I've been attempting to setup a Splunk deployment server. I have receiving enabled on port 28090, I can telnet from forwarder machine to the splunk machine on that port, however, the forwarder just keeps putting out these error messages:
05-24-2011 10:39:19.919 -0400 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected
After reading some of the other similar questions here, I've attempted enabling and disabling SSL, which didn't help. If I turn off the listener on the deployment server, the following error occurs on the forwarder:
05-24-2011 10:41:20.633 -0400 WARN TcpOutputFd - Connect to 10.8.16.229:28090 failed. Connection refused
05-24-2011 10:41:20.633 -0400 ERROR TcpOutputFd - Connection to host=10.8.16.229:28090 failed
So there definitely appears to be some communication happening. Also, when checking to see if deployment clients are connected:
# ./splunk list deploy-clients
No deployment clients have contacted this server.
Running 'netstat | grep 28090' definitely shows the clients are connected.
What step(s) am I missing here?
... View more