Upgrading to Splunk 8.2.2 with MSI fails on Window...

54638 · ‎08-26-2021

I am having trouble upgrading to Splunk 8.2.2 from 8.0.4.1. I keep getting that annoying 1603 error, but I can't seem to fix it. I've already tried re-propagating permissions for the folders and various re-registrations of the Windows Installer service, but same errors.

Below is a snippet of what I get before the rollback. Any nudges in the right direction would be appreciated.

InstallFiles: File: SelectedFields.js,  Directory: C:\Program Files\Splunk\share\splunk\search_mrsparkle\exposed\js\views\shared\eventsviewer\list\body\row\,  Size: 3708
InstallFiles: File: cp866.py,  Directory: C:\Program Files\Splunk\Python-3.7\Lib\encodings\,  Size: 34396
InstallFiles: File: Brunei,  Directory: C:\Program Files\Splunk\Python-2.7\Lib\site-packages\pytz\zoneinfo\Asia\,  Size: 203
InstallFiles: File: progress-bars.pcss,  Directory: C:\Program Files\Splunk\share\splunk\search_mrsparkle\exposed\pcss\base\,  Size: 4000
InstallFiles: File: struct.py,  Directory: C:\Program Files\Splunk\Python-3.7\Lib\,  Size: 257
InstallFiles: File: St_Helena,  Directory: C:\Program Files\Splunk\Python-3.7\Lib\site-packages\pytz\zoneinfo\Atlantic\,  Size: 148
InstallFiles: File: SplunkWeb.URL,  Directory: C:\ProgramData\Splunk Enterprise\,  Size: 47
Action 19:04:48: RollbackRegmonDrv. 
Action 19:04:48: InstallRegmonDrv. 
InstallRegmonDrv:  Warning: Invalid property ignored: FailCA=.
InstallRegmonDrv:  Info: Driver inf file: C:\Program Files\Splunk\bin\splunkdrv.inf.
InstallRegmonDrv:  Info: Enter. Args: rundll32.exe,  setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\Splunk\bin\splunkdrv.inf
InstallRegmonDrv:  Info: SystemPath is: C:\WINDOWS\system32\
InstallRegmonDrv:  Info: Execute string: C:\WINDOWS\system32\cmd.exe /c "C:\WINDOWS\system32\rundll32.exe  setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\Splunk\bin\splunkdrv.inf >> "C:\Users\username\AppData\Local\Temp\splunk.log" 2>&1"
InstallRegmonDrv:  Info: WaitForSingleObject returned : 0x0
InstallRegmonDrv:  Info: Exit code for process : 0x0
InstallRegmonDrv:  Info: Leave.
Action 19:04:49: RollbackNetmonDrv. 
Action 19:04:49: InstallNetmonDrv. 
InstallNetmonDrv:  Warning: Invalid property ignored: FailCA=.
InstallNetmonDrv:  Info: Driver inf file: C:\Program Files\Splunk\bin\splknetdrv.inf.
InstallNetmonDrv:  Info: Enter. Args: rundll32.exe,  setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\Splunk\bin\splknetdrv.inf
InstallNetmonDrv:  Info: SystemPath is: C:\WINDOWS\system32\
InstallNetmonDrv:  Info: Execute string: C:\WINDOWS\system32\cmd.exe /c "C:\WINDOWS\system32\rundll32.exe  setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\Splunk\bin\splknetdrv.inf >> "C:\Users\username\AppData\Local\Temp\splunk.log" 2>&1"
InstallNetmonDrv:  Info: WaitForSingleObject returned : 0x0
InstallNetmonDrv:  Info: Exit code for process : 0x0
InstallNetmonDrv:  Info: Leave.
Action 19:04:51: RollbackNohandleDrv. 
Action 19:04:51: InstallNohandleDrv. 
InstallNohandleDrv:  Warning: Invalid property ignored: FailCA=.
InstallNohandleDrv:  Info: Driver inf file: C:\Program Files\Splunk\bin\SplunkMonitorNoHandleDrv.inf.
InstallNohandleDrv:  Info: Enter. Args: rundll32.exe,  setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\Splunk\bin\SplunkMonitorNoHandleDrv.inf
InstallNohandleDrv:  Info: SystemPath is: C:\WINDOWS\system32\
InstallNohandleDrv:  Info: Execute string: C:\WINDOWS\system32\cmd.exe /c "C:\WINDOWS\system32\rundll32.exe  setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\Splunk\bin\SplunkMonitorNoHandleDrv.inf >> "C:\Users\username\AppData\Local\Temp\splunk.log" 2>&1"
InstallNohandleDrv:  Info: WaitForSingleObject returned : 0x0
InstallNohandleDrv:  Info: Exit code for process : 0x0
InstallNohandleDrv:  Info: Leave.
Action 19:04:52: CreateFtr. 
CreateFtr:  Warning: Invalid property ignored: FailCA=.
Action 19:04:53: FirstTimeRun. 
FirstTimeRun:  Warning: Invalid property ignored: FailCA=.
FirstTimeRun:  Info: Properties: splunkHome: C:\Program Files\Splunk.
FirstTimeRun:  Info: Execute first time run.
FirstTimeRun:  Info: Enter. Args: "C:\Program Files\Splunk\bin\splunk.exe", _internal first-time-run --answer-yes --no-prompt
FirstTimeRun:  Info: SystemPath is: C:\WINDOWS\system32\
FirstTimeRun:  Info: Execute string: C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files\Splunk\bin\splunk.exe" _internal first-time-run --answer-yes --no-prompt >> "C:\Users\username\AppData\Local\Temp\splunk.log" 2>&1"
FirstTimeRun:  Info: WaitForSingleObject returned : 0x0
FirstTimeRun:  Info: Exit code for process : 0x1
FirstTimeRun:  Info: Leave.
FirstTimeRun:  Error: ExecCmd failed: 0x1.
FirstTimeRun:  Error 0x80004005: Cannot execute first time run.
CustomAction FirstTimeRun returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 19:05:37: InstallFinalize. Return value 3.
Action 19:05:37: Rollback. Rolling back action:

jho-splunk · ‎08-31-2021

Hi @54638,

The installer is failing due to an error being returned by the first-time-run stage. There may be further information in %TEMP%\splunk.log.

Cheers,

- Jo.

Upgrading to Splunk 8.2.2 with MSI fails on Windows with 1603

search head

upgrade

Windows

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation