Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure MSA to start splunk service

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-28-2017 02:04 AM

How to configure MSA to start splunk service.

http://docs.splunk.com/Documentation/Splunk/6.5.1/Installation/ChoosetheuserSplunkshouldrunas

Some important things to understand before you install Splunk Enterprise with an MSA are:

The MSA requires the same permissions as a domain account on the machine that runs Splunk Enterprise.
The MSA must be a local administrator on the machine that runs Splunk Enterprise.
You cannot use the same account on different machines, as you would with a domain account.
You must correctly configure and install the MSA on the machine that runs Splunk Enterprise before you install Splunk Enterprise on the machine. See Service Accounts Step-by-Step Guide on MS Technet.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-28-2017 03:02 AM

http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/PrepareyourWindowsnetworkforaSplunkin...

Some important things to understand before you install Splunk Enterprise with an MSA are:

The MSA requires the same permissions as a domain account on the machine that runs Splunk Enterprise.
The MSA must be a local administrator on the machine that runs Splunk Enterprise.
You cannot use the same account on different machines, as you would with a domain account.
You must correctly configure and install the MSA on the machine that runs Splunk Enterprise before you install Splunk Enterprise on the machine. See Service Accounts Step-by-Step Guide on MS Technet.

Configuration steps:

1-) On the AD Domain Controller Open powershell as administrator

$> New-ADServiceAccount -Name -DNSHostName -enabled $true
$> Add-ADComputerServiceAccount -identity -serviceaccount

$> Set-ADServiceAccount -Identity -PrincipalsAllowedToRetrieveManagedPassword $

2-) On the target server where splunk UF is installed, stop the splunk service and Open powershell as administrator
Target computer where the MSA is going to be running. Ensure the following features are enabled:
-Active Directory Module for Windows PowerShell
-.NET Framework 3.5.1 Feature

$> Import-Module activedirectory
$> Install-ADServiceAccount -Identity

$> Install splunk universal forwarder. open services.msc and stop the service.

Next make sure that the service account has the privileges to access to the splunk installation directory.

open services.msc and go to the properties of the service and change the log on to service account. Leave the password field blank.

Start the service

View solution in original post

Reply
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎11-28-2017 03:02 AM

http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/PrepareyourWindowsnetworkforaSplunkin...

Some important things to understand before you install Splunk Enterprise with an MSA are:

The MSA requires the same permissions as a domain account on the machine that runs Splunk Enterprise.
The MSA must be a local administrator on the machine that runs Splunk Enterprise.
You cannot use the same account on different machines, as you would with a domain account.
You must correctly configure and install the MSA on the machine that runs Splunk Enterprise before you install Splunk Enterprise on the machine. See Service Accounts Step-by-Step Guide on MS Technet.

Configuration steps:

1-) On the AD Domain Controller Open powershell as administrator

$> New-ADServiceAccount -Name -DNSHostName -enabled $true
$> Add-ADComputerServiceAccount -identity -serviceaccount

$> Set-ADServiceAccount -Identity -PrincipalsAllowedToRetrieveManagedPassword $

2-) On the target server where splunk UF is installed, stop the splunk service and Open powershell as administrator
Target computer where the MSA is going to be running. Ensure the following features are enabled:
-Active Directory Module for Windows PowerShell
-.NET Framework 3.5.1 Feature

$> Import-Module activedirectory
$> Install-ADServiceAccount -Identity

$> Install splunk universal forwarder. open services.msc and stop the service.

Next make sure that the service account has the privileges to access to the splunk installation directory.

open services.msc and go to the properties of the service and change the log on to service account. Leave the password field blank.

Start the service

Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...