I'm unable to perform a fresh install Splunk Light 6.3.1 on Windows Server 2008 R2 running as Local System. I have tried the GUI installer, and to run msiexec from elevated cmd prompt:
msiexec /i splunklight-6.3.1-f3e41e4b37b2-x64-release.msi LAUNCHSPLUNK=0 AGREETOLICENSE=Yes /quiet /Liwe splunk.log
From the log files it looks like it is unable to start splunk for the first time. Here's a part of the log file:
InstallRegmonDrv: Warning: Invalid property ignored: FailCA=.
InstallRegmonDrv: Info: Driver inf file: C:\Program Files\Splunk\bin\splunkdrv-win6.inf.
InstallNetmonDrv: Warning: Invalid property ignored: FailCA=.
InstallNetmonDrv: Info: Driver inf file: C:\Program Files\Splunk\bin\splknetdrv-vista.inf.
InstallNohandleDrv: Warning: Invalid property ignored: FailCA=.
InstallNohandleDrv: Info: Driver inf file: C:\Program Files\Splunk\bin\SplunkMonitorNoHandleDrv-vista.inf.
CreateFtr: Warning: Invalid property ignored: FailCA=.
FirstTimeRun: Warning: Invalid property ignored: FailCA=.
FirstTimeRun: Info: Properties: splunkHome: C:\Program Files\Splunk.
FirstTimeRun: Info: Execute first time run.
FirstTimeRun: Info: Enter. Args: "C:\Program Files\Splunk\bin\splunk.exe", _internal first-time-run --answer-yes --no-prompt
FirstTimeRun: Info: Execute string: cmd.exe /c ""C:\Program Files\Splunk\bin\splunk.exe" _internal first-time-run --answer-yes --no-prompt >> "C:\Users\xxxxxx\AppData\Local\Temp\splunk.log" 2>&1"
FirstTimeRun: Info: WaitForSingleObject returned : 0x0
FirstTimeRun: Info: Exit code for process : 0x1
FirstTimeRun: Info: Leave.
FirstTimeRun: Error: ExecCmd failed: 0x1.
FirstTimeRun: Error 0x80004005: Cannot execute first time run.
CustomAction FirstTimeRun returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 12:52:15: InstallFinalize. Return value 3.
At the very end of the log file it says:
MSI (s) (94:D4) [12:52:50:657]: Product: Splunk Light -- Installation failed.
MSI (s) (94:D4) [12:52:50:658]: Windows Installer installed the product. Product Name: Splunk Light. Product Version: 6.3.1.0. Product Language: 1033. Manufacturer: Splunk, Inc.. Installation success or error status: 1603.
Also, in the splunkd.log which is apparently put in C:\Users\xxxxxx\AppData\Local\Temp
I have this:
Traceback (most recent call last):
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\clilib\cli.py", line 17, in <module>
import splunk.clilib.cli_common as comm
File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\clilib\cli_common.py", line 8, in <module>
import httplib, shutil
File "C:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 79, in <module>
import mimetools
File "C:\Program Files\Splunk\Python-2.7\Lib\mimetools.py", line 6, in <module>
import tempfile
File "C:\Program Files\Splunk\Python-2.7\Lib\tempfile.py", line 35, in <module>
from random import Random as _Random
File "C:\Program Files\Splunk\Python-2.7\Lib\random.py", line 49, in <module>
import hashlib as _hashlib
File "C:\Program Files\Splunk\Python-2.7\Lib\hashlib.py", line 138, in <module>
_hashlib.openssl_md_meth_names)
AttributeError: 'module' object has no attribute 'openssl_md_meth_names'
This appears to be your first time running this version of Splunk.
Could someone please shed some light on this?
BR,
Herman
I just worked with someone who had this same issue. It turned out the root cause was specifying the msi output log to be splunk.log. Splunk 6.2.x and 6.3.x will already generate a file named "splunk.log" by default in C:\Windows\Temp. By specifying the msi output log to also be called splunk.log, it could cause this issue.
Looking at the command you used, it seems to be the same issue.
I have not been able to find the answer yet. I successfully tried to install on two other machines. I will follow up when/if I find out what's wrong with this server. It could be useful for others.
You can check out this MS KB Article: You receive an "error 1603: A fatal error occurred during installation" error message when you try to install a Windows Installer package
https://support.microsoft.com/en-us/kb/834484
You can also try to use the MS tool System File Checker:
https://technet.microsoft.com/en-us/library/bb491008.aspx
I have heard people have resolved the issue using:
sfc /scannow
Solved it for me.
sfc /scannow + restart fixed my issue with 1603 error, thanks!
Thank you for your answer. I tried this with no luck. It looks like there is something wrong with that particular server, not Splunk itself.