Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Installation
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- Difficulty on installing Splunk UF 8.2.4 on Server...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Difficulty on installing Splunk UF 8.2.4 on Server 2019
rajyah
Communicator
11-10-2022
08:34 AM
Hi everyone,
I'm currently having a difficulty installing a UF in one of our Microsoft Server 2019 that is residing as VM via Hyper-V.
Please do take note that this is a fresh installation of universal forwarder in this machine. Also, this server is acting as a domain controller and we would like to get its logs.
Kindly show me the way since I have been searching for hours and could not find a proper answer for this. Also, I would like to avoid doing a reformatting on this specific machine just to install the UF. Thank you.
This shows the logs:
12:23:30 AM
C:\Windows\system32\cmd.exe /c "C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\SplunkUniversalForwarder\bin\splunkdrv.inf >> "C:\Users\ADMINI~1\AppData\Local\Temp\splunk.log" 2>&1"
12:23:34 AM
C:\Windows\system32\cmd.exe /c "C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\SplunkUniversalForwarder\bin\splknetdrv.inf >> "C:\Users\ADMINI~1\AppData\Local\Temp\splunk.log" 2>&1"
12:23:37 AM
C:\Windows\system32\cmd.exe /c "C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\SplunkUniversalForwarder\bin\SplunkMonitorNoHandleDrv.inf >> "C:\Users\ADMINI~1\AppData\Local\Temp\splunk.log" 2>&1"
12:23:40 AM
C:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal first-time-run --answer-yes --no-prompt >> "C:\Users\ADMINI~1\AppData\Local\Temp\splunk.log" 2>&1"
This appears to be your first time running this version of Splunk.
12:23:40 AM
C:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt >> "C:\Users\ADMINI~1\AppData\Local\Temp\splunk.log" 2>&1"
The certificate generation script did not generate the expected certificate file:C:\Program Files\SplunkUniversalForwarder\etc\auth\server.pem. Splunkd port communication will not work.
SSL certificate generation failed.
Creating: C:\Program Files\SplunkUniversalForwarder\var\lib\splunk
Creating: C:\Program Files\SplunkUniversalForwarder\var\run\splunk
Creating: C:\Program Files\SplunkUniversalForwarder\var\run\splunk\appserver\i18n
Creating: C:\Program Files\SplunkUniversalForwarder\var\run\splunk\appserver\modules\static\css
Creating: C:\Program Files\SplunkUniversalForwarder\var\run\splunk\upload
Creating: C:\Program Files\SplunkUniversalForwarder\var\run\splunk\search_telemetry
Creating: C:\Program Files\SplunkUniversalForwarder\var\spool\splunk
Creating: C:\Program Files\SplunkUniversalForwarder\var\spool\dirmoncache
Creating: C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\authDb
Creating: C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\hashDb
12:23:45 AM
C:\Windows\system32\cmd.exe /c "C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 128 C:\Program Files\SplunkUniversalForwarder\bin\SplunkMonitorNoHandleDrv.inf >> "C:\Users\ADMINI~1\AppData\Local\Temp\splunk.log" 2>&1"
12:23:47 AM
C:\Windows\system32\cmd.exe /c "C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 128 C:\Program Files\SplunkUniversalForwarder\bin\splknetdrv.inf >> "C:\Users\ADMINI~1\AppData\Local\Temp\splunk.log" 2>&1"
12:23:49 AM
C:\Windows\system32\cmd.exe /c "C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 128 C:\Program Files\SplunkUniversalForwarder\bin\splunkdrv.inf >> "C:\Users\ADMINI~1\AppData\Local\Temp\splunk.log" 2>&1"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jho-splunk
Splunk Employee
11-10-2022
08:53 AM
Hi @rajyah,
I'm afraid we'll need a Process Monitor log to troubleshoot this further, but unfortunately they're too big to attach here so I'd suggest opening a case with Splunk Support.
Cheers,
- Jo.
Get Updates on the Splunk Community!
Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA
Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...
.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...
If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...
A Season of Skills: New Splunk Courses to Light Up Your Learning Journey
There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...
