Installation

How to configure MSA to start splunk service

mbagali_splunk
Splunk Employee
Splunk Employee

How to configure MSA to start splunk service.

http://docs.splunk.com/Documentation/Splunk/6.5.1/Installation/ChoosetheuserSplunkshouldrunas

Some important things to understand before you install Splunk Enterprise with an MSA are:

The MSA requires the same permissions as a domain account on the machine that runs Splunk Enterprise.
The MSA must be a local administrator on the machine that runs Splunk Enterprise.
You cannot use the same account on different machines, as you would with a domain account.
You must correctly configure and install the MSA on the machine that runs Splunk Enterprise before you install Splunk Enterprise on the machine. See Service Accounts Step-by-Step Guide on MS Technet.

Tags (1)
0 Karma
1 Solution

mbagali_splunk
Splunk Employee
Splunk Employee

http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/PrepareyourWindowsnetworkforaSplunkin...

Some important things to understand before you install Splunk Enterprise with an MSA are:

The MSA requires the same permissions as a domain account on the machine that runs Splunk Enterprise.
The MSA must be a local administrator on the machine that runs Splunk Enterprise.
You cannot use the same account on different machines, as you would with a domain account.
You must correctly configure and install the MSA on the machine that runs Splunk Enterprise before you install Splunk Enterprise on the machine. See Service Accounts Step-by-Step Guide on MS Technet.

Configuration steps:

1-) On the AD Domain Controller Open powershell as administrator

$> New-ADServiceAccount -Name -DNSHostName -enabled $true
$> Add-ADComputerServiceAccount -identity -serviceaccount

$> Set-ADServiceAccount -Identity -PrincipalsAllowedToRetrieveManagedPassword $

2-) On the target server where splunk UF is installed, stop the splunk service and Open powershell as administrator
Target computer where the MSA is going to be running. Ensure the following features are enabled:
-Active Directory Module for Windows PowerShell
-.NET Framework 3.5.1 Feature

$> Import-Module activedirectory
$> Install-ADServiceAccount -Identity

$> Install splunk universal forwarder. open services.msc and stop the service.

Next make sure that the service account has the privileges to access to the splunk installation directory.

open services.msc and go to the properties of the service and change the log on to service account. Leave the password field blank.

Start the service

View solution in original post

mbagali_splunk
Splunk Employee
Splunk Employee

http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/PrepareyourWindowsnetworkforaSplunkin...

Some important things to understand before you install Splunk Enterprise with an MSA are:

The MSA requires the same permissions as a domain account on the machine that runs Splunk Enterprise.
The MSA must be a local administrator on the machine that runs Splunk Enterprise.
You cannot use the same account on different machines, as you would with a domain account.
You must correctly configure and install the MSA on the machine that runs Splunk Enterprise before you install Splunk Enterprise on the machine. See Service Accounts Step-by-Step Guide on MS Technet.

Configuration steps:

1-) On the AD Domain Controller Open powershell as administrator

$> New-ADServiceAccount -Name -DNSHostName -enabled $true
$> Add-ADComputerServiceAccount -identity -serviceaccount

$> Set-ADServiceAccount -Identity -PrincipalsAllowedToRetrieveManagedPassword $

2-) On the target server where splunk UF is installed, stop the splunk service and Open powershell as administrator
Target computer where the MSA is going to be running. Ensure the following features are enabled:
-Active Directory Module for Windows PowerShell
-.NET Framework 3.5.1 Feature

$> Import-Module activedirectory
$> Install-ADServiceAccount -Identity

$> Install splunk universal forwarder. open services.msc and stop the service.

Next make sure that the service account has the privileges to access to the splunk installation directory.

open services.msc and go to the properties of the service and change the log on to service account. Leave the password field blank.

Start the service

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...