I have been trying to configure my Splunk instance (on Windows) to be run by an MSA.

I was never able to install Splunk and configure it to MSA execution in one single step. The closest I got to this goal was using the following command:

msiexec.exe /i splunk-7.0.3-fa31da744b51-x64-release.msi AGREETOLICENSE=Yes LOGON_USERNAME=\Splunk LOGON_PASSWORD="" LAUNCHSPLUNK=0 /lv C:\SplunkInstall.log /qb

which resulted in the following SplunkInstall.log error:

SetupServiceConfig: Error: ChangeServiceConfig failed 0x421
SetupServiceConfig: Error: 0x80004005: Cannot setup splunkd
CustomAction SetupServiceConfig returned actual error code 1603 

(note this may not be 100% accurate if translation happened inside sandbox)

Instead, I tried to install Splunk to run as a "Local System" user (since I know this works when I use the MSI GUI) and then (prior to Splunk's first launch) manually change Splunk to run as the MSA. I got further along the process this way, as I was able to successfully install Splunk using the following cmdline:

msiexec.exe /i splunk-7.0.3-fa31da744b51-x64-release.msi AGREETOLICENSE=Yes SPLUNKPASSWORD=MyNewPassword123 LAUNCHSPLUNK=0 /lv C:\SplunkInstall.log /qb

SplunkInstall.log reported no errors, and so I executed the steps to change the user executing Splunk as described here: http://docs.splunk.com/Documentation/Splunk/5.0.3/Installation/CorrectingtheuserselectedduringWindow...

The issue I am now facing is neither Splunkd Service service nor Splunk Web (legacy) are starting. When I attempted to start Splunk via cmdline, I found the following error in $SPLUNK_HOME\var\log\splunk\splunkd-utility.log:

ERROR UserManagerPro - The password cannot be set to the default password
ERROR AdminHandler:AuthenticationHandler - The password cannot be set to the default password.

Side Note: $SPLUNK_HOME\etc\passwd ends in the following test

... ::Administrator:admin:changeme@example.com::

When I attempted to start the service from the Windows' GUI "Services", I received the following pop-up error:

Windows could not start the Splunkd Service service on Local Computer
Error 1067: The process terminated unexpectedly.

Side note: In an attempt to fix the "Windows could not start the Splunkd Service" issue, I attempted the regedit command (regedit HKLM) detailed here: https://answers.splunk.com/answers/146016/windows-could-not-start-the-splunkd-or-splunkforwarder-ser...

This resulted in an error popup stating the following:

Cannot import HKLM: Error opening the file. There may be a disk or file system error.