Re: KV Store process terminated abnormally (exit c...

rayar · ‎12-01-2021

Hi

I am getting

KV Store process terminated abnormally (exit code 14, status exited with code 14). See mongod.log and splunkd.log for details.

I have stopped splunk and moved mongod folder and started it again

I am getting now

2021-12-01T13:55:55.528Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2021-12-01T13:55:55.545Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2021-12-01T13:55:55.545Z F - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1120
2021-12-01T13:55:55.545Z F - [main]
***aborting after fassert() failure

and I want to regenerate server.pem

just to confirm this is the right command

$SPLUNK_HOME/bin/splunk createssl

what are the risks ?

rayar · ‎12-01-2021

I tried but it fails and I am getting

12-01-2021 19:06:26.395 +0200 WARN ConfigEncryptor - Invalid setting for server.conf/[general]/legacyCiphers
12-01-2021 19:06:26.395 +0200 ERROR ConfigEncryptor - server.conf/[general]/legacyCiphers is misconfigured.
12-01-2021 19:06:26.400 +0200 WARN ConfigEncryptor - Invalid setting for server.conf/[general]/legacyCiphers
12-01-2021 19:06:26.400 +0200 ERROR ConfigEncryptor - server.conf/[general]/legacyCiphers is misconfigured.
12-01-2021 19:06:26.400 +0200 WARN ConfigEncryptor - Invalid setting for server.conf/[general]/legacyCiphers
12-01-2021 19:06:26.400 +0200 ERROR ConfigEncryptor - server.conf/[general]/legacyCiphers is misconfigured.
12-01-2021 19:06:26.400 +0200 INFO ServerConfig - No '' certificate found. Splunkd communication will not work without this. If this is a fresh installation, this should be OK.

isoutamo · ‎12-01-2021

After that restart splunk should create a new certificate. Can you validate it now with splunk cmd openssl command?

isoutamo · ‎12-01-2021

Here is an old post for this https://community.splunk.com/t5/Knowledge-Management/Can-you-help-me-with-the-following-mongod-kvsto...

rayar · ‎12-01-2021

I have removed the server.pem and restarted the Splunk server and it didn't work

was not able to login Splunk

this is the reason I wanted to renew the server.pem manually

[splunk@ilissplsh01 bin]$ openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
notAfter=Nov 17 08:28:40 2021 GMT
[splunk@ilissplsh01 bin]$

isoutamo · ‎12-01-2021

Can you restore the mongod folder back to it’s original place and then try restart again without cert?

rayar · ‎12-04-2021

I have resolved it working with Splunk support , some server.conf configuration was missing

we are still investigating

Muwafi · ‎06-11-2022

Hello @rayar , have you solved this issue ? if so, would you please update us and post the solution here?

Thanks

rayar · ‎06-12-2022

sorry its a very old issue I don't remember what was the solution

KV Store process terminated abnormally (exit code 14, status exited with code 14). See mongod.log and splunkd.log for de

Linux

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation