Hi all,

Recently, I've been tasked to upgrade 2 different Splunk systems (1 server each), version 6.1.7 and version 6.3.8, to version 6.5.0. Both existing systems run on Windows Server 2012 with no internet connection and other running 3rd party software. I performed the upgrade without using silent install method. I could perform an upgrade to 6.5.0 from version 6.1.7 just fine, but it's a different story for version 6.3.8.

There were 2 error messages which were shown by the installer during the upgrade activity:

• The first one was "missing SSLEAY32.DLL" for OpenSSL. Before upgrading, I'd made sure that the existing system already had 2 DLL files in OpenSSL folder (under Python folder) and the registry had already pointed to that particular path. I bypassed this error by quickly copied the DLLs from the previous system to the new system as soon as the folder was created by Splunk.
• The second error was "missing MSVCR110.DLL". I resolved this one by simply installing Visual C++ 2012 Redistributable.

After resolving those 2 errors, the upgrade process continued and was able to finish completely. But, there were error entries in splunkd.log which mentioned checksum error for 2 DLL files which I had copied from the previous system. Because of this, I couldn't execute certain commands such as "splunk list monitor".

I then made a small lab to test the upgrade process again. Using the lab system, I found out that every Splunk version 6.3.x and above (excluding 6.5.0) experienced the same type of error (missing SSLEAY32.DLL and MSVCR110.DLL). This thing didn't happen when I installed 6.5.0 directly or performed an upgrade from Splunk version below 6.3.0.

Is this a bug? Has anyone ever encountered the same thing as I was? Any idea on resolving the checksum error for OpenSSL's DLL files? With this case, I don't think I can continue to upgrade my other customer's system.

Thank you.