsFromReg:  Warning: Invalid property ignored: FailCA=.
RemoveGroupAndRightsFromReg:  Info: key SYSTEM\CurrentControlSet\services\SplunkForwarder\ObjectName not found in registry
RemoveGroupAndRightsFromReg:  Info: key SYSTEM\CurrentControlSet\services\SplunkForwarder\RemoveAccountRights not found in registry
RemoveGroupAndRightsFromReg:  Info: key SYSTEM\CurrentControlSet\services\SplunkForwarder\RemoveLocalGroups not found in registry
UninstallSplunkService:  Warning: Invalid property ignored: FailCA=.
UninstallSplunkService:  Info: Properties: splunkHome: C:\Program Files\SplunkUniversalForwarder, svcName: SplunkForwarder.
UninstallSplunkService:  Info: Enter.
UninstallSplunkService:  Info: SplunkForwarder service does not exists.
UninstallRegmonDrv:  Warning: Invalid property ignored: FailCA=.
UninstallRegmonDrv:  Info: Driver inf file: C:\Program Files\SplunkUniversalForwarder\bin\splunkdrv-win6.inf.
UninstallRegmonDrv:  Info: Enter.
UninstallRegmonDrv:  Info: Service: splunkdrv-win6, state: 1.
UninstallRegmonDrv:  Info: splunkdrv-win6 service does not exists.
UninstallRegmonDrv:  Error: DriverPackageUninstall failed with: 0x3.
UninstallRegmonDrv:  Warning: Failed to uninstall regmon driver.
UninstallNetmonDrv:  Warning: Invalid property ignored: FailCA=.
UninstallNetmonDrv:  Info: Driver inf file: C:\Program Files\SplunkUniversalForwarder\bin\splknetdrv-vista.inf.
UninstallNetmonDrv:  Info: Enter.
UninstallNetmonDrv:  Info: Service: splknetdrv, state: 1.
UninstallNetmonDrv:  Info: splknetdrv service does not exists.
UninstallNetmonDrv:  Error: DriverPackageUninstall failed with: 0x3.
UninstallNetmonDrv:  Warning: Failed to uninstall netmon driver.
UninstallNohandleDrv:  Warning: Invalid property ignored: FailCA=.
UninstallNohandleDrv:  Info: Driver inf file: C:\Program Files\SplunkUniversalForwarder\bin\SplunkMonitorNoHandleDrv-vista.inf.
UninstallNohandleDrv:  Info: Enter.
UninstallNohandleDrv:  Info: Service: SplunkMonitorNoHandle, state: 1.
UninstallNohandleDrv:  Info: SplunkMonitorNoHandle service does not exists.
UninstallNohandleDrv:  Error: DriverPackageUninstall failed with: 0x3.
UninstallNohandleDrv:  Warning: Failed to uninstall nohandle driver driver.
RemoveSplunkHome:  Warning: Invalid property ignored: KeepSplunkHome=.
RemoveSplunkHome:  Info: Remove SPLUNK_HOME directory.
RemoveSplunkHome:  Info: Enter. Args: rmdir /s /q "C:\Program Files\SplunkUniversalForwarder", 
RemoveSplunkHome:  Info: Execute string: cmd.exe /c "rmdir /s /q "C:\Program Files\SplunkUniversalForwarder"  >> "C:\Users\hcjkfadm\AppData\Local\Temp\splunk.log" 

2>&1"
RemoveSplunkHome:  Info: WaitForSingleObject returned : 0x0
RemoveSplunkHome:  Info: Exit code for process : 0x2
RemoveSplunkHome:  Info: Leave.
RemoveSplunkHome:  Warn: Failed to remove C:\Program Files\SplunkUniversalForwarder directory
SetAcls:  Warning: Invalid property ignored: FailCA=.
SetAcls:  Info: SetAcls: Apply admin ACLS to: C:\Program Files\SplunkUniversalForwarder\etc.
SetAcls:  Info: Enter. Args: icacls, "C:\Program Files\SplunkUniversalForwarder\etc" /T /C /grant *S-1-5-32-544:f
SetAcls:  Info: Execute string: cmd.exe /c "icacls "C:\Program Files\SplunkUniversalForwarder\etc" /T /C /grant *S-1-5-32-544:f >> "C:\Users\hcjkfadm\AppData\Local

\Temp\splunk.log" 2>&1"
SetAcls:  Info: WaitForSingleObject returned : 0x0
SetAcls:  Info: Exit code for process : 0x0
SetAcls:  Info: Leave.
SetAcls:  Info: SetAcls: Apply admin ACLS to: C:\Program Files\SplunkUniversalForwarder\var.
SetAcls:  Info: Enter. Args: icacls, "C:\Program Files\SplunkUniversalForwarder\var" /T /C /grant *S-1-5-32-544:f
SetAcls:  Info: Execute string: cmd.exe /c "icacls "C:\Program Files\SplunkUniversalForwarder\var" /T /C /grant *S-1-5-32-544:f >> "C:\Users\hcjkfadm\AppData\Local

\Temp\splunk.log" 2>&1"
SetAcls:  Info: WaitForSingleObject returned : 0x0
SetAcls:  Info: Exit code for process : 0x0
SetAcls:  Info: Leave.
EnableEventLogs:  Warning: Invalid property ignored: App=.
EnableEventLogs:  Warning: Invalid property ignored: Sec=.
EnableEventLogs:  Warning: Invalid property ignored: Sys=.
EnableEventLogs:  Warning: Invalid property ignored: Fwd=.
EnableEventLogs:  Warning: Invalid property ignored: Set=.
EnableEventLogs:  Warning: Invalid property ignored: FailCA=.
EnableEventLogs:  Warning: No event log is enabled. Skip the action.
StartSplunkService:  Warning: Invalid property ignored: FailCA=.
StartSplunkService:  Info: Properties: splunkHome: C:\Program Files\SplunkUniversalForwarder, svcName: SplunkForwarder, launch splunk: 1.
StartSplunkService:  Info: Enter.
StartSplunkService:  Error: SplunkForwarder service does not exists.
StartSplunkService:  Error 0x80004005: Splunkd service does not exist.
CustomAction StartSplunkService returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 9:42:58: InstallFinalize. Return value 3.
Action ended 9:42:58: INSTALL. Return value 3.
Property(S): UpgradeCode = {64B13631-6664-4F23-AFE2-98FCE86920BD}
Property(S): SET_ADMIN_USER = 1
Property(S): INSTALLDIR = C:\Program Files\SplunkUniversalForwarder\
Property(S): dirA5528701EE26FFBF346CCE20EE8ACE99 = C:\Program Files\SplunkUniversalForwarder\bin\
Property(S): dirE99B67BA83CA9B283DA87308D2AB32C0 = C:\Program Files\SplunkUniversalForwarder\bin\scripts\
Property(S): dir3E02976F57563947ADB6A8038DF4FCEF = C:\Program Files\SplunkUniversalForwarder\etc\
Property(S): dirFB7FAFCA28F7419DE35973B35C5D283E = C:\Program Files\SplunkUniversalForwarder\etc\apps\introspection_generator_addon\bin\
Property(S): dirA4925C017BDFD103F37D0BDE702E9C43 = C:\Program Files\SplunkUniversalForwarder\etc\apps\introspection_generator_addon\default\
Property(S): dir7C2F815EE2C9E7DBE85066CF5B056987 = C:\Program Files\SplunkUniversalForwarder\etc\apps\learned\default\
Property(S): dir28F70AA0D15CA730061DB84FFE88D805 = C:\Program Files\SplunkUniversalForwarder\etc\apps\learned\metadata\
Property(S): dir0ABBB45398994B5C89841ED05851776C = C:\Program Files\SplunkUniversalForwarder\etc\apps\search\default\
Property(S): dir05B2167CF0ED7EFD2AD93158875F568C = C:\Program Files\SplunkUniversalForwarder\etc\apps\search\lookups\
Property(S): dir66FC566CEF189328CCCC8589311D2503 = C:\Program Files\SplunkUniversalForwarder\etc\apps\search\metadata\
Property(S): dir2D2122E4CFDE8C263EEE7452554D6DA2 = C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\
Property(S): dirF389DCA026B8D0A2E829970DE12F66F0 = C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\metadata\
Property(S): dir2A81299A0652E91159BE1994DD92316A = C:\Program Files\SplunkUniversalForwarder\etc\auth\
Property(S): dir67189055EBCF5D1437F0A9D30368ED9C = C:\Program Files\SplunkUniversalForwarder\etc\deployment-apps\
Property(S): dirA6241AC9F2CFDD1D7D4327FB5A124C92 = C:\Program Files\SplunkUniversalForwarder\etc\disabled-apps\
Property(S): dir3F2ED1881D5C561B698B737D96419537 = C:\Program Files\SplunkUniversalForwarder\etc\modules\input\exec\
Property(S): dir3C58D8B9DB7081CC9C009A2FA233FFFD = C:\Program Files\SplunkUniversalForwarder\etc\modules\input\fschangemanager\
Property(S): dir623F2857FD6CE56C0C7472F3CF4B157E = C:\Program Files\SplunkUniversalForwarder\etc\modules\input\structuredparsing\
Property(S): dirAAE2EA6FF6BFF3615E0F6ECB4F8B8317 = C:\Program Files\SplunkUniversalForwarder\etc\modules\input\tailfile\
Property(S): dir40C5047ABE9F85BC416CF37384338C22 = C:\Program Files\SplunkUniversalForwarder\etc\modules\input\TCP\
Property(S): dir500C5AB468B41B12914CAFC92914BB04 = C:\Program Files\SplunkUniversalForwarder\etc\modules\input\UDP\
Property(S): dir350E86D3D8394619D5C56BE268AB8C03 = C:\Program Files\SplunkUniversalForwarder\etc\modules\input\wineventlog\
Property(S): dir08A71AA8240CE634F2916BD8FD86AE9D = C:\Program Files\SplunkUniversalForwarder\etc\modules\input\winparsing\
Property(S): dir36980B38D75840D0DF3C22965AFE352F = C:\Program Files\SplunkUniversalForwarder\etc\modules\parsing\
Property(S): dirEA4E77DDDE1ED87692CD92A2F7477FDA = C:\Program Files\SplunkUniversalForwarder\etc\myinstall\
Property(S): dir62FE35BBE7BD45CAEAB9D4261B2C1DA9 = C:\Program Files\SplunkUniversalForwarder\etc\shcluster\apps\
Property(S): dir7A9E1C63375946BEF53B8BCD2F9EB32B = C:\Program Files\SplunkUniversalForwarder\etc\shcluster\users\
Property(S): dir5320F257A67DB36A4CED85E00FC63DD0 = C:\Program Files\SplunkUniversalForwarder\etc\system\bin\
Property(S): dirBAC85229BB4A3494F5ECCB42AA1B824B = C:\Program Files\SplunkUniversalForwarder\etc\system\default\
Property(S): dirD3351CCE95594E87E2CC36C1024B5B4C = C:\Program Files\SplunkUniversalForwarder\etc\system\local\
Property(S): dir858D19BEE324185B277CA79FFC48EDEE = C:\Program Files\SplunkUniversalForwarder\etc\system\metadata\
Property(S): dir5083584ADFC4261D3780F7B66CB3B7B3 = C:\Program Files\SplunkUniversalForwarder\etc\system\README\
Property(S): dir087F918F10A120B6907E2460F0868A49 = C:\Program Files\SplunkUniversalForwarder\etc\system\static\
Property(S): dirCC4BF51C3FB0120CE9B785729700549B = C:\Program Files\SplunkUniversalForwarder\lib\
Property(S): dir9777D8246D1EFF4BCE1BBB3725F54761 = C:\Program Files\SplunkUniversalForwarder\share\
Property(S): dirD3369B4CFA7BF6DCB57584A7F452CA0A = C:\Program Files\SplunkUniversalForwarder\share\splunk\
Property(S): dir9DF6D6597089BA01028EE58CBBF75736 = C:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\
Property(S): WixUIRMOption = UseRM
Property(S): _UICertFile = UICertFile
Property(S): _UIRootCertFile = UIRootCertFile
Property(S): _UIMonPath = UIMonPath
Property(S): UIUseLocalSystem = 1
Property(S): UIUseBundledTA = 1
Property(S): _UIWinTAPath = UIWinTAPath
Property(S): WIXUI_INSTALLDIR = INSTALLDIR
Property(S): ALLUSERS = 1
Property(S): ARPNOMODIFY = yes
Property(S): ARPINSTALLLOCATION = C:\Program Files\SplunkUniversalForwarder\
Property(S): SetAcls = SplunkHome=C:\Program Files\SplunkUniversalForwarder\;FailCA=
Property(S): RemoveAccountFromGroups = SplunkSvcName=SplunkForwarder;FailCA=
Property(S): EnableEventLogs = SplunkHome=C:\Program Files\SplunkUniversalForwarder\;App=; Sec=; Sys=;Fwd=; Set=;FailCA=
Property(S): RemoveGroupAndRightsFromReg = SplunkSvcName=SplunkForwarder;FailCA=
Property(S): RemoveRightsFromRegistry = SplunkSvcName=SplunkForwarder;FailCA=
Property(S): StartSplunkService = SplunkHome=C:\Program Files\SplunkUniversalForwarder\;SplunkSvcName=SplunkForwarder;LaunchSplunk=1;FailCA=
Property(S): StopSplunkServiceDef = SplunkHome=C:\Program Files\SplunkUniversalForwarder\;SplunkSvcName=SplunkForwarder;FailCA=
Property(S): UninstallSplunkService = SplunkHome=C:\Program Files\SplunkUniversalForwarder\;SplunkSvcName=SplunkForwarder;FailCA=
Property(S): UninstallRegmonDrv = SplunkHome=C:\Program Files\SplunkUniversalForwarder\;FailCA=
Property(S): UninstallNetmonDrv = SplunkHome=C:\Program Files\SplunkUniversalForwarder\;FailCA=
Property(S): UninstallNohandleDrv = SplunkHome=C:\Program Files\SplunkUniversalForwarder\;FailCA=
Property(S): RemoveSplunkHome = SplunkHome=C:\Program Files\SplunkUniversalForwarder\;KeepSplunkHome=
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): TARGETDIR = C:\
Property(S): SourceDir = C:\temp\
Property(S): dirFB744D04EDFDCD8AF58A1449ABBAD45F = C:\Program Files\SplunkUniversalForwarder\etc\apps\introspection_generator_addon\
Property(S): dirB06939592AE1B7F84A5F1802888016F6 = C:\Program Files\SplunkUniversalForwarder\etc\apps\
Property(S): dir1ACCD951EA5C77FB92B36E8AB9382509 = C:\Program Files\SplunkUniversalForwarder\etc\apps\learned\
Property(S): dir302A0E4D0E8A28D4161D5640B55896DC = C:\Program Files\SplunkUniversalForwarder\etc\apps\search\
Property(S): dir060491FD1B1F02D6FE725F0B7611F71E = C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\
Property(S): dir4B3ADB252806E43AB420F8399AC61D45 = C:\Program Files\SplunkUniversalForwarder\etc\modules\input\
Property(S): dir613AD2632481811E0F84C80F31F4CD56 = C:\Program Files\SplunkUniversalForwarder\etc\modules\
Property(S): dir6EEC3061DFBF56B9D6D2F8CBEC90FE26 = C:\Program Files\SplunkUniversalForwarder\etc\shcluster\
Property(S): dirCFB1DCA36329665F066AABF5013AECA9 = C:\Program Files\SplunkUniversalForwarder\etc\system\
Property(S): Installed = 00:00:00
Property(S): Manufacturer = Splunk, Inc.
Property(S): ProductCode = {E9FDEF0E-18D8-4DC9-A263-1539E24FCCF1}
Property(S): ProductLanguage = 1033
Property(S): ProductName = UniversalForwarder
Property(S): ProductVersion = 6.2.3.264376
Property(S): ARPPRODUCTICON = WixSplunkIcon
Property(S): DefaultUIFont = WixUI_Font_Normal
Property(S): WixUI_Mode = InstallDir
Property(S): ErrorDialog = ErrorDlg
Property(S): SplunkSvcName = SplunkForwarder
Property(S): UIShowTADialog = 0
Property(S): UIRecvIdxValid = 0
Property(S): DoNotInstallDrivers = 1
Property(S): SplunkX86Msi = 0
Property(S): UICustomize = 0
Property(S): AGREETOLICENSE = Yes
Property(S): LAUNCHSPLUNK = 1
Property(S): os_OK = 1
Property(S): MSIRESTARTMANAGERCONTROL = Disable
Property(S): MSIDISABLERMRESTART = 1
Property(S): MSIRMSHUTDOWN = 2
Property(S): LEGACYDRV = 1
Property(S): AdminProperties = 

AGREETOLICENSE;CERTFILE;CERTPASSWORD;CLONEPREP;DEPLOYMENT_SERVER;DoNotInstallDrivers;ENABLEADMON;FAILCA;FORCEINSTALLDRIVERS;KEEPSPLUNKHOME;LAUNCHSPLUNK;LEGACYDRV;LOGON

_PASSWORD;LOGON_USERNAME;MONITOR_PATH;NEWERVERSIONDETECTED;os_OK;OtherSplunkProductsPresent;PERFMON;PREVPRODUCTCODE;RECEIVING_INDEXER;ROOTCACERTFILE;SET_ADMIN_USER;SPL

UNKD_PORT;UIAdmon;UIApplicationLog;UICertFile;UICertPassword;UIConfirmCertPassword;UIConfirmDomainPassword;UIDeplSrv;UIDeplSrvPort;UIDomainAccount;UIDomainPassword;UIF

orwardedEventsLog;UIMonPath;UINoDeplSrvOrIndexer;UIPerfCpu;UIPerfDisk;UIPerfMemory;UIPerfNetstat;UIRecvIdx;UIRecvIdxPort;UIRootCertFile;UISecurityLog;UISetupLog;UISyst

emLog;UIWinTAPath;WINDOWS_TA_LOCATION;WINDOWS_TA_VERSION;WINEVENTLOG_APP_ENABLE;WINEVENTLOG_FWD_ENABLE;WINEVENTLOG_SEC_ENABLE;WINEVENTLOG_SET_ENABLE;WINEVENTLOG_SYS_EN

ABLE
Property(S): SecureCustomProperties = ARPNOMODIFY;NEWERVERSIONDETECTED;PREVPRODUCTCODE
Property(S): MsiHiddenProperties = LOGON_PASSWORD;SetupServiceConfig
Property(S): MsiLogFileLocation = C:\temp\log.txt
Property(S): PackageCode = {D4CB9A66-98C1-43CE-9E20-3AEE5DE423A3}
Property(S): ProductState = 5
Property(S): ProductToBeRegistered = 1
Property(S): CURRENTDIRECTORY = C:\temp
Property(S): CLIENTUILEVEL = 3
Property(S): CLIENTPROCESSID = 1316
Property(S): PRODUCTLANGUAGE = 1033
Property(S): VersionDatabase = 200
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 601
Property(S): VersionNT64 = 601
Property(S): WindowsBuild = 7601
Property(S): ServicePackLevel = 1
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 3
Property(S): WindowsFolder = C:\Windows\
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\Windows\system32\
Property(S): SystemFolder = C:\Windows\SysWOW64\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\hcjkfadm\AppData\Local\Temp\
Property(S): ProgramFilesFolder = C:\Program Files (x86)\
Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\hcjkfadm\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\hcjkfadm\Favorites\
Property(S): NetHoodFolder = C:\Users\hcjkfadm\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\hcjkfadm\Documents\
Property(S): PrintHoodFolder = C:\Users\hcjkfadm\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\hcjkfadm\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\hcjkfadm\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): LocalAppDataFolder = C:\Users\hcjkfadm\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\hcjkfadm\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 2048
Property(S): VirtualMemory = 3423
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = hcjkfadm
Property(S): UserSID = S-1-5-21-1085031214-1292428093-527237240-1180986
Property(S): UserLanguageID = 1033
Property(S): ComputerName = REDACTED
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 19
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 9:42:58
Property(S): Date = 6/16/2015
Property(S): MsiNetAssemblySupport = 2.0.50727.5483
Property(S): MsiWin32AssemblySupport = 6.1.7601.17514
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Windows User
Property(S): DATABASE = C:\Windows\Installer\2cb0b28b.msi
Property(S): OriginalDatabase = C:\temp\splunkforwarder-6.2.3-264376-x64-release.msi
Property(S): UILevel = 2
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = C:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): INSTALLLEVEL = 1
Property(S): SourcedirProduct = {E9FDEF0E-18D8-4DC9-A263-1539E24FCCF1}
Property(S): SOURCEDIR = C:\temp\
MSI (s) (9C:C4) [09:42:58:460]: Product: UniversalForwarder -- Configuration failed.

MSI (s) (9C:C4) [09:42:58:460]: Windows Installer reconfigured the product. Product Name: UniversalForwarder. Product Version: 6.2.3.264376. Product Language: 1033. 

Manufacturer: Splunk, Inc.. Reconfiguration success or error status: 1603.

=== Logging stopped: 6/16/2015  9:42:58 ===

0 Karma

fdi01
Motivator
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...