Installation
Highlighted

Installation with gMSA/MSA

Explorer

I'm attempting to run a Splunk Forwarder installation with parameters that specify the LOGON_USERNAME with a managed service account. The command line is as follows:

msiexec.exe /i splunkforwarder-7.0.3-fa31da744b51-x64-release.msi /l*v D:\splunk_install.log /qr AGREETOLICENSE=Yes INSTALLDIR="D:\SplunkUniversalForwarder"  SPLUNK_PASSWORD="secret" SET_ADMIN_USER=0 LOGON_USERNAME="domain\gmsa_splunk$" LOGON_PASSWORD="" DEPLOYMENT_SERVER="ds:8089"

It appears that the installation is completing, but fails at the service start up...at which point the installation completely rolls back. Since MSAs manage their own passwords, i've attempted to exclude the LOGON_PASSWORD option, as well as specifying an empty string, but the results are the same.

This error is generated in the install log:

MSI (s) (98:C8) [15:41:24:855]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSID935.tmp, Entrypoint: StartSplunkServiceCA
StartSplunkService:  Warning: Invalid property ignored: FailCA=.
StartSplunkService:  Info: Properties: splunkHome: D:\SplunkUniversalForwarder, svcName: SplunkForwarder, launch splunk: 1.
StartSplunkService:  Info: Enter.
StartSplunkService:  Info: service SplunkForwarder already exists
StartSplunkService:  Info: Leave.
StartSplunkService:  Info: Enter. Args: "D:\SplunkUniversalForwarder\bin\splunk.exe", start --answer-yes --no-prompt --accept-license --auto-ports
StartSplunkService:  Info: Execute string: cmd.exe /c ""D:\SplunkUniversalForwarder\bin\splunk.exe" start --answer-yes --no-prompt --accept-license --auto-ports >> "C:\Users\user\AppData\Local\Temp\splunk.log" 2>&1"
StartSplunkService:  Info: WaitForSingleObject returned : 0x0
StartSplunkService:  Info: Exit code for process : 0x4
StartSplunkService:  Info: Leave.
StartSplunkService:  Error: ExecCmd failed: 0x4.
StartSplunkService:  Error 0x80004005: Cannot start splunkd service.

Does anyone know if it's possible to install Splunk in this manner? Installing as Local System, and updating the service to start as the MSA works fine, but wanted to try and configure this in one shot.

Thanks for any ideas here!

Labels (1)
0 Karma
Highlighted

Re: Installation with gMSA/MSA

SplunkTrust
SplunkTrust

Do I get this right?
You want to install Splunk UF with a certain service account, but without using that account's password?
Also, what is a MSA?

0 Karma
Highlighted

Re: Installation with gMSA/MSA

Explorer

There are some details here:

http://docs.splunk.com/Documentation/Splunk/7.1.0/Installation/ChoosetheuserSplunkshouldrunas

But, yes, managed service accounts create and maintain their own passwords, so there isn't a need to provide one via the command line.

0 Karma
Highlighted

Re: Installation with gMSA/MSA

SplunkTrust
SplunkTrust

Mh, never heard of that, but I'm also not really a Windows admin guy, so thanks for the update 🙂

0 Karma
Highlighted

Re: Installation with gMSA/MSA

Explorer

Just some additional detail on this...the issue I was having above was related to testing on a Windows 7 machine. I have been able to install the Splunk forwarder using command line arguments, but since i specified a password of 'empty string', the services wouldn't come up. I ended up resetting the services logon settings for the user and was able to successfully start the services.

0 Karma
Highlighted

Re: Installation with gMSA/MSA

Path Finder

Did anyone get the splunkd service working with a gMSA?

Even if i configure it manually, i get permissions issues running the services.

In addition the DBConnect addon fails to start...

Any ideas?

0 Karma
Highlighted

Re: Installation with gMSA/MSA

New Member

Hi, @davidjohnbeckettorb splunkd with gMSA working here.

Quite old question...

0 Karma