I am currently refreshing the splunk installation on a few windows 7 machines in a lab. I chose to install splunk as "Local System User", as what we've previously done. On some machines, the installation failed at the point that splunk installer trying to start Splunk services. The error message says " Splunk Installer was not able to start Splunk Services. Please make sure you have provided the correct username and/or password, and the user you are trying to run Splunk as has the correct privileage. Exitcode='4'". The error does not occur to some other machines using the same spec and same installation options. I also tried a method that was suggested in one of the forum discussion, to amend the Log On as at msc. I tried a few accounts, but the splunk service still refused to start up.
In addition, there are also some machines where splunk was previously installed, but now i also failed to restart the splunk services. The error message is "Windows could not start the Splunkd service on Local Computer. Error 193: 0xc1". If i uninstall the splunk from these machines, it will encounter the same starup problem as i described in the 1st paragraph.
The splunkd log only shows installation information but contains no info on the service startup attempts. No much clues can be found there. The error seesm to pinpoint a user privilege problem. However, according to the sys admin, the account that i am using allows application installation. What puzzled me is that some machines are okie but some others are not. Additionally, some forum discussion showed that people with even domain admin account also face some startup issue. Hence, I am not sure if it's really an issue doing withing the user account privilege. Can someone shed some lights how i can troubleshoot this issue? Thanks.
I am having the same problem trying to load this as a Network Admin account: "Splunk Installer was unable to start Splunk Services - Please make sure you have provided the correct username and/or password...... Exitcode='4'
I have had success loading as a local user, but that doesn't help for my test.
Sorry if the following is teaching your granny to suck eggs:
Personally I would try starting from the command line as this will generally give you some additional clues. Also, if you get prompted to 'upgrade' this could be your problem. Just type yes. However, do check any bespoke apps you have added as sometimes you can lose local configuration changes during upgrade.
Finally, if that doesn't work check in the install dir (c:\Program Files\Splunk) in \var\log\splunk and checkout the splunkd.log to see if that gives you any clues