Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Windows Server 2012 - Splunkd Service Access Denied

UserFriendly
Engager
‎02-03-2013 12:50 AM

We're having a bit of an issue with our new Splunk install on Windows Server 2012. The Splunkd and Splunkweb services will not start when using a domain service account. They fail with a "Access Denied" message.

We're using a Domain Admin account and have verified that the following Local Policies were set for it:

Permission to log on as a service

Permission to log on as a batch job

Permission to replace a process-level token

Permission to act as part of the operating system

Permission to bypass traverse checking

I also verified that we do not have "Permission to log on as a service" set as a GPO - so that shouldn't be overiding the local policy.

Has anyone else had any experience with this? I've been racking my brain for 2 days trying to figure this one out and would greatly appreciate any direction in the matter. Thanks!

0 Karma
Reply

UserFriendly
Engager
‎02-05-2013 03:58 PM

In case anyone else is encountering this issue:

We fixed this in a kind of roundabout way. The Splunk server was a Server 2012 on a VMware VM. I had to go in and disable the hotplug ability on the guest. This allowed the services to run under a domain service account but for some reason it cut off all network access to the server.

I then added a second NIC, booted up the VM and network connectivity was restored but the services failed again. After that I shutdown the machine, removed the new NIC and powered back on. For some reason network connectivity is restored and the splunk services are running under the domain account. I will update this entry as I find more information.

Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...