Help - Search - Members
Full Version: Kaspersky 8 Enterprise Anti-Virus service fails to start
Kaspersky Lab Forum > English User Forum > Protection for Business
centoang
Hi,
I'm trying to install Kaspersky Anti-Virus 8.0 For Windows Servers Enterprise on a Windows Server 2008 R2 with Terminal Services installed on.
The installation fails when tryes to start the Anti-Virus Service, a pop-up message says "Service Kaspersky Anti-Virus (KAVFS) failed to start. Verify that you have sufficient privilege to start system services" (i'm using a domain admin account) than the installation rolls back.
In the event log the following messages appear:

[i]Log Name: Application
Source: Application Error
Date: 10/04/2011 17:49:47
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A

Description:
Faulting application name: kavfs.exe, version: 8.0.0.559, time stamp: 0x4cf3d8b4
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb3b
Exception code: 0xc0000005
Fault offset: 0x0002ea00
Faulting process id: 0x1540
Faulting application start time: 0x01cbf796eb0db129
Faulting application path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 8.0 For Windows Servers Enterprise Edition\kavfs.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 28c3c184-638a-11e0-b6ef-3e51d4164da2

Log Name: System
Source: Service Control Manager
Date: 10/04/2011 17:49:25
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A

Description:
The Kaspersky Anti-Virus service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

I've already tried utilities like kavremover and Ccleaner to clean the registry with no success.
On an another server with a configuraction practically identical to the first one the installation was successful.
I also tried to scan the system disk for viruses from another server, nothing founds.
So now I've finished ideas. Anyone knows what could be the problem? dash1.gif

Thanks
centoang
Yuhuu? Anyone out there can help me?
Alexander Ilin
Please show us installation log.
centoang
Hi Alexander,
thank you for your support.
The installation log is attached
Alexander Ilin
Maybe the error is caused by Group Policy-enabled.
If possible, please:
Unregister the computer from a domain policy and try to install WSEE.
centoang
Hi Alexander,
I will try to move the server out of group policies in few hours (the server is in production so I can't do it now).
Only I don't understand why another server with the same roles, almost the same programs installed on and in the same Organization Unit don't have this problem.
In both servers originally there was Kaspersky 6 MP4 for Windows Server because FSEE 8 was not yet available when they were installed. During the last period also the 6 MP4 version was unable to start on the problematic server but I didn't investigate because I preferred to disinstall the 6 MP4 to install FSEE 8, which I cannot ever installed.
I will inform you about the results of your suggestion as soon as possible.
I've attached the getsysteminfo of the server, maybe it could be helpful.
Thanks,


QUOTE(Alexander Ilin @ 13.04.2011 10:05) *
Maybe the error is caused by Group Policy-enabled.
If possible, please:
Unregister the computer from a domain policy and try to install WSEE.

Alexander Ilin
Also use this article http://support.microsoft.com/kb/314852 to improve more traces.
centoang
Hi Alexander,

same result from installation without GPO.
the verbose log is attached


QUOTE(Alexander Ilin @ 13.04.2011 11:26) *
Also use this article http://support.microsoft.com/kb/314852 to improve more traces.

centoang
Hi Alexander,
do you have some news?
David Foose
QUOTE(centoang @ 18.04.2011 10:01) *
Hi Alexander,
do you have some news?



Is this during the admin kit installation? If you are watching the installation progress, does the installation seem to fail around the time it mentions certificate being imported?

If so, I have ran into this problem a few times and I have traced it back to KB2264107. http://support.microsoft.com/kb/2264107

This is one of the Stuxnet holes that Microsoft fixes. To summarize, you can load DLLs from the CWD (Current Working Directory) which can be a network share or WEBDAV(website) location. There were multiple levels of disallowing this practice. We took the "very strict" (fffffff) setting which prevented any usage of CWD during DLL load. This causes some pains with various sofware packages including the load of the Admin Kit.

Setting the registry entry CWDIllegalInDllSearch under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ back to a 0 and doing the install seems to allow it to complete. Then you can place it back to the value your IT admin wanted it to be with no further adverse effects.


Hope this helps.
Alexander Ilin
Please remove all Kaspersky Lab products from this PC (kavrmvr)
Then provide us traces logs via article
centoang
To David: the problem is about the installation of Anti-Virus, not the Administration Kit and the installation fails when the anti virus service tries to start (take a look to error.jpg attached)
To Alexander: I've just repeated the installation: kavremover, then reboot, then msiexec /i kavws.msi /l*v kavws.log. You will find the logs in this post and the next (300k limit to upload attachment is not really enough!)
centoang
here is the last attachment (is a log about kavremover)
centoang
Some news?
daveposh
I would love to know if this was resolved I'm in the same boat. Cannot install on 2008 R2 terminal server services failed to start. Try everything in the above post with no avail.
centoang
Hi,
I'm sorry but the problem was not solved, also with the direct support of Kaspersky (they took installation logs a lot of times, they have sent a new version 8.0.0.563 but the result was the same). So I've installed another antivirus
Testeur09
Hello,

It could be leftover of a old GPO/GPP or manual registry editing provoking this.

Try to add an account with local admin privileges and Denied on "Apply GPO" to you RDS GPO. Do a gpupdate /force then try again. Also tro a gpresult to see if any other GPo could interfere (like a specific WMI filter or GPP parameter...)

If it still not work then maybe some core registry keys were modified on this server and not the other one. I just hope CCleaner didnt mess up the server for good. Do you have any history information on this server (upgrade or clean install, roles etc...) ?

Regards,
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.