Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Windows Server 2012 - Splunkd Service Access Denied

UserFriendly
Engager
‎02-03-2013 12:50 AM

We're having a bit of an issue with our new Splunk install on Windows Server 2012. The Splunkd and Splunkweb services will not start when using a domain service account. They fail with a "Access Denied" message.

We're using a Domain Admin account and have verified that the following Local Policies were set for it:

Permission to log on as a service

Permission to log on as a batch job

Permission to replace a process-level token

Permission to act as part of the operating system

Permission to bypass traverse checking

I also verified that we do not have "Permission to log on as a service" set as a GPO - so that shouldn't be overiding the local policy.

Has anyone else had any experience with this? I've been racking my brain for 2 days trying to figure this one out and would greatly appreciate any direction in the matter. Thanks!

0 Karma
Reply

UserFriendly
Engager
‎02-05-2013 03:58 PM

In case anyone else is encountering this issue:

We fixed this in a kind of roundabout way. The Splunk server was a Server 2012 on a VMware VM. I had to go in and disable the hotplug ability on the guest. This allowed the services to run under a domain service account but for some reason it cut off all network access to the server.

I then added a second NIC, booted up the VM and network connectivity was restored but the services failed again. After that I shutdown the machine, removed the new NIC and powered back on. For some reason network connectivity is restored and the splunk services are running under the domain account. I will update this entry as I find more information.

Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...