This isn't technically a Splunk issue, but here's how we resolved it:
We were seeing the 500 errors, and also noticed this issue when using a Windows configuration tool that uses a phone-home style of connection. We saw the following error from that software:
Could not send report: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full. - connect(2)
After searching Microsoft KB articles for the error, we found the following article that resolved the issue:
Title: When you try to connect from TCP ports greater than 5000 you receive the error 'WSAENOBUFS (10055)'
Symptom: If you try to set up TCP connections from ports that are greater than 5000, the local computer responds with the following WSAENOBUFS (10055) error message:
An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
http://support.microsoft.com/kb/Q196271
Once I applied the change from the KB article, connections started flowing again to the operations system. The machine was able to authenticate to our windows domain, Splunkd started making connections to other machines to index, and we could connect to outside servers.
... View more