I'm attempting to run a Splunk Forwarder installation with parameters that specify the LOGON_USERNAME with a managed service account. The command line is as follows:
msiexec.exe /i splunkforwarder-7.0.3-fa31da744b51-x64-release.msi /l*v D:\splunk_install.log /qr AGREETOLICENSE=Yes INSTALLDIR="D:\SplunkUniversalForwarder" SPLUNK_PASSWORD="secret" SET_ADMIN_USER=0 LOGON_USERNAME="domain\gmsa_splunk$" LOGON_PASSWORD="" DEPLOYMENT_SERVER="ds:8089"
It appears that the installation is completing, but fails at the service start up...at which point the installation completely rolls back. Since MSAs manage their own passwords, i've attempted to exclude the LOGON_PASSWORD option, as well as specifying an empty string, but the results are the same.
This error is generated in the install log:
MSI (s) (98:C8) [15:41:24:855]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSID935.tmp, Entrypoint: StartSplunkServiceCA StartSplunkService: Warning: Invalid property ignored: FailCA=. StartSplunkService: Info: Properties: splunkHome: D:\SplunkUniversalForwarder, svcName: SplunkForwarder, launch splunk: 1. StartSplunkService: Info: Enter. StartSplunkService: Info: service SplunkForwarder already exists StartSplunkService: Info: Leave. StartSplunkService: Info: Enter. Args: "D:\SplunkUniversalForwarder\bin\splunk.exe", start --answer-yes --no-prompt --accept-license --auto-ports StartSplunkService: Info: Execute string: cmd.exe /c ""D:\SplunkUniversalForwarder\bin\splunk.exe" start --answer-yes --no-prompt --accept-license --auto-ports >> "C:\Users\user\AppData\Local\Temp\splunk.log" 2>&1" StartSplunkService: Info: WaitForSingleObject returned : 0x0 StartSplunkService: Info: Exit code for process : 0x4 StartSplunkService: Info: Leave. StartSplunkService: Error: ExecCmd failed: 0x4. StartSplunkService: Error 0x80004005: Cannot start splunkd service.
Does anyone know if it's possible to install Splunk in this manner? Installing as Local System, and updating the service to start as the MSA works fine, but wanted to try and configure this in one shot.
Thanks for any ideas here!
There are some details here:
But, yes, managed service accounts create and maintain their own passwords, so there isn't a need to provide one via the command line.
Just some additional detail on this...the issue I was having above was related to testing on a Windows 7 machine. I have been able to install the Splunk forwarder using command line arguments, but since i specified a password of 'empty string', the services wouldn't come up. I ended up resetting the services logon settings for the user and was able to successfully start the services.
Did anyone get the splunkd service working with a gMSA?
Even if i configure it manually, i get permissions issues running the services.
In addition the DBConnect addon fails to start...