I've installed the forwarded on several other domain controllers in our environment but these last 2 keep failing, throwing the all too enigmatic "setup ended prematurely" error.  "Like a F-18 bro!"

They are Windows Server 2019
9.0 forwarder 64-bit installer
Regardless that the log states "SplunkForwarder already exists"; there is no current installation of the forwarder (but I have attempted it several times)

The logs don't seem to have any intel I find useful, but maybe you all have a better secret decoder ring?

msiexec.log:

splunk.log:

Other than a few of these types of details "input type=perfmon because it already exists" still unsure of the problem:

12:51:47 PM
C:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd splunkd rest --noauth POST /servicesNS/nobody/SplunkUniversalForwarder/data/outputs/tcp/server "name=REDACTED:9997" >> "C:\Users\control\AppData\Local\Temp\splunk.log" 2>&1"
HTTP/1.1 400 Bad Request
Date: Thu, 08 Sep 2022 16:51:47 GMT
Expires: Thu, 26 Oct 1978 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/xml; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Length: 170
Connection: Close
X-Frame-Options: SAMEORIGIN
Server: Splunkd
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">REDACTED:9997 forwarded-server already present</msg>
</messages>
</response>
12:51:47 PM
C:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd splunkd rest --noauth POST /servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/localhost lookup_host=localhost^&logs=Application^&logs=Security^&logs=System^&logs=ForwardedEvents^&logs=Setup >> "C:\Users\control\AppData\Local\Temp\splunk.log" 2>&1"
HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 16:51:49 GMT
Expires: Thu, 26 Oct 1978 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/xml; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Length: 4477
Connection: Close
X-Frame-Options: SAMEORIGIN
Server: Splunkd
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>win-event-log-collections</title>
<id>/servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections</id>
<updated>2022-09-08T12:51:49-04:00</updated>
<generator build="6818ac46f2ec" version="9.0.0"/>
<author>
<name>Splunk</name>
</author>
<link href="/servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/_new" rel="create"/>
<link href="/servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/_acl" rel="_acl"/>
<opensearch:totalResults>1</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>localhost</title>
<id>/servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/localhost</id>
<updated>1969-12-31T19:00:00-05:00</updated>
<link href="/servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/localhost" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/localhost" rel="list"/>
<link href="/servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/localhost/_reload" rel="_reload"/>
<link href="/servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/localhost" rel="edit"/>
<content type="text/xml">
<s:dict>
<s:key name="disabled">0</s:key>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">SplunkUniversalForwarder</s:key>
<s:key name="can_list">1</s:key>
<s:key name="can_write">1</s:key>
<s:key name="modifiable">0</s:key>
<s:key name="owner">nobody</s:key>
<s:key name="perms">
<s:dict>
<s:key name="read">
<s:list>
<s:item>admin</s:item>
<s:item>power</s:item>
<s:item>splunk-system-role</s:item>
<s:item>user</s:item>
</s:list>
</s:key>
<s:key name="write">
<s:list>
<s:item>admin</s:item>
<s:item>splunk-system-role</s:item>
</s:list>
</s:key>
</s:dict>
</s:key>
<s:key name="removable">1</s:key>
<s:key name="sharing">app</s:key>
</s:dict>
</s:key>
<s:key name="hosts">localhost</s:key>
<s:key name="index">default</s:key>
<s:key name="logs">
<s:list>
<s:item>Application</s:item>
<s:item>ForwardedEvents</s:item>
<s:item>Security</s:item>
<s:item>Setup</s:item>
<s:item>System</s:item>
</s:list>
</s:key>
<s:key name="lookup_host">localhost</s:key>
<s:key name="name">localhost</s:key>
</s:dict>
</content>
</entry>
</feed>
12:51:49 PM
C:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd splunkd rest --noauth POST /servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-perfmon "name=CPU%20Load&interval=10&object=Processor&counters=%25%20Processor%20Time%3B%25%20User%20Time&instances=_Total" >> "C:\Users\control\AppData\Local\Temp\splunk.log" 2>&1"
HTTP/1.1 400 Bad Request
Date: Thu, 08 Sep 2022 16:51:51 GMT
Expires: Thu, 26 Oct 1978 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/xml; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Length: 199
Connection: Close
X-Frame-Options: SAMEORIGIN
Server: Splunkd
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Cannot create object id=CPU Load of input type=perfmon because it already exists.</msg>
</messages>
</response>
12:51:51 PM
C:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd splunkd rest --noauth POST /servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-perfmon "name=Available%20Memory&interval=10&object=Memory&counters=Available%20Bytes" >> "C:\Users\control\AppData\Local\Temp\splunk.log" 2>&1"
HTTP/1.1 400 Bad Request
Date: Thu, 08 Sep 2022 16:51:52 GMT
Expires: Thu, 26 Oct 1978 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/xml; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Length: 207
Connection: Close
X-Frame-Options: SAMEORIGIN
Server: Splunkd
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Cannot create object id=Available Memory of input type=perfmon because it already exists.</msg>
</messages>
</response>
12:51:52 PM
C:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd splunkd rest --noauth POST /servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-perfmon "name=Free%20Disk%20Space&interval=3600&object=LogicalDisk&instances=_Total&counters=Free%20Megabytes%3B%25%20Free%20Space" >> "C:\Users\control\AppData\Local\Temp\splunk.log" 2>&1"
HTTP/1.1 400 Bad Request
Date: Thu, 08 Sep 2022 16:51:54 GMT
Expires: Thu, 26 Oct 1978 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/xml; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Length: 206
Connection: Close
X-Frame-Options: SAMEORIGIN
Server: Splunkd
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Cannot create object id=Free Disk Space of input type=perfmon because it already exists.</msg>
</messages>
</response>
12:51:54 PM
C:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd splunkd rest --noauth POST /servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-perfmon "name=Network%20Interface&interval=10&object=Network%20Interface&counters=Bytes%20Received%2Fsec%3BBytes%20Sent%2Fsec&instances=*" >> "C:\Users\control\AppData\Local\Temp\splunk.log" 2>&1"
HTTP/1.1 400 Bad Request
Date: Thu, 08 Sep 2022 16:51:56 GMT
Expires: Thu, 26 Oct 1978 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/xml; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Length: 208
Connection: Close
X-Frame-Options: SAMEORIGIN
Server: Splunkd
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Cannot create object id=Network Interface of input type=perfmon because it already exists.</msg>
</messages>
</response>
12:51:56 PM
C:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd splunkd rest --noauth POST /servicesNS/nobody/SplunkUniversalForwarder/admin/deploymentclient/deployment-client targetUri=REDACTED:8089 >> "C:\Users\control\AppData\Local\Temp\splunk.log" 2>&1"
HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 16:51:56 GMT
Expires: Thu, 26 Oct 1978 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/xml; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Length: 1832
Connection: Close
X-Frame-Options: SAMEORIGIN
Server: Splunkd
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable