Hi,
I'm trying to deploy Splunk App for Windows Infrastructure on small AD environment (2 Domain Controllers and few other windows servers + 1 Splunk Indexer)
I installed everything according to the App specification but I'm getting very little information via the App itself now. I can see that I do not get any info re users or groups etc.
I noticed that powershell scripts aren't running OK i.e. below script should gather some Topology info but returns error (see the end of the post).
Any ideas what could go wrong?
[powershell://AD-Health]
script = & "$SplunkHome\etc\apps\TA-DomainController-2012R2\bin\Invoke-MonitoredScript.ps1" -Command ".\ad-health.ps1"
schedule = 0 */5 * ? * *
index = msad
source=Powershell
sourcetype=MSAD:NT6:Health
disabled=false
ParentIdentity="5e1ba9e1-f102-4156-8e0e-7abed0a5d1c3" ErrorIndex="0" ErrorMessage="A local error has occurred" PositionMessage="At C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-DomainController-2012R2\bin\siteinfo.ps1:7 char:8 + $DC = Get-ADDomainController -Identity $ServerName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" CategoryInfo="NotSpecified: (REDACTED:ADDomainController) [Get-ADDomainController], ADException" FullyQualifiedErrorId="ActiveDirectoryServer:8251,Microsoft.ActiveDirectory.Management.Commands.GetADDomainController" Exception="Microsoft.ActiveDirectory.Management.ADException: A local error has occurred ---> System.ServiceModel.FaultException 1[schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.GetADDomainControllerFault]: The lightweight directory access protocol (LDAP) operation failed. Server stack trace: at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.TopologyManagement.GetADDomainController(GetADDomainControllerRequest request) at Microsoft.ActiveDirectory.Management.AdwsConnection.GetADDomainController(GetADDomainControllerRequest request) --- End of inner exception stack trace --- at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowException(CustomActionFault caFault, FaultException faultException) at Microsoft.ActiveDirectory.Management.AdwsConnection.GetADDomainController(GetADDomainControllerRequest request) at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADTopologyManagement.GetADDomainController(ADSessionHandle handle, GetADDomainControllerRequest request) at Microsoft.ActiveDirectory.Management.ADTopologyManagement.GetDomainController(String[] dcNtdsSettingsDN) at Microsoft.ActiveDirectory.Management.Commands.ADDomainControllerFactory 1.GetExtendedObjectFromIdentity(T identityObj, String identityQueryPath, ICollection 1 propertiesToFetch, Boolean showDeleted) at Microsoft.ActiveDirectory.Management.Commands.ADGetCmdletBase 3.ADGetCmdletBaseProcessCSRoutine() at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase 1.ProcessRecord()" InnerException="System.ServiceModel.FaultException 1[schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.GetADDomainControllerFault]: The lightweight directory access protocol (LDAP) operation failed. (Fault Detail is equal to schemas.microsoft.com._2008._1.ActiveDirectory.CustomActions.GetADDomainControllerFault)."
... View more