Getting Data In

Why am I getting error "Splunk Enterprise Setup Wizard ended prematurely" trying a fresh install of Splunk 6.2.2 -255606-x64 on Windows 2012 R2 x64?

avinashb
New Member

Hi,

I was trying to do a fresh install of Splunk Enterprise(splunk-6.2.2-255606-x64-release) on Windows 2012 R2 Standard x64,
As per the instruction manual, i have created users, groups, computers, group policy etc all that is required and then tried to install Splunk Enterprise as a domain account, but i keep getting the error as in below screenshot ("Splunk Enterprise Setup Wizard ended prematurely").
I am also attaching my log for your reference.
Any idea what might be causing this ?

Error Image Link - https://www.dropbox.com/s/ffkv453d1e8i76o/Splunk%20Error.jpg?dl=0
Log File Link - https://www.dropbox.com/s/lh6hbn784mje7rc/splunk.log?dl=0


System Information

 Operating System: Windows Server 2012 R2 Standard 64-bit
       Language: English (Regional Setting: English)

System Manufacturer: Dell Inc.
System Model: XPS 8700
Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz (8 CPUs), ~3.6GHz
Memory: 16384MB RAM
Available OS Memory: 16336MB RAM

Display Memory: 256 MB

Thanks,
Avi.

0 Karma

htidore
Path Finder

I had the same problem on Windows 2012 and solved it by doing the following:
1. Open Command Prompt as Administrator and Run msiexec /i splunkfilename.msi

2. Enter username in the form of Domain\username

santosh_sshanbh
Explorer

I am also facing the same problem on newly setup VM's running Windows 2019.  Tried all the options suggested here but no success. 

0 Karma

sdinh
Engager

This had been troubling me for a while, there was no right click 'Run as administrator' option for me.

I resolved this by running CMD as Administrator, then launching the installer from within CMD!

Worked a treat! Hope this helps.

molinarf
Communicator

Not sure if this will answer your question as this is what I did.

Avi -

I installed the previous version 6.1.2-213098-x64. What I noticed was that when you were doing a custom installation and it asks you if you want to use a local account or another, if you select other it will show you when you enter the user's name it has to follow this format:

Domain\username.

When installing and you reach that point, you may want to use that format.

Give it a try. As for me, installing the previous version which installed properly allowed me to then upgrade to version 6.2.3-264376-x64.

Good Luck

Robert

vriestimo
Engager

Entering a username with a backslash in it indeed solves the issue.

0 Karma

JDeonarain
Engager

Worked like a charm- thanks!

0 Karma

Blinda101
Observer

Yes. Using Domain\username Worked for me.
Thanks molinarf

0 Karma

molinarf
Communicator

I am currently experiencing the same problem. I have done the same things that Avi tried, but no luck. I am installing using a service account that has domain administrator privileges.

0 Karma

ewicher
New Member

Hi!
I had the same problem and I solved it by installing splunk under local account and afterwards I changed the owner of the whole splunk directory as well as the account the splunkd service is started as to the domain user. Works for my without problems.

Hope this helps!

0 Karma

avinashb
New Member

As per the earlier log file i found there was a error "unable to write random state e is 65537 (0x10001)", i fixed it by modifying my randfile environment variables and then tried a re-install but still installation was not successful.
This time around the log file had no errors related to random state but it appeared to be a upgrade rather than fresh installation, so i tried checking my programs list to uninstall any splunk that got installed and found nothing but i did find some installation files stored in the "Program Files" folder, can i jus delete them and try installation. (the files have been listed below for reference)

C:\Program Files
Splunk
etc
Python-2.7
share
var

As per this "http://answers.splunk.com/answers/42112/splunk-install-error-on-windows.html" i tried deleting the two splunk services but keep getting the error that none of these services exist.

So now how do i delete these existing splunk installation files ?
Is there anything else i need to take care before doing the fresh installation to make sure the error for which this topic was started wouldn't happen ?

Thank You.

0 Karma

butterslol
Engager

Hi I was also getting these errors, but I managed to resolve it by running the .msi as an Administrator.

Give that a go, either add your user account to the computer's local administrators group, or open a powershell as administrator and run

msiexec <splunk installer filename>.msi

0 Karma

avinashb
New Member

Hello butterslol,

Thank you for the reply.

I did try running the .msi as an administrator, tried with domain admin account as well as local admin account but still no luck 😞 .......

Do let me know anyother options u want me to try.....

Thanks,
Avi.

0 Karma

retter
New Member

Try prefixing the domain account with your domain NetBIOS name

0 Karma

avinashb
New Member

Hello Ritter,
I did that, but still keep getting same error while performing the installation.

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...