Fresh install of Splunk 7.3.3 on Windows Server 2016 index server.
I kept getting the "Splunk installation ended prematurely" with no clear evidence as to why. I tried most of the possible solutions in older posts, with no improvement.
Turns out my domain Splunk service account had been set up with membership in a slew of groups, including the domain admin group. This apparently caused a permissions disconnect in the index server local security policy, where both Deny logon as a batch job and Deny logon as a service included Domain Admin. So, even though my Splunk service account had permission to Logon as a batch job and Logon as a service, it was blocked because of the Domain Admin membership.
I removed the service account from the Domain Admin group and the installation completed successfully.
... View more