Help - Search - Members
Full Version: Security Center : How to force client refresh ?
Kaspersky Lab Forum > English User Forum > Protection for Business
Codata
We use Security Center 9 to deploy KES 8 on our network.
We often have to reinstall or upgrade workstations. When this happens, Security Center keeps the old informations about this client computer in memory : on the properties page, it is always the old IP address with the old informations about which version of KAV is installed etc...

If the IP address as changed, I have found no way to force an update and Security Center just can't see this new computer.
It seems that Security Center caches DNS entries somewhere, but I haven't found how to clean this cache and rescan all workstations.

If I try to redeploy KES8 on this computer (if the address has not changed), it fails saying that it is already installed. If I force it (install even when already installed), it hangs on "waiting for a connection...".

I tried to delete the computer from the "administered computers" group, but this does not help.
I also tried to rescan the network, but this still does not help.

What are the recommended steps to follow when reinstalling / upgrading a client computer ?
A good start would be to find a way to force Security Center to flush its DNS cache and rescan a particular computer (or all of them, I don't mind).

Thanks for your help !
Mystery4u
QUOTE(Codata @ 26.03.2012 12:53) *
We use Security Center 9 to deploy KES 8 on our network.
We often have to reinstall or upgrade workstations. When this happens, Security Center keeps the old informations about this client computer in memory : on the properties page, it is always the old IP address with the old informations about which version of KAV is installed etc...

If the IP address as changed, I have found no way to force an update and Security Center just can't see this new computer.
It seems that Security Center caches DNS entries somewhere, but I haven't found how to clean this cache and rescan all workstations.

If I try to redeploy KES8 on this computer (if the address has not changed), it fails saying that it is already installed. If I force it (install even when already installed), it hangs on "waiting for a connection...".

I tried to delete the computer from the "administered computers" group, but this does not help.
I also tried to rescan the network, but this still does not help.

What are the recommended steps to follow when reinstalling / upgrading a client computer ?
A good start would be to find a way to force Security Center to flush its DNS cache and rescan a particular computer (or all of them, I don't mind).

Thanks for your help !

Hi,
Delete the computer from the "administered computers" group, then delete these computer from Unassigned computers too. Then rescan the network.

Codata
QUOTE(Mystery4u @ 26.03.2012 11:11) *
Delete the computer from the "administered computers" group, then delete these computer from Unassigned computers too. Then rescan the network.


Hi, thanks for your answer.
I tried that, but rescanning the network does not bring the computer back. I tried with the "active directory" scanning and "IP range" scanning, none of them brought the new computer back.

Is there no way to flush the DNS/IP cache of the Security Center ?
Mystery4u
QUOTE(Codata @ 26.03.2012 14:13) *
Hi, thanks for your answer.
I tried that, but rescanning the network does not bring the computer back. I tried with the "active directory" scanning and "IP range" scanning, none of them brought the new computer back.

Is there no way to flush the DNS/IP cache of the Security Center ?


Hi,
Reinstall the network Agent with unchecked the option " Do not install application if it is already installed" Check the connection from client end running klnagchk.exe at command prompt.
Codata
QUOTE(Mystery4u @ 26.03.2012 11:30) *
Hi,
Reinstall the network Agent with unchecked the option " Do not install application if it is already installed" Check the connection from client end running klnagchk.exe at command prompt.

But I cannot reinstall the Network Agent if the computer is not seen by Security Center !
Mystery4u
QUOTE(Codata @ 26.03.2012 14:31) *
But I cannot reinstall the Network Agent if the computer is not seen by Security Center !


Hi,
Then Install network agent using pull method. (Manually install at client end)
Codata
QUOTE(Mystery4u @ 26.03.2012 11:35) *
Hi,
Then Install network agent using pull method. (Manually install at client end)


Well, the point is that I want to be able to centrally manage my workstations, even when their IP addresses change.
If I have to manually install things on all clients, the whole point of Security Center and central administration is defeated.
Don't you think so ?
There must be a way around this, no ?
Mystery4u
QUOTE(Codata @ 26.03.2012 14:39) *
Well, the point is that I want to be able to centrally manage my workstations, even when their IP addresses change.
If I have to manually install things on all clients, the whole point of Security Center and central administration is defeated.
Don't you think so ?
There must be a way around this, no ?


Hi,
I mean When you change your IP address of your systems. your admin sever show the old IP information for that system. When you delete your systems from groups and unassigned computers and rescan the network it take time to appear in the unassigned computers. If you want to avoid for wait you reinstall the network agent manually on that system or run "klmover -address <Admin server IP address> on command prompt. The klmover file is located at "C:\Program Files\Kaspersky Lab\NetworkAgent\klmover.exe".
Codata
QUOTE(Mystery4u @ 26.03.2012 11:51) *
Hi,
I mean When you change your IP address of your systems. your admin sever show the old IP information for that system. When you delete your systems from groups and unassigned computers and rescan the network it take time to appear in the unassigned computers. If you want to avoid for wait you reinstall the network agent manually on that system or run "klmover -address <Admin server IP address> on command prompt. The klmover file is located at "C:\Program Files\Kaspersky Lab\NetworkAgent\klmover.exe".

OK I understand then.
Do you mean then that the long delay for computers to reappear under "unassigned computers" is normal ?
Mystery4u
QUOTE(Codata @ 26.03.2012 14:54) *
OK I understand then.
Do you mean then that the long delay for computers to reappear under "unassigned computers" is normal ?


Hi,
Yes, I face this many time to appear the system take long time to reappear in the unassigned computers
Codata
QUOTE(Mystery4u @ 26.03.2012 11:55) *
Hi,
Yes, I face this many time to appear the system take long time to reappear in the unassigned computers

OK. Thanks a lot then, I'll try this next time !
Testeur09
Make sure you use sysprep when reinstalling your computers and the network agent isn't a component of you rmaster workstation.
KoRi
If the client computer is in different subnet, the router not necessary forward scan, and the computer wont appear if no agent installed which point to the server. Manual install still work, if you know the client ip address, and run a deploy task to that ip (not name).
Codata
QUOTE(Testeur09 @ 26.03.2012 12:39) *
Make sure you use sysprep when reinstalling your computers and the network agent isn't a component of you rmaster workstation.

We don't use sysprep, we perform normal installation then image our computers. We just restore the image when it is needed.
Codata
QUOTE(KoRi @ 26.03.2012 12:53) *
If the client computer is in different subnet, the router not necessary forward scan, and the computer wont appear if no agent installed which point to the server. Manual install still work, if you know the client ip address, and run a deploy task to that ip (not name).

It is in the same subnet.
Installing via IP address is an option, indeed.
Codata
QUOTE(Codata @ 26.03.2012 15:25) *
It is in the same subnet.
Installing via IP address is an option, indeed.

Just tried our typical "re deployement" via IP adresse : it still does not work ! It looks as if KSC9 even has reverse DNS cache !!!
I try to install to the IP address of my freshly reinstalled workstation, but SC9 translates the IP address to a computer name that is different from what it should be !

I double and triple checked with nslookup and ping / ping -a, and all come to the same conclusion : SC9 really has a problem with DNS caching !!!
KoRi
Maybe i'm wrong, but i cant believe, that kaspersky use own cache. When u run nslookup & ping from the administration server, u saw the right address&name, or the wrong?
Codata
QUOTE(KoRi @ 3.04.2012 08:11) *
Maybe i'm wrong, but i cant believe, that kaspersky use own cache. When u run nslookup & ping from the administration server, u saw the right address&name, or the wrong?

On the administration server, the IP address in KSC9 is not the one I have when I ping the computer name.
And I can't find a way to force KSC9 to update it. That's the whole point of my post actually.

Yes, I find it hard to believe too, but what else ??
Testeur09
QUOTE(Codata @ 26.03.2012 15:22) *
We don't use sysprep, we perform normal installation then image our computers. We just restore the image when it is needed.

Well that implies lot of problems if you are restoring without any sysprep (sadly the Newtwork Agent doesn't like sysprep too).

You DNS entries will be messed up - you have to activate DNS scavenging.

Kaspersky Network Agent will be messed up, and the client in KSC too.

Try to delete the client from the console entirely (once from Managed Computers, a se cond time from Unefined Computers), then redetect it and add it again to the console.

If it still not better you'll have to uninstall the agent and install it again.
seslmis
Are you using clone image to reinstall PC ?
For me, always reinstall once user left my company.
I use both clone image and newly install from recovery cd as well,
do you try to install NA during your process ?
Suppose you are using server name for your KAK server, try to add
server name in your system hosts file.
Hope these help.
Good luck.
Codata
QUOTE(Testeur09 @ 3.04.2012 09:16) *
Well that implies lot of problems if you are restoring without any sysprep (sadly the Newtwork Agent doesn't like sysprep too).
You DNS entries will be messed up - you have to activate DNS scavenging.

Why would my DNS entries be messed up ? The computer gets a new IP address, but DNS updates work fine. As soon as it's back online forward and reverse lookup are fine from any computer on the network.

QUOTE
Try to delete the client from the console entirely (once from Managed Computers, a se cond time from Unefined Computers), then redetect it and add it again to the console.
If it still not better you'll have to uninstall the agent and install it again.

Actually, if I install the agent manually, it works (tried it yesterday).
But usually we deploy the agent together with KES, and that's what does not work.

Removing and redetecting the client does not work either. It is redetected with the same IP address, and detection via IP range does not work at all (I don't know why).

QUOTE(seslmis)
Are you using clone image to reinstall PC ?
For me, always reinstall once user left my company.
I use both clone image and newly install from recovery cd as well,
do you try to install NA during your process ?
Suppose you are using server name for your KAK server, try to add
server name in your system hosts file.

We reinstall with images usually (barebone images, only Windows and updates are included, no other software), but now we deploy Windows 7 so we install from scratch. No recovery or sysprep, just clean normal installations.
As I sais previously, we do not install NA manually, we deploy it from KSC9, which in this case does not work well because of our IP address "cache" problem...
And as I said, if we install NA and specify the server name, it works just fine.

Thanks to all for trying to help, that's very appreciated !
Testeur09
QUOTE
Why would my DNS entries be messed up ? The computer gets a new IP address, but DNS updates work fine. As soon as it's back online forward and reverse lookup are fine from any computer on the network.

Your DNS server will have several entries for your computer, which is making Kaspersky detect ghost computers i think.
KoRi
QUOTE(Codata @ 3.04.2012 07:52) *
On the administration server, the IP address in KSC9 is not the one I have when I ping the computer name.


This is normal, the admin server keep showing the latest contact ip address. Because there is no agent @ computer, it wont contact to the server. If you want to keep this machine object in the administration server, it is possible that another computer appear on the server with the same name+~1 when you install manual the agent to the client.
My advice is: in the console click right on the root of the administration server -> Search.
Find the machine and right click-> Remove. (it just remove from any group)
Right click again -> Remove. (completely removes that workstation object from admin server. maybe that step missing, and thats why adminserver shows object with the old ip).
Wait till workstation appears again in the unassigned computers. If its in same subnet and VLAN, it has to, if administration server ip subnet scanning configured right.
If you don't want to wait, you had to deploy network agent over the (new) ip address. On the adminkit 8 it always worked, deploying over ip never reversed to computer name back, only after installed agent report back.
It is possible to show different computer name for a short time, when the computer use such ip address which was another computer object @admin server, and the server thinks that that computer switched on, but after agent report to adminkit, the name changing to the right. (or force synchronization).

We sometimes put the network agent installation package to the image (with some other little necessary install exe), and when we restore that image, just one click to install all of them (with a well configured batch file)
Codata
QUOTE(Testeur09 @ 3.04.2012 09:51) *
Your DNS server will have several entries for your computer, which is making Kaspersky detect ghost computers i think.

I don't think this could happen.
We have DHCP configured for automatic DNS updates, and whenever a new IP address is attributed to a computer its DNS records are also updated.
I never had problems of ghost records in the DNS server

QUOTE(KoRi @ 3.04.2012 09:59) *
My advice is: in the console click right on the root of the administration server -> Search.
Find the machine and right click-> Remove. (it just remove from any group)
Right click again -> Remove. (completely removes that workstation object from admin server. maybe that step missing, and thats why adminserver shows object with the old ip).

Maybe I was missing this second step indeed ! Will try that now.
Still, the problem with that is that I have to wait for a network rescan. I can trigger it manually, but it still takes some time. That's a shame since I know (and the system knows) the right IP address for this computer...
KoRi
QUOTE(Codata @ 3.04.2012 09:20) *
That's a shame since I know (and the system knows) the right IP address for this computer...

But the server don't know...until rescan the subnet. tongue.gif
Codata
QUOTE(KoRi @ 3.04.2012 10:26) *
But the server don't know...until rescan the subnet. tongue.gif

There is only ONE software on the whole network which doesn't know, and it's KSC9 !!! rolleyes.gif
Testeur09
QUOTE
I don't think this could happen.
We have DHCP configured for automatic DNS updates, and whenever a new IP address is attributed to a computer its DNS records are also updated.
I never had problems of ghost records in the DNS server

I still suggest to check if you have DNS stale records and DNS scavenging on...

QUOTE
Maybe I was missing this second step indeed ! Will try that now.
Still, the problem with that is that I have to wait for a network rescan. I can trigger it manually, but it still takes some time. That's a shame since I know (and the system knows) the right IP address for this computer...

You should try Active Directory scan maybe, IP/DNS discovery isn't that reliable.
Codata
QUOTE(Testeur09 @ 3.04.2012 10:41) *
I still suggest to check if you have DNS stale records and DNS scavenging on...
You should try Active Directory scan maybe, IP/DNS discovery isn't that reliable.

I can confirm that scavenging is on, I just checked.
I always use Active Directory scanning in fact, the other ones just don't work.

After some more tries, I think that manually installing the network agent is the way to go.
IMHO, centralized deployment is not working well in KSC9 (same as in previous versions actually, it never worked well)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.