Installation

Rolling back error

Puu
Explorer

None of the solutions on here work. I tried running as an admin but still same error. I could install it on a different laptop without any problems. What can I compare between these 2 machines? Also, on the machine it is not installing, in the programfiles\Splunk\etc\system\local there are 2 CONF files(authentication and user- seed). Any suggestions?

0 Karma

jho-splunk
Splunk Employee
Splunk Employee

Hi @Puu,

Did you follow the instructions here: https://community.splunk.com/t5/Installation/Install-issue-on-Server-2016/m-p/540173/highlight/true#...?  What did the log say?

Cheers,

 

 - Jo.

 

0 Karma

Puu
Explorer

Hey Jo,

I can't find any log files. I can only get the two conf files which have my credentials. Do I try to get the logs before the roll back happens?

0 Karma

jho-splunk
Splunk Employee
Splunk Employee

Hi @Puu,

Apologies---I linked the wrong bit.  Try here: https://community.splunk.com/t5/Installation/Install-issue-on-Server-2016/m-p/540173/highlight/true#...

Cheers,

 

 - Jo.

 

0 Karma

Puu
Explorer

This is the msiexec.log

=== Verbose logging started: 05-05-2021 19:20:04 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\Windows\SysWOW64\msiexec.exe ===
MSI (c) (C4:34) [19:20:05:000]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (C4:34) [19:20:05:000]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (C4:64) [19:20:05:022]: Resetting cached policy values
MSI (c) (C4:64) [19:20:05:022]: Machine policy value 'Debug' is 0
MSI (c) (C4:64) [19:20:05:022]: ******* RunEngine:
******* Product: splunk-8.1.2-545206cc9f70-x64-release.msi
******* Action:
******* CommandLine: **********
MSI (c) (C4:64) [19:20:05:023]: Note: 1: 2203 2: splunk-8.1.2-545206cc9f70-x64-release.msi 3: -2147287038
MSI (c) (C4:64) [19:20:05:023]: MainEngineThread is returning 2
=== Verbose logging stopped: 05-05-2021 19:20:05 ===

--------------------------------------------------------------------------------------------

This is the splunk.log

8:40:00 PM
C:\Windows\system32\cmd.exe /c "C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\Splunk\bin\splunkdrv.inf >> "C:\Users\NIKHIL~1\AppData\Local\Temp\splunk.log" 2>&1"
8:40:00 PM
C:\Windows\system32\cmd.exe /c "C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 128 C:\Program Files\Splunk\bin\splunkdrv.inf >> "C:\Users\NIKHIL~1\AppData\Local\Temp\splunk.log" 2>&1"

0 Karma

jho-splunk
Splunk Employee
Splunk Employee

Hi @Puu,

That's the entire log?

This may be easier to troubleshoot on Community Slack.  Are you a member?  If not you can sign up here: https://docs.splunk.com/Documentation/Community/1.0/community/Chat#Join_us_on_Slack

My name is "j.ho".

Cheers,

 

 - Jo.

 

0 Karma

Puu
Explorer

Yes, that is all I could find unfortunately.

Okay, I will join there.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...