Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Why are our 6.4.1 universal forwarders unable to c...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have a new deployment server (also acting as search head) installed on Windows Server 2012 R2 with version 6.4.1.
I have multiple Universal Forwarders installed on misc Windows OS (2008 R2, 2012, 2012 R2) with version 6.4.1
Deployment Server is enabled (confirmed with Splunk CLI), has a local serverclass.conf, a deployed app (TA_Windows), all looks fine from Splunk Web.
All UF are enabled as deployment client :
deploymentclient.conf
[target-broker:deploymentServer]
targetUri = <FQDN>:8089
Required firewall ports are opened, and I confirm server is listening on tcp/8089.
However, none of the clients are able to handshake with the server (even those on same subnet than server).
Enabling DEBUG log, I see the following on client side :
06-04-2016 07:37:01.962 +0000 DEBUG DC:PhonehomeThread - PhonehomeThread::main top-of-loop, DC state=Initial
06-04-2016 07:37:01.962 +0000 DEBUG DC:PhonehomeThread - Attempting handshake
06-04-2016 07:37:01.962 +0000 DEBUG DC:DeploymentClient - Sending message <handshake/> to tenantService/handshake
06-04-2016 07:37:01.962 +0000 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
06-04-2016 07:37:01.962 +0000 DEBUG DC:PhonehomeThread - Handshake not yet finished; will retry every 12.0sec
06-04-2016 07:37:01.962 +0000 DEBUG DC:PhonehomeThread - Phonehome thread will wait for 12.0sec (1)
On server, nothing very useful...
06-04-2016 07:22:53.222 +0000 DEBUG ClientSessionsManager - After running metrics, |_newClients|=0 |_existingClients|=0
06-04-2016 07:23:24.223 +0000 DEBUG ClientSessionsManager - Before running metrics, |_newClients|=0 |_existingClients|=0
06-04-2016 07:23:24.223 +0000 DEBUG ClientSessionsManager - After running metrics, |_newClients|=0 |_existingClients|=0
06-04-2016 07:23:55.222 +0000 DEBUG ClientSessionsManager - Before running metrics, |_newClients|=0 |_existingClients|=0
Any idea? This is a brand new install. I already did a similar setup in the past and it works without problem. Servers are new, this is the latest Splunk version, but I cannot see any other difference.
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
for unknown reason, my deployment server was configured to use a custom port... Very likely I made a mistake in my configuration. Problem resolved.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
for unknown reason, my deployment server was configured to use a custom port... Very likely I made a mistake in my configuration. Problem resolved.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I think the problem is with the firewall, have you try open the outgoing in the new server. Maybe the incoming port 8089 is open but the firewall is cutting all outgoing
Hope i help you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
firewall requirements are properly implemented (see my comment about that in question)... Thanks for your suggestion in any case.
Unlock Database Monitoring with Splunk Observability Cloud
Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All
[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk
