Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why this error, Unable to install Universal Forwarder on Windows Server 2022 (error 1603)?

kyuubyhades
Loves-to-Learn
‎02-22-2023 08:40 AM

Hi everybody,

 

I've been struggling for hours to install splunks universal forwarder on windows server 2022.

Here's the msiexec logs : https://drive.google.com/file/d/1NtNN9mT97-gbwprIc4cCAec5mi7Jhl6H/view?usp=sharing 

Help 😛

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-22-2023 11:17 PM

Hi @kyuubyhades,

I suppose that you're trying to install a forwarder with version greater than 8.2.5, that's the first version certified for Windows Server 2022.

It's a strange error because the installation pachege doesn't find some files.

See in $TEMP$\splunk.log and in $SPLUNK_HOME\var\log\splunk\first_install.log if there some additional information

I hint at first to try on another server Windows 2022 to understand if it's alocal issue or general, then anyway to open a case to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply

kyuubyhades
Loves-to-Learn
‎02-22-2023 11:23 PM

Thanks for the tip @gcusello ,

I am indeed installing it with the latest version available.

I finally managed to install it yesterday once i removed all existing files created by the other install attempts.

I still don't understand why i couldn't install it the first x times i tried.

Best regards 🙂

 

0 Karma
Reply

cbreitenstrom
Engager
‎08-15-2024 12:27 AM

Hi,

according to the log, our customer has exactly the same error. Will try to convince them, to uninstall UF completely and install once again.

Their first install ended with:

SetAccountType:  Error 0x80004005: Cannot set USE_ADMIN_USER=1 since the local users/groups are not available on Domain Controllers.

May be this installation trial causes the failure later on...

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-15-2024 01:19 AM

OK. That actually makes sense. I'm no AD expert but indeed as far as I remember you cannot use local accounts on domain controllers - all "local" accounts are indeed domain accounts. If this is not described in the forwarder installation manual, it could be worth posting a feedback (there is a feedback form on the bottom of every doc page).

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-22-2023 11:25 PM

Hi @kyuubyhades,

good for you, if one answer solves your need, please accept one answer for the other people of Community or tell me how I can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...