Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Windows Server 2012 - Splunkd Service Access Denied

UserFriendly
Engager
‎02-03-2013 12:50 AM

We're having a bit of an issue with our new Splunk install on Windows Server 2012. The Splunkd and Splunkweb services will not start when using a domain service account. They fail with a "Access Denied" message.

We're using a Domain Admin account and have verified that the following Local Policies were set for it:

Permission to log on as a service

Permission to log on as a batch job

Permission to replace a process-level token

Permission to act as part of the operating system

Permission to bypass traverse checking

I also verified that we do not have "Permission to log on as a service" set as a GPO - so that shouldn't be overiding the local policy.

Has anyone else had any experience with this? I've been racking my brain for 2 days trying to figure this one out and would greatly appreciate any direction in the matter. Thanks!

0 Karma
Reply

UserFriendly
Engager
‎02-05-2013 03:58 PM

In case anyone else is encountering this issue:

We fixed this in a kind of roundabout way. The Splunk server was a Server 2012 on a VMware VM. I had to go in and disable the hotplug ability on the guest. This allowed the services to run under a domain service account but for some reason it cut off all network access to the server.

I then added a second NIC, booted up the VM and network connectivity was restored but the services failed again. After that I shutdown the machine, removed the new NIC and powered back on. For some reason network connectivity is restored and the splunk services are running under the domain account. I will update this entry as I find more information.

Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...