The configurations are perfect and the ping and telnet are working between the deployment server and the client but am getting this log when I checked the internal logs.
INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
this is was the response of netstat:
tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN
tcp 0 287 X1.X1.X1.X1:47010 X2.X2.X2.X2:8089 FIN_WAIT1
x1.x1.x1.x1 - client where agent is installed
x2.x2.x2.x2 - deployment server
Has anyone faced this issue? please, kindly advice.
can you try changing default hostname of the server which is most likely localhost.localdomain?
Also have you restarted the forwarder after configuration?
check the GUID of servers $SPLUNK_HOME/etc/instance.cfg
do they contain same GUID? Delete the file on one of them and restart the UF, it will generate a new guid. Not 100% sure this causes the behavior you are observing, but risk-free to try.
In the other client same configuration works...thats y i was confused
Some clients do show on the deployment server? if this is the case then try deleting $SPLUNK_HOME/etc/instance.cfg
on the client which are not showing and then restart UF.
clients which show on delpyment server share below result:
tcp 0 287 X1.X1.X1.X1:47010 X2.X2.X2.X2:8089 ESTABLISHED
client which do not show share this result
tcp 0 287 X1.X1.X1.X1:47010 X2.X2.X2.X2:8089 FIN_WAIT1
Hi,
On Deployment client, can you run following command:
$SPLUNK_HOME/bin/splunk show deploy-poll
Did it shows deployment server IP?
Yes it does show the repose as :
Deployment Server URI is set to "X2.X2.X2.X2:8089".
Can you check internal logs of deployment client, at $SPLUNK_HOME/var/log/splunk/splunkd.log ?