Security

Getting an issue where Splunk hosts can't reach the License Master

yspade5
New Member

Getting this error from all my Splunk hosts after adding SSL settings in web.conf: LMTracker - failed to send rows reason='Unable to connect to license master"

0 Karma

sagaraverma
Loves-to-Learn Everything

We faced similar error.
Problem was with port access which somehow got inaccessible.

Make sure to test below at the very first -
From any source to License Manager

telnet

0 Karma

yspade5
New Member

I was able to resolve this issue. I changed the settings on the LM. The SSL certificate used was set incorrectly for the "SSLCARootPath" on server.conf because I had removed a custom app that was setting one common SSLCARootPath. When Splunk restarted, it had used the server.conf in system/local that was set to an old SSL cert.

0 Karma

woodcock
Esteemed Legend

Come back and click Accept on your answer to close out your question.

0 Karma

vnguyen46
Contributor

I don't see "accept" button on this thread and it wasn't my case which my OS admin set restriction on the license master. The connection went well after adding the indexer to the LM server. I don't how they did that.

Thanks,

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi there,

this was meant to be for @yspade5 who posted it was resolved 😉

cheers, MuS

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi yspade5,

There are some troubleshooting option, I will just list a few of them.

On the license master:
- check if Splunk is running
- check the file $SPLUNK_HOME/var/log/splunk/splunkd.log for any SSL related errors
- verify in web.conf the option mgmtHostPort = <IP address:port> is NOT set to a port other than 8089

On one of the license slaves
- verify from that you can connect to the license master on port 8089 over https (using curl for example)

Also check if there were any changes in your network just before the error started to happen.

Hope this helps ...

cheers, MuS

0 Karma

vnguyen46
Contributor

Would you please share details on which .crt or key files that need to be shared among the Splunk instances to get connected to the license master?
I am adding new Indexers to the cluster master but not able to connect to the existing license master. All network connections are just fine, so I suspect the cert/key share.

Thanks,

0 Karma

yspade5
New Member

Thanks all for the tips.
I was able to resolve this issue, which as due to the incorrect SSL certificate used by server.conf for the SSLCARootPath, which was different from the other Splunk hosts: Indexers, SHs, HFs
Occurred because I had removed a custom app that had the correct server.conf for the SSL cert.

0 Karma

nickhills
Ultra Champion

Your question is not quite clear - on which host did you change the SSL settings - on the LM or the Indexers?

If my comment helps, please give it a thumbs up!
0 Karma

woodcock
Esteemed Legend

What exactly does adding SSL settings in web.conf mean exactly?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...