I have two client PC's running KAV 5.0.712 with version 6.0.1405 of the NetAgent installed. My problem is that these two clients do not show up as 'active' in the AdminKit when I add them into the groups they're associated with. I can't synchronize them from the AdminKit but both clients download updates and appear to apply policy from the groups they are associated with. Both of these PC's are 'NEW' workstations that are replacing old workstations, keeping the same IP and machine names. Any ideas? I do NOT want to upgrade these clients to a new KAV as the 5.0 client performs better on these workstations. TIA.

Look under Network: Domain. You will find the PC´s in your domain. The name is probably PC-name~1

Yep, in attempts to correct this issue, I had already 'removed' the workstations from the group they were added to and dragged them from the list of domains back into the groups. Once in the group, they still show a faded red icon and are inaccessible via the admin kit. There's no firewall issues with these clients, so I don't understand why the communication from the admin kit to the clients seems to be one way (clients download updates from admin server and apply policy associated with their groups, but I cannot administer via admin kit directly).

As I will be rolling out replacement workstations in a similar way in the VERY near future, this is of concern, and I'd like to get it addressed asap, any ideas?

Run klnagchk utility on the problem computer to see if it is able to connect to the Administration Server.
You may do it remotely with Remote Diagnostics Utility (see "Execute diagnostics command").

Once run, the output (excluding personal identifiers) is as follows:

C:\Program Files\Kaspersky Lab\NetworkAgent>klnagchk
Starting klnagchk utility
Checking command-line arguments...OK
Initializing basic libraries...OK


Reading settings...OK
Checking settings...OK
Administration Agent settings:
Server address: 'xxx.xxx.xxx.xxx'
Use SSL: 1
Server SSL ports: '13000'
Server ports: '14000'
Certificate: absent
Use proxy: 0
Open UDP port: 1
UDP ports: '15000, 15001, 15002'
Ping period, minutes: 15
Conn timeout, s: 30
RW timeout, s: 180

Connecting to server...OK
Connecting to the Administration Agent...OK
Administration Agent is running
Acquire Administration Agent statistics...OK
Administration Agent statistics:
Ping count: 0
Succ. pings: 0
Sync count: 0
Succ. syncs: 0
Last ping:


Deinitializing basic libraries...OK

C:\Program Files\Kaspersky Lab\NetworkAgent>

Other than the ping and sync being 0, everything looks fine. Ideas?

Please, download Kaspersky EventLog and system info log from that problem host. You may do it with the same "Remote Diagnostics Utility".

I ran the klnagchk locally on these workstations as I cannot access these via the adminkit as I explained. In the KS eventlog this entry appears with a 'warning':

Resource is unavailable. Possibly address/port is unavailable or invalid.
Code=1081
Subcode=0
Message='Cannot connect to the component instance '1093;87;1.0.0.0;1093-87''
File='O:\CS AdminKit\development2\kca\prcp\proxybase.cpp'
Line=488

Subsequent 'information' entry is as follows:

Settings change written to the connector 'Workstation' version 5.0.0.0

If you need information on the workstation OS configuration it's Windows XP w/sp3.

And what about system info ?

Could you send them to me as a personal info, please.

I pm'd a message to you, twice, but it never shows up in my 'sent'. Hoping you got it.

Kaspersky EventLog can be acquired from the problem computer remotely by using "Remote Diagnostics Utility" ("Acquire KasperskyEventLog" and "Acquire system info" commands ) mentioned above or acquired from the problem computer locally with following tools
- Kaspersky EventLog -- by running compmgmt.msc and saving Kaspersky Event Log (see screenshot)
- system info log -- by running GetSystemInfo Utility

Facing this before. Just delete out the pc under
1. Network:Domain,
2. original group that it is and
3. all under computer queries.
Then it will detect again.

Host and group under Computer:Domain both deleted, the third step is kind of vague, I have no "All" entry under "Computer Queries". When I refresh the domain list the group/domain that was deleted does not return. TIA for anymore advice. Let me expand on my experience with this previously to these new workstations problems. This has always been somewhat of an issue, but always correctable by removing client from group and then re-adding from the domain to that group (XPsp2 & 2k boxes), until recently this corrected the issue. The only difference is the new workstations are XPsp3, are we sure this is not where the issues lays?

Just to confirm, I just put a new pc, new network name and ip, XPsp3, it appears in the Network:Domain group it's workgroup is associated with, when dragging that client to the group under "Groups", it still shows a faded red icon and cannot be synced. The client, once again, downloads all updates from the administration server without issue, and even applies Kaspersky policy associated with the workgroup it is in.

I've never had a new client experience this. The adminkit usually handles this task without issue. This is VERY concerning as it does not allow me to monitor these clients the way I need to for malicious activity.

Any ideas? I have new workstations that I'll have to deploy and if I can't get this resolved, the renewal of KAV coming in October may need to switch over to the purchase of a different product that can support my needs (which KAV has done well with the past two years). Should I be contacting Kaspersky support directly as opposed to looking on these forums for an answer?

You have 5.0.1152 version of Network Agent on the problem computer. Please, specify build number of the Administration Server. You can see it by clicking "Support info" hyperlink at the Kaspersky Administration Kit shortcut in the Control Panel on the computer with Administration Server installed.

I feel a recap of what the current status is, is needed as you appear to believe there is only one workstation at issue.

I have 80+ workstations all running the 5.0.1152 version of the Network Agent without issue. New (replacements) workstations over the past couple of weeks all fresh installations of Windows XP w/sp3 have all failed to appear accessible via the adminkit, but all DO download updates and apply policy associated with the groups they belong (confirmed locally), of the five workstations we're discussing, only one has the 6.0.1405 version of network agent. They all experience the same problems (which is getting distressing as I have more workstations that need to go out but am not comfortable with the current state of the newest additions).

If you'd like to focus on one workstation for troubleshooting, sure, we can do that, but referring to this issue as exclusive to a single client minimizes the issue, as five (and I'm assuming any further additional workstations) have the same issue.

In trying to resolve this issue, I've upgraded my adminkit to 6.0.1591 on 7/26 with no change in status.

Again, please advise if I should contact Kaspersky directly for support as I feel I'm going in circles on these forums.

It's better to learn the reason of the issue on one workstation, the reason for other workstations with the same Network Agent version certainly will be the same.



You see, there are some known issues with "Ping count: 0" line in klnagchk log. And I need accurate build numbers for the Network Agent and Administration Server and sometimes trace files to recognise the issue.

So, one more thing that I need to help you is Network agent trace file from workstation where you acquired systeminfo. Please, do following:
1. Turn on tracing for the Network Agent with trace level 4 -- command "Turn on tracing..." for the Network Agent Node in Remote Diagnostics utility
2. Restart Network Agent -- command "Restart product" for the Network Agwnt Node in Remote Diagnostics utility
3. Wait for 5 minutes.
4. Turn off tracing for the Network Agent

Send trace file to me.



Certainly, you may contact Kaspersky support directly.

Ok so lets move forward with the troubleshooting of the client with the 5.0.1152 network agent, with the adminkit version being 6.0.1591.



So, again, how do you expect me to accomplish remote tasks via the adminkit, if the adminkit and the client cannot communicate? In the adminkit where is "Remote Diagnostics" anyway?

You may acquire Remote Diagnostics utility here. Run it and select "Access through Microsoft Windows Network" to access remote computer.

So, when trying to connect to problem workstation I get the error returned:

Error 1181/0x52e (Logon failure: unknown user name or bad password.) has occurred.

I used the administrator login and password associated with this client. I spot checked some of the workstations running and being seen by the adminkit (all XP/sp2 clients) and all returned information as exepect. NONE of the five workstations with XPsp3 are able to connect via the Remote Diagnostics utility even though I am using the correct login/pass for administration.

I keep lookin at sp3 as the culprit, any ideas what would have changed to prevent these clients from communicating completely with the adminkit?

To add more static to this fray, I *DO* have one sp3 PC that is being administered via the adminkit without issue. It's just been the subsequent sp3 clients that have had this problem.

Possibly this is because "simple file sharing" is enabled.

You may turn on/off tracing locally instead
1. Run trace-4-nagent.reg to turn on tracing on the problem workstation -- required file $klnagent-1103.log will appear in network agent installation folder
2. Restart network agent service -- "net stop klnagent; net start klnagent"
3. Wait for 5 minutes
4. Run trace-off-nagent.reg to turn off tracing on the problem workstation

Erroneous post, see below.

Disabling "simple file sharing" on the client allowed me to remotely access via the Remote Diagnostics utility. Sending log to you directly.

Is status of the workstation 'active' now (if to presss 'refresh' button in MMC console) ?
How often the problem computer is being turned off/rebooted ?

No the client is not 'active' in the adminkit, it was rebooted once this morning for testing, previous to that, maybe last week sometime when I was first working on it. Otherwise all these clients are always on.

Other clients that still have "simple file sharing" turned on, still access the adminkit without issue (albeit the Remote Diagnostics utility does not work when connecting to these clients). I don't believe this is a 'simple file sharing' issue because the majority have it enabled by default and, like I've stated, run as expected, and have so for quite some time.

In addition, this problem client we're focusing on, appears in Network:Domains, but after dragging it to the group it needs to be in, and refreshing that groups list, it removes it from that group and I need to drag it from the Network:Domain again.

Better you consult the client it is simply a file transmission or not. If so you contact with the admin and ask your problem. Admin provide the best result for you.
========================================
susan

WideCircles