Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure MSA to start splunk service

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-28-2017 02:04 AM

How to configure MSA to start splunk service.

http://docs.splunk.com/Documentation/Splunk/6.5.1/Installation/ChoosetheuserSplunkshouldrunas

Some important things to understand before you install Splunk Enterprise with an MSA are:

The MSA requires the same permissions as a domain account on the machine that runs Splunk Enterprise.
The MSA must be a local administrator on the machine that runs Splunk Enterprise.
You cannot use the same account on different machines, as you would with a domain account.
You must correctly configure and install the MSA on the machine that runs Splunk Enterprise before you install Splunk Enterprise on the machine. See Service Accounts Step-by-Step Guide on MS Technet.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-28-2017 03:02 AM

http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/PrepareyourWindowsnetworkforaSplunkin...

Some important things to understand before you install Splunk Enterprise with an MSA are:

The MSA requires the same permissions as a domain account on the machine that runs Splunk Enterprise.
The MSA must be a local administrator on the machine that runs Splunk Enterprise.
You cannot use the same account on different machines, as you would with a domain account.
You must correctly configure and install the MSA on the machine that runs Splunk Enterprise before you install Splunk Enterprise on the machine. See Service Accounts Step-by-Step Guide on MS Technet.

Configuration steps:

1-) On the AD Domain Controller Open powershell as administrator

$> New-ADServiceAccount -Name -DNSHostName -enabled $true
$> Add-ADComputerServiceAccount -identity -serviceaccount

$> Set-ADServiceAccount -Identity -PrincipalsAllowedToRetrieveManagedPassword $

2-) On the target server where splunk UF is installed, stop the splunk service and Open powershell as administrator
Target computer where the MSA is going to be running. Ensure the following features are enabled:
-Active Directory Module for Windows PowerShell
-.NET Framework 3.5.1 Feature

$> Import-Module activedirectory
$> Install-ADServiceAccount -Identity

$> Install splunk universal forwarder. open services.msc and stop the service.

Next make sure that the service account has the privileges to access to the splunk installation directory.

open services.msc and go to the properties of the service and change the log on to service account. Leave the password field blank.

Start the service

View solution in original post

Reply
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-28-2017 03:02 AM

http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/PrepareyourWindowsnetworkforaSplunkin...

Some important things to understand before you install Splunk Enterprise with an MSA are:

The MSA requires the same permissions as a domain account on the machine that runs Splunk Enterprise.
The MSA must be a local administrator on the machine that runs Splunk Enterprise.
You cannot use the same account on different machines, as you would with a domain account.
You must correctly configure and install the MSA on the machine that runs Splunk Enterprise before you install Splunk Enterprise on the machine. See Service Accounts Step-by-Step Guide on MS Technet.

Configuration steps:

1-) On the AD Domain Controller Open powershell as administrator

$> New-ADServiceAccount -Name -DNSHostName -enabled $true
$> Add-ADComputerServiceAccount -identity -serviceaccount

$> Set-ADServiceAccount -Identity -PrincipalsAllowedToRetrieveManagedPassword $

2-) On the target server where splunk UF is installed, stop the splunk service and Open powershell as administrator
Target computer where the MSA is going to be running. Ensure the following features are enabled:
-Active Directory Module for Windows PowerShell
-.NET Framework 3.5.1 Feature

$> Import-Module activedirectory
$> Install-ADServiceAccount -Identity

$> Install splunk universal forwarder. open services.msc and stop the service.

Next make sure that the service account has the privileges to access to the splunk installation directory.

open services.msc and go to the properties of the service and change the log on to service account. Leave the password field blank.

Start the service

Reply
Get Updates on the Splunk Community!

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Index This | What is the next number in the series? 7,645 5,764 4,576…

February 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...