All Apps and Add-ons

Duo configuration is not replicable?

nick405060
Motivator

Hi there,

I had the Duo app configured on my Splunk 6.3 indexer, and as a test, I can also set it up successfully on my Splunk 7.2 search head. However I cannot set it up on my Splunk 7.2 indexer, where it needs to be. I'm using the exact same ikey, skey, and API host that I do on the 6.3 indexer and on the 7.2 search head. I've even tried scp-ing the inputs.conf file over from the search head. Lots of reboots attempted, tried uninstalling app, reinstalling, changing permissions, purging everything Duo, etc. How can I troubleshoot and figure this out? I get the error:

Encountered the following error while trying to save: Could not connect to API host api-abcdefghijk.duosecurity.com. Please check that your host is spelled correctly.

One of these days, I'm going to install a Splunk app and it's actually going to work. One of these days.

Tags (1)
0 Karma
1 Solution

nick405060
Motivator

Here's what I did to fix it, after over 5 hours. Fun times.

*Running "find /opt/splunk -name '*duo*' " and deleting everything, and reinstalling the app. Nothing
*Running as root. Nothing
*Copying over every single possible Duo related file from my working SH and rebooting. Nothing
*Permissions stuff. Nothing
*Messing with inputs.conf and authorize.conf as much as possible. Nothing
*Lots of other things. Nothing. I must have rebooted Splunk 50+ times.

Eventually I rebooted the server (which was NOT something we do very often, nor was this fun) and that fixed the issue. I also want it to be known that Splunk is connected to a TON of other APIs on the same server without a problem, so I have no idea how it could have been anything to do with the server's networking config. Also this server was cloned in VMware two months ago from the working SH and since then there has been no non-Splunk related configuration changes to the server....

Sigh.

View solution in original post

0 Karma

nick405060
Motivator

Here's what I did to fix it, after over 5 hours. Fun times.

*Running "find /opt/splunk -name '*duo*' " and deleting everything, and reinstalling the app. Nothing
*Running as root. Nothing
*Copying over every single possible Duo related file from my working SH and rebooting. Nothing
*Permissions stuff. Nothing
*Messing with inputs.conf and authorize.conf as much as possible. Nothing
*Lots of other things. Nothing. I must have rebooted Splunk 50+ times.

Eventually I rebooted the server (which was NOT something we do very often, nor was this fun) and that fixed the issue. I also want it to be known that Splunk is connected to a TON of other APIs on the same server without a problem, so I have no idea how it could have been anything to do with the server's networking config. Also this server was cloned in VMware two months ago from the working SH and since then there has been no non-Splunk related configuration changes to the server....

Sigh.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...