Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About sood31
sood31
Observer
Member since:
08-02-2021
08-04-2021
Community Statistics
| Posts | 2 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-02-2021 |
Activity Feed
- Posted Re: Splunk Agent installation failed 7.3.3 on Installation. 08-03-2021 10:40 PM
- Posted Splunk Agent installation failed 7.3.3 on Installation. 08-02-2021 10:41 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
08-02-2021
10:41 PM
Splunk installation does not work on one server and below are logs, could you pls point to right direction, where to look at and why this is failing. We have already tried clean boot/Install, Removed AV and any third party security softwares to see that helps or not but it does not. Reboot system multiple times but no luck, Removed Encryption no luck, we are running out of ideas, if you could help, that would be great! MSI (s) (4C:E4) [09:35:45:084]: Executing op: FileCopy(SourceName=ssmotatu.con|web.conf,SourceCabKey=filFFD0A48B92D564AD2586EEDC3AF570B4,DestName=web.conf,Attributes=512,FileSize=83,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=493118281,HashPart2=-1532812437,HashPart3=-875473769,HashPart4=68786463,,) MSI (s) (4C:E4) [09:35:45:085]: File: C:\Program Files\BMW_SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\web.conf; To be installed; Won't patch; No existing file MSI (s) (4C:E4) [09:35:45:085]: Source for file 'filFFD0A48B92D564AD2586EEDC3AF570B4' is compressed MSI (s) (4C:E4) [09:35:45:086]: Executing op: CacheSizeFlush(,) MSI (s) (4C:E4) [09:35:45:086]: Executing op: ActionStart(Name=RollbackRegmonDrv,,) MSI (s) (4C:E4) [09:35:45:092]: Executing op: CustomActionSchedule(Action=RollbackRegmonDrv,ActionType=3329,Source=BinaryData,Target=UninstallRegmonDrvCA,CustomActionData=SplunkHome=C:\Program Files\BMW_SplunkUniversalForwarder\;FailCA=) MSI (s) (4C:E4) [09:35:45:097]: Executing op: ActionStart(Name=InstallRegmonDrv,,) MSI (s) (4C:E4) [09:35:45:098]: Executing op: CustomActionSchedule(Action=InstallRegmonDrv,ActionType=3073,Source=BinaryData,Target=InstallRegmonDrvCA,CustomActionData=SplunkHome=C:\Program Files\BMW_SplunkUniversalForwarder\;LEGACYDRV=1;FailCA=) MSI (s) (4C:F4) [09:35:45:103]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIAC28.tmp, Entrypoint: InstallRegmonDrvCA MSI (s) (4C:58) [09:35:45:104]: Generating random cookie. MSI (s) (4C:58) [09:35:45:107]: Created Custom Action Server with PID 11196 (0x2BBC). MSI (s) (4C:08) [09:35:45:127]: Running as a service. MSI (s) (4C:08) [09:35:45:130]: Hello, I'm your 64bit Elevated Non-remapped custom action server. InstallRegmonDrv: Warning: Invalid property ignored: FailCA=. MSI (s) (4C:E4) [09:35:45:234]: Executing op: ActionStart(Name=RollbackNetmonDrv,,) InstallRegmonDrv: Info: Driver inf file: C:\Program Files\BMW_SplunkUniversalForwarder\bin\splunkdrv.inf. MSI (s) (4C:E4) [09:35:45:235]: Executing op: CustomActionSchedule(Action=RollbackNetmonDrv,ActionType=3329,Source=BinaryData,Target=UninstallNetmonDrvCA,CustomActionData=SplunkHome=C:\Program Files\BMW_SplunkUniversalForwarder\;FailCA=) MSI (s) (4C:E4) [09:35:45:241]: Executing op: ActionStart(Name=InstallNetmonDrv,,) MSI (s) (4C:E4) [09:35:45:242]: Executing op: CustomActionSchedule(Action=InstallNetmonDrv,ActionType=3073,Source=BinaryData,Target=InstallNetmonDrvCA,CustomActionData=SplunkHome=C:\Program Files\BMW_SplunkUniversalForwarder\;LEGACYDRV=1;FailCA=) MSI (s) (4C:30) [09:35:45:248]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIACB6.tmp, Entrypoint: InstallNetmonDrvCA InstallNetmonDrv: Warning: Invalid property ignored: FailCA=. MSI (s) (4C:E4) [09:35:45:346]: Executing op: ActionStart(Name=RollbackNohandleDrv,,) InstallNetmonDrv: Info: Driver inf file: C:\Program Files\BMW_SplunkUniversalForwarder\bin\splknetdrv.inf. MSI (s) (4C:E4) [09:35:45:347]: Executing op: CustomActionSchedule(Action=RollbackNohandleDrv,ActionType=3329,Source=BinaryData,Target=UninstallNohandleDrvCA,CustomActionData=SplunkHome=C:\Program Files\BMW_SplunkUniversalForwarder\;FailCA=) MSI (s) (4C:E4) [09:35:45:352]: Executing op: ActionStart(Name=InstallNohandleDrv,,) MSI (s) (4C:E4) [09:35:45:353]: Executing op: CustomActionSchedule(Action=InstallNohandleDrv,ActionType=3073,Source=BinaryData,Target=InstallNohandleDrvCA,CustomActionData=SplunkHome=C:\Program Files\BMW_SplunkUniversalForwarder\;LEGACYDRV=1;FailCA=) MSI (s) (4C:D8) [09:35:45:359]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIAD24.tmp, Entrypoint: InstallNohandleDrvCA InstallNohandleDrv: Warning: Invalid property ignored: FailCA=. MSI (s) (4C:E4) [09:35:45:456]: Executing op: ActionStart(Name=SavePasswordRules,,) InstallNohandleDrv: Info: Driver inf file: C:\Program Files\BMW_SplunkUniversalForwarder\bin\SplunkMonitorNoHandleDrv.inf. MSI (s) (4C:E4) [09:35:45:458]: Executing op: CustomActionSchedule(Action=SavePasswordRules,ActionType=3073,Source=BinaryData,Target=SavePasswordRulesCA,CustomActionData=SplunkHome=C:\Program Files\BMW_SplunkUniversalForwarder\;MinPasswordLowercaseLen=0;MinPasswordUppercaseLen=0;MinPasswordDigitLen=0;MinPasswordSpecialCharLen=0;MinPasswordLen=8;FailCA=) MSI (s) (4C:2C) [09:35:45:463]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIAD93.tmp, Entrypoint: SavePasswordRulesCA MSI (s) (4C:E4) [09:35:45:485]: Executing op: ActionStart(Name=CreateFtr,,) SavePasswordRules: Warning: Invalid property ignored: FailCA=. MSI (s) (4C:E4) [09:35:45:486]: Executing op: CustomActionSchedule(Action=CreateFtr,ActionType=3073,Source=BinaryData,Target=CreateFtrCA,CustomActionData=SplunkHome=C:\Program Files\BMW_SplunkUniversalForwarder\;FailCA=) MSI (s) (4C:9C) [09:35:45:492]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIADB3.tmp, Entrypoint: CreateFtrCA MSI (s) (4C:E4) [09:35:45:514]: Executing op: ActionStart(Name=FirstTimeRun,,) CreateFtr: Warning: Invalid property ignored: FailCA=. MSI (s) (4C:E4) [09:35:45:515]: Executing op: CustomActionSchedule(Action=FirstTimeRun,ActionType=3073,Source=BinaryData,Target=FirstTimeRunCA,CustomActionData=SplunkHome=C:\Program Files\BMW_SplunkUniversalForwarder\;FailCA=) MSI (s) (4C:08) [09:35:45:521]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIADD3.tmp, Entrypoint: FirstTimeRunCA FirstTimeRun: Warning: Invalid property ignored: FailCA=. FirstTimeRun: Info: Properties: splunkHome: C:\Program Files\BMW_SplunkUniversalForwarder. FirstTimeRun: Info: Execute first time run. FirstTimeRun: Info: Enter. Args: "C:\Program Files\BMW_SplunkUniversalForwarder\bin\splunk.exe", _internal first-time-run --answer-yes --no-prompt FirstTimeRun: Info: Execute string: cmd.exe /c ""C:\Program Files\BMW_SplunkUniversalForwarder\bin\splunk.exe" _internal first-time-run --answer-yes --no-prompt >> "C:\Users\axy4933\AppData\Local\Temp\splunk.log" 2>&1" FirstTimeRun: Info: WaitForSingleObject returned : 0x0 FirstTimeRun: Info: Exit code for process : 0xc0000409 FirstTimeRun: Info: Leave. FirstTimeRun: Error: ExecCmd failed: 0xc0000409. FirstTimeRun: Error 0x80004005: Cannot execute first time run. CustomAction FirstTimeRun returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) MSI (s) (4C:E4) [09:35:45:886]: Note: 1: 2265 2: 3: -2147287035 MSI (s) (4C:E4) [09:35:45:886]: User policy value 'DisableRollback' is 0 MSI (s) (4C:E4) [09:35:45:886]: Machine policy value 'DisableRollback' is 0 Action ended 09:35:45: InstallFinalize. Return value 3.
... View more
Labels
- Labels:
-
universal forwarder
-
Windows
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-04-2021
02:03 AM
|
