Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why this error, Unable to install Universal Forwarder on Windows Server 2022 (error 1603)?

kyuubyhades
Loves-to-Learn
‎02-22-2023 08:40 AM

Hi everybody,

 

I've been struggling for hours to install splunks universal forwarder on windows server 2022.

Here's the msiexec logs : https://drive.google.com/file/d/1NtNN9mT97-gbwprIc4cCAec5mi7Jhl6H/view?usp=sharing 

Help 😛

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-22-2023 11:17 PM

Hi @kyuubyhades,

I suppose that you're trying to install a forwarder with version greater than 8.2.5, that's the first version certified for Windows Server 2022.

It's a strange error because the installation pachege doesn't find some files.

See in $TEMP$\splunk.log and in $SPLUNK_HOME\var\log\splunk\first_install.log if there some additional information

I hint at first to try on another server Windows 2022 to understand if it's alocal issue or general, then anyway to open a case to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply

kyuubyhades
Loves-to-Learn
‎02-22-2023 11:23 PM

Thanks for the tip @gcusello ,

I am indeed installing it with the latest version available.

I finally managed to install it yesterday once i removed all existing files created by the other install attempts.

I still don't understand why i couldn't install it the first x times i tried.

Best regards 🙂

 

0 Karma
Reply

cbreitenstrom
Engager
‎08-15-2024 12:27 AM

Hi,

according to the log, our customer has exactly the same error. Will try to convince them, to uninstall UF completely and install once again.

Their first install ended with:

SetAccountType:  Error 0x80004005: Cannot set USE_ADMIN_USER=1 since the local users/groups are not available on Domain Controllers.

May be this installation trial causes the failure later on...

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-15-2024 01:19 AM

OK. That actually makes sense. I'm no AD expert but indeed as far as I remember you cannot use local accounts on domain controllers - all "local" accounts are indeed domain accounts. If this is not described in the forwarder installation manual, it could be worth posting a feedback (there is a feedback form on the bottom of every doc page).

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-22-2023 11:25 PM

Hi @kyuubyhades,

good for you, if one answer solves your need, please accept one answer for the other people of Community or tell me how I can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...