Solved: Re: New Install of Splunk - Rollback occurs near t...

trtracy · ‎09-12-2022

Brand new VM server. Fresh copy of Splunk 9.0 install file. Running installer with elevated privileges. Selecting Domain Account option in wizard. Account used is member of Domain Admins. Account listed in Security Policy as member to Allow Login Locally. Generated log file for install but nothing in it shows a error. All these were suggestions to look at if install is not working that I found online. Yet, it still fails doing the install and does a rollback. Any other suggestions? Thanks

jho-splunk · ‎09-14-2022

Hi @trtracy ,

Aha!

> net helpmsg (0x421)

The account name is invalid or does not exist, or the password is invalid for the account name specified.

So the logon username and/or password are incorrect. Are you supplying the full domain user account name (e.g., "ACMECORP\splunk-service" and not just "splunk-service")?

Cheers,

- Jo.

View solution in original post

trtracy · ‎09-13-2022

first_install.log contains 4 lines that just list the version, build, product and platform. Its Windows Server 2019. The VM has 4 CPU and 24GB of memory.

gcusello · ‎09-13-2022

Hi @trtracy,

your Hardware dotation isn't correct, Splunk requires at least 12 CPUs and 12 GB RAM.

This shouldn't be relevant for the installation that should run without problems, it's only relevant in normal running or if you try to open a case to Splunk Support and probably you'll have to do it.

I hint to call Splunk Support.

Ciao.

Giuseppe

trtracy · ‎09-13-2022

Changed to 12 CPU's and 16GB memory. Same issue. I think its a permission issue but the logs are not telling me much.

gcusello · ‎09-13-2022

Hi @trtracy,

as I said hardware isn't relevant for the problem, but now you can open a case to Splunk Support.

Ciao.

Giuseppe

jho-splunk · ‎09-13-2022

Hi @trtracy ,

Please see the following reply for instructions on how to troubleshoot: https://community.splunk.com/t5/Installation/Install-issue-on-Server-2016/m-p/540173/highlight/true#...

Cheers,

- Jo.

trtracy · ‎09-13-2022

MSI (s) (A8!58) [08:34:26:146]: Closing MSIHANDLE (279) of type 790531 for thread 6232
MSI (s) (A8:E4) [08:34:26:161]: Closing MSIHANDLE (259) of type 790536 for thread 5160
MSI (s) (A8:28) [08:34:26:161]: Executing op: ActionStart(Name=SetupServiceConfig,,)
Action 8:34:26: SetupServiceConfig.
MSI (s) (A8:28) [08:34:26:161]: Executing op: CustomActionSchedule(Action=SetupServiceConfig,ActionType=11265,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) (A8:28) [08:34:26:161]: Creating MSIHANDLE (280) of type 790536 for thread 5160
MSI (s) (A8:24) [08:34:26:161]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI6F52.tmp, Entrypoint: SetupServiceConfigCA
MSI (s) (A8!68) [08:34:26:286]: Creating MSIHANDLE (281) of type 790531 for thread 3176
SetupServiceConfig: Warning: Invalid property ignored: EnableApp=.
MSI (s) (A8!68) [08:34:26:286]: Closing MSIHANDLE (281) of type 790531 for thread 3176
MSI (s) (A8!68) [08:34:26:286]: Creating MSIHANDLE (282) of type 790531 for thread 3176
SetupServiceConfig: Warning: Invalid property ignored: FailCA=.
MSI (s) (A8!68) [08:34:26:286]: Closing MSIHANDLE (282) of type 790531 for thread 3176
MSI (s) (A8!68) [08:34:26:286]: Creating MSIHANDLE (283) of type 790531 for thread 3176
SetupServiceConfig: Error: ChangeServiceConfig failed 0x421
MSI (s) (A8!68) [08:34:26:286]: Closing MSIHANDLE (283) of type 790531 for thread 3176
MSI (s) (A8!68) [08:34:26:286]: Creating MSIHANDLE (284) of type 790531 for thread 3176
SetupServiceConfig: Error 0x80004005: Cannot setup splunkd service.
MSI (s) (A8!68) [08:34:26:286]: Closing MSIHANDLE (284) of type 790531 for thread 3176
CustomAction SetupServiceConfig returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (A8:24) [08:34:26:286]: Closing MSIHANDLE (280) of type 790536 for thread 5160
Action ended 8:34:26: InstallFinalize. Return value 3.

jho-splunk · ‎09-14-2022

Hi @trtracy ,

Aha!

> net helpmsg (0x421)

The account name is invalid or does not exist, or the password is invalid for the account name specified.

So the logon username and/or password are incorrect. Are you supplying the full domain user account name (e.g., "ACMECORP\splunk-service" and not just "splunk-service")?

Cheers,

- Jo.

trtracy · ‎09-14-2022

When I supply the domain name I get invalid account on the dialog box prompting for this information. I assumed this field for the account name did not like a slash in the name so I continued without it because it went on to the next screen without it. I assumed incorrectly again that if I'm using the same account to log into the computer that I'm using in this field for the install, it would know I'm a member of that domain.

What I just tested was adding .local to the end of the domain name and worked. Thank you for finding the solution. Funny on how some things you do in windows only need the domain name while others need the TLD extension as well such as in this case.

gcusello · ‎09-12-2022

Hi @trtracy,

what's your Windows OS?

What does the installation log contain ($SPLUNK_HOME\var\log\splunk\first_install.log)?

if it's one of the Splunk supported (Windows 10, Windows Server 2016, 2019, 2022, you can see this at https://www.splunk.com/en_us/download/splunk-enterprise.html), the only way is opening a Case to the Splunk Support sending them the installation log.

Ciao.

Giuseppe

New Install of Splunk - Rollback occurs near the end of install negating install?

Windows

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation