Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Windows Winsock error 10053

mataharry
Communicator
‎06-15-2011 11:20 AM

My splunk instance is an indexer and deployment server on windows 2008
I have 2 problems :

  • the WEB UI is sometimes very slow to load (splunkd is not responding fast to splunkweb)
  • the deployment-clients are not correctly deployed on all clients (depends of the network where they are)

I see in $SPLUNK_HOME/var/log/splunk/splunkd.log lots of those errors
06-14-2011 06:48:51.298 -0400 ERROR TcpInputProc - Error encountered for connection from src=10.131.83.10:3837. Winsock error 10053

I checked in MSDN, this error is a timeout of the socket :
WSAECONNABORTED 10053
Software caused connection abort.
An established connection was aborted by the software in your host computer, possibly due to a data transmission time-out or protocol error.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎06-15-2011 11:23 AM

Is your server using WINS/NETBIOS as only name resolution protocol ?

This is a known error on windows with indexers and deployment server.
Splunk asks the server to do name resolution on the clients in order to apply the whitelist/blacklists for the deployment rules, this resolution is not occurring so the socket stays open until a timeout.

Usually this error is occurring when only WINS is used with separate networks.
Can you check in your network settings, you may need a valid DNS resolving the forwarders/deployment clients hosts names ?

A quick workaround is to populate the host file on the server with the pairs IP / hostname in
%SystemRoot%\system32\drivers\etc\hosts

View solution in original post

Reply
Solved! Jump to solution

gordo32
Communicator
‎10-15-2018 06:15 AM

This same error will be generated if you are enabling SSL communications from Universal Forwarder to Indexer, but haven't installed the root CA onto the Windows Server running the Universal Forwarder (e.g. SSL cert presented by the Indexer isn't trusted).

0 Karma
Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎06-15-2011 11:23 AM

Is your server using WINS/NETBIOS as only name resolution protocol ?

This is a known error on windows with indexers and deployment server.
Splunk asks the server to do name resolution on the clients in order to apply the whitelist/blacklists for the deployment rules, this resolution is not occurring so the socket stays open until a timeout.

Usually this error is occurring when only WINS is used with separate networks.
Can you check in your network settings, you may need a valid DNS resolving the forwarders/deployment clients hosts names ?

A quick workaround is to populate the host file on the server with the pairs IP / hostname in
%SystemRoot%\system32\drivers\etc\hosts

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...