Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

Known Problem

Failed to install the software module update - Bad Junction [KSC for Windows]

Problem Description, Symptoms & Impact When deploying Auto patches from KSC, installing Network Agent or Kaspersky Endpoint Security, installation fails with bad junction errors. Diagnostics While Auto patch deployments over KSC will directly generate an event in Events section of KSC, manual Network Agent or KES installations will end with Fatal Error message and installation logs will contain information such as below: Application: Kaspersky Security Cent
svc_kms

svc_kms in Known Problem

0
Troubleshooting

Troubleshooting the 'Install updates and fix vulnerabilities' task [KSC for Windows]

In certain cases, ‘Install updates and fix vulnerabilities’ task might fail with some error. Below example contains ‘Error verifying file signature’ error but you may use mentioned keywords and overall approach for investigation of other errors met while running ‘Install updates and fix vulnerabilities’ task. Here are some steps to investigate such problems: First of all view list of updates aimed at installation on client. For this purpose in network agent trace file search for ‘Update
svc_kms

svc_kms in Troubleshooting

0
How-to

How to Restrict Policy Modification in KSC Using a Custom Role [KSC for Windows]

Description You may want to allow certain users to do everything, but without giving them access to modify policies, manage users, or assign roles. However, when using default roles provided by KSC, some permissions are either too broad or unchangeable. Steps to Create the Custom Role: Open Kaspersky Security Center. Go to Administration Server Properties → Users Roles. Click “Add” to create a new role. Enter a role name (e.g., Rule for Hospitals).
svc_kms

svc_kms in How-to

0
How-to

How to export task history [KSC for Windows]

For any types of issues with tasks managed by KSC, we require export of task execution history in .txt file. Task execution history is a sequence of events generated by client computer during task execution. Step-by-step guide To export task execution history, follow these steps: Open task results window.    In the upper part of the task results window, select problem computer.   Right-click some event in the lower part of the task results window,
svc_kms

svc_kms in How-to

0
How-to

How to export events to Splunk [KSC for Windows]

This article is about Kaspersky Security Center for Windows (KSC for Windows) Step-by-step guide Make sure that System Management license is installed, otherwise KSC events won't be exported to SIEM. For more information please refer to SIEM integration: the most frequent error.   Specify Splunk Server address and port;   Login into Splunk Management console;   Press Settings → Configure data inputs;   In the o
svc_kms

svc_kms in How-to

0
Known Problem

SIEM intergration - no events: the most frequent reason for error [KSC for Windows]

This article is about Kaspersky Security Center for Windows (KSC for Windows) Problem You set up integration with SIEM but no events come up on SIEM side. In some cases there is no incoming traffic to SIEM from KSC server. Solution In vast majority of cases the root cause can be located in KSC server trace Trace example #1 25.01.2017 09:56:56.855 00001320.0000015C L1 KLSPLG: There is no key for SystemM
svc_kms

svc_kms in Known Problem

0
How-to

KSC service accounts password generation guidelines [KSC for Windows]

KSC installer generates default passwords for service accounts (automatically created to run KSC service), KIPxeUser and KIScSvc. Those passwords have 16 characters length, characters are taken randomly so that the password contain 3 out of 4 of the following groups of characters: Lowercase characters (a – z) Uppercase characters (A – Z) Numbers (0-9) Symbols (~ ! @ # $ % ^ & * - _ + = [ ] { } | \ : ' , . ? / ` ~ " < > ( ) Also the password cann
svc_kms

svc_kms in How-to

0
How-to

How to collect Klakaut traces [KSC for Windows]

In some cases klakaut traces should be collected for diagnostics. Step-by-step guide To do so: Import klakaut-on_x*.reg file. Restart klakaut service. net stop klakaut net start klakaut Enable another trace if required. Reproduce the issue. Impor
svc_kms

svc_kms in How-to

0
How-to

How to collect SNMP component trace [KSC for Windows]

To troubleshoot SNMP functionality in KSC specific traces should be collected. Step-by-step guide To collect traces: Download archive Use trace-5-snmpagt.reg to start trace Reproduce the issue Use trace-off-snmpagt.reg to stop trace Archive files and send to Kaspersky Support.
svc_kms

svc_kms in How-to

0
How-to

KSC API use cases examples - host isolation with KES/KEA [KSC for Windows]

Description and cautions The article is giving some use cases examples of KSC API calls to ease one's start using the API. In that KB we are looking at host isolation with KES/KEA scenario. For the Windows version of cURL, you need to specify that the arguments need to be escaped with "\", otherwise there will be an error. For example:  'Authorization: KSCBasic user=\"YXBpLXVzZXI=\", pass=\"cGFzc3dvcmQ=\", internal=\"1\"' Details Prerequisites internal use
svc_kms

svc_kms in How-to

1
How-to

How to renew the KSC certificate correctly [KSC for Windows]

This article is about Kaspersky Security Center for Windows (KSC for Windows) Problem: KSC certificate renewal or replacement is made incorrectly because the option to instantly replace the server certificate is used. As a result, managed devices loose the connection with KSC and klmover command or re-installation of klnagent is required to restore the connectivity.  Cause: After the certificate is renewed with "-t C" option, network agent
svc_kms

svc_kms in How-to

0
Known Problem

KSC Web Console shows an error after upgrade - incorrect user or password [KSC for Windows]

The problem is in the certificate - it has a 1024 bit long key. While Web Console now works only with 2048 bit long keys.  The customer needs to reissue KSC server certificate to 2048 key length. What to do -  1. Generate reserve KSC certificate - for example by using command -  klsetsrvcert -t CR -g "dns_name" -o "RsaKeyLen:2048" where DNS name is DNS name of KSC 2. Wait several days - hosts will connect to KSC and receive reserve cert.  The customer could check on c
svc_kms

svc_kms in Known Problem

0
Known Problem

Get error "curl: (58) schannel: Failed to import cert file" when sending a request via KPSN API from Windows client [Kaspersky Private Security Network]

Issue An attempt to send POST request via KPSN API from a Windows client.: curl --cert C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem --key C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_key.pem -k -X POST -d "{\\"action ": \\"check_url\\",\\"data ": {\\"urls ": [\\"website1.com "]}}" https://10.90.116.27:80/api/ Fails with the following error: curl: (58) schannel: Failed to import cert file C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem, last error is 0x80092002 Th
svc_kms

svc_kms in Known Problem

0
Known Problem

Install required updates and fix vulnerabilities task malfunctions after changing KSC Service account [Kaspersky Security Center for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem You change the account of the administration server service via the klsrvswch tool. Note that this is the only way to change the account, manual modification (for example, via services.msc) is not supported.  Then, the you run the Install required updates and fix vulnerabilities task. As a result, the task is cancelled and updates are not installed.  Diagnostics The following
svc_kms

svc_kms in Known Problem

0
Known Problem

NAgent 15 klmover behavior change [KSC for Windows]

In NAgent 15, klmover was updated and now requires NAgent uninstallation password, if it is set in NAgent's policy. Right now the password can't be passed to klmover as an argument, but it can be supplied via echo: echo <password>|klmover -address <administration server ip> Because cmd doesn't parse quotes and spaces in echo properly, if klmover is star
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC backup fails with "Error -1963 ('Database connection is broken " 'Connection failure{08S01};' [KSC for Windows]

Scenario After the deployment of KSC in the environment, the Backup task fails with the following error using the KSC Backup task or klbackup utility (screenshot is below). All the permissions were correctly assigned on the shared folder, and ports were opened, but still the backup was failing. There were no blocking events in the Firewall traffic logs. Error -1963 ('Database connection is broken " 'Connection failure{08S01};' LastStataement='select type from sys.system_object whe
svc_kms

svc_kms in Known Problem

0
Known Problem

NetAgent14: Installation Error "System Error 0x1F (Device attached to the system doesn't work) [KSC for Windows]

Problem Description, Symptoms & Impact The installation of the Network Agent isn't possible on a device because of the error System error 0x1F (A device attached to the system is not functioning.) Diagnostics In the MSI Log and Application Eventlog can be found the following line: (1192/0x0 ("System container 'LOC-PUB-6EEB50F8D2EB46029DB4CCB77E0DA651' is corrupt") Workaround & Solution The issue comes from a corrupt cryptostorage in the OS. It's not a KL rel
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC Network Agent Installation errors: "Setup Wizard cannot process the command line", "Setup wizard cannot process the internal error." [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Product: Any KSC version Problem Description, Symptoms & Impact Network Agent local installation errors: "Setup Wizard cannot process the command line", "Setup wizard cannot process the internal error."  Diagnostics Error can be found on the screenshots or in the installation log. Workaro
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC update error: retranslation operation results in the TLS error "CrlHasExpired" [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Product:  KSC 11 and more recent versions Consider the following problematic scenario: You use a caching proxy server to download updates for the KSC Server, for example, Squid. KSC is configured to download updates via https (default config).  $up2date-1103-eka.log analysis KL uses the HTT
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC update error: Failed to establish the HTTPS connection: TLS error (54) [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Product:  KSC 11+ Applies also to the update utility version 4.1 and more recent. Consider the following problematic scenarios: You have installed KSWS on the KSC server and enabled Traffic Security component and Traffic Security uses MITM mechanism to analyze traffic. You use a 3rd party sof
svc_kms

svc_kms in Known Problem

0
How-to

How to set the search mode of the nearest DP (klnagent sends ICMP packets to find out the nearest distribution point (time to live exceeded in transit)) [KSC for Windows]

Description and cautions You may experience low time to live value set in ICMP network packets sent by klnagents.  The following can be seen in wire shark traffic dump: Explanation: There are two modes of distribution point search: 0 - search of the nearest DP using a tool similar to traceroute. It generates a number of ICMP packets to find out the neatest route to DP - this is the default mode.  1 - selection of random DP without sending such amount of ICMP p
svc_kms

svc_kms in How-to

0
Known Problem

Equality logic in subnet conditions of klnagent connection profiles [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Consider the following scenario: You have a large local area network 10.36.0.0/16. There is a managed device with the following IP config: IPv4 address: 10.36.35.10 and Subnet Mask: 255.255.255.0. You create a new subnet condition for klnagent connection profile: 10.36.0.0/16. Actual result: The connection profile is not applied to the managed device. The reason of this behavior is equali
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC Upgrade [KSC for Windows]

The best practice is to back up your current Administration Server and then install the new version of Kaspersky Security Center. To do so, follow these steps: Back up the data of Kaspersky Security Center using one of the methods described below: Backup and Restore Wizard Backup task Check if you can install Kaspersky Security Center on your current server. For system requirements, see Online Help. Then export the list of currently inst
svc_kms

svc_kms in Known Problem

0
Known Problem

Configuring domain authentication by using NTLM and Kerberos protocols [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. The article is giving a working configuration instructions for domain authentication by using NTLM and Kerberos protocols. NOTE: Domain authentication in OpenAPI over Kerberos protocol has the following restrictions: Administration Server address must be specified exactly as the address for which the Service Principal Name (SPN) is registered for domain account name. In the domain, yo
svc_kms

svc_kms in Known Problem

0


×
×
  • Create New...