Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Klnagchk.exe is usually used to check if the connection between server and NAgent is OK.
The expected result is the following:
Attempting to connect to Administration Server...OK
Attempting to connect to Network Agent...OK
Network Agent is running.
In case of problem with klnagent service, Kaspersky Network Agent should be re-installed and trace collected.
If there is a probl
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Dynamic hosts require more KSC resources than regular hosts.
When a new host is connected to KSC (and the dynamic host is considered new), an icon and a new entry in the database are created, full synchronization with the agent is performed, and the host moved to a group. When the host is deleted, all information about it is deleted as well.
These operations consume a lot of KSC resources, while static
This article is about Kaspersky Security Center for Windows (KSC for Windows)
Problem
You set up integration with SIEM but no events come up on SIEM side. In some cases there is no incoming traffic to SIEM from KSC server.
Solution
In vast majority of cases the root cause can be located in KSC server trace
Trace example #1
25.01.2017 09:56:56.855 00001320.0000015C L1 KLSPLG: There is no key for SystemM
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Which task is responsible for downloading third party Application updates?
Updates metadata is downloaded by Download Updates to the repository task. Updates themselves are downloaded by Install updates and fix Vulnerability task.
What is a source folder containing the third party application updates on the administration server?
3rd party updates are downloaded into the folder C:\ProgramData\Kasper
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
If you open KSC -> Advanced -> Application management -> Software Updates, there is a column Not assigned for installation (new version). Some computers may have this status or Not assigned for installation status. What does it mean?
Installation status Not assigned for installation means that the update is applicable for this host (as a minor upgrade), but there is no patch management tasks
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem Description
Error "Error 1181/0x91 ('System error 0x91 (The directory is not empty.)') occured while deleting directory 'C:\ProgramData\KasperskyLab\adminkit\1103''" when installing Network Agent.
The error can be found on a screenshot.
How To Fix
Make sure that the folder ‘C:\ProgramData\KasperskyLab\adminkit\1103’ actually exists.
If you can navigate to this fo
Problem Description, Symptoms & Impact
The installation of the Network Agent isn't possible on a device because of the error System error 0x1F (A device attached to the system is not functioning.)
Diagnostics
In the MSI Log and Application Eventlog can be found the following line:
(1192/0x0 ("System container 'LOC-PUB-6EEB50F8D2EB46029DB4CCB77E0DA651' is corrupt")
Workaround & Solution
The issue comes from a corrupt cryptostorage in the OS. It's not a KL rel
Problem
Network agent upgrade fails. Network Agent installation from an .msi package different from the new .msi package is the root cause. See the below logs:
KLNAG_INS_MSI: CheckInstalledMsiName: installed name 'KasperskyNetworkAgent', installed ext '.msi'
MSI_UTILS: CAGetProperty(OriginalDatabase) called...
KLNAG_INS_MSI: CheckInstalledMsiName: installing name 'Kaspersky Network Agent', installing ext '.msi'
KLNAG_INS_MSI: CheckInstalledMsiName: names are NOT equal
Solution
In NAgent 15, klmover was updated and now requires NAgent uninstallation password, if it is set in NAgent's policy. Right now the password can't be passed to klmover as an argument, but it can be supplied via echo:
echo <password>|klmover -address <administration server ip>
Because cmd doesn't parse quotes and spaces in echo properly, if klmover is star
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem
When you assign KSC as WSUS all hosts are not able to download anything from Microsoft Store. It is a Microsoft's design limitation.
Description
When KSC acts as WSUS group policy (GPO) "DoNotConnectToWindowsUpdateInternetLocations" is applied to the hosts. It is needed to prohibit hosts from downloading updates from the Internet (it is relevant for Windows 10/Server 2016). Such
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
KSC13 introduced a feature that limits the frequent publication of events. In the event that the event storage overflows on the Server, the most common event in the storage is calculated, and such events are blocked when published on hosts.
Problem:
Machines have status "Virus scan wasn't performed for a long time" but the "Virus scan" task was started recently.
Events that oc
Try the following:
1. Check if the Administration Server is configured to use a proxy server on the Kaspersky Security Center server.
2. Try to clear the updates repository. Download the updates once again and check behavior.
If you still have issues, Delete the Download updates repository task and create a fresh task.
The problem is in the certificate - it has a 1024 bit long key. While Web Console now works only with 2048 bit long keys.
The customer needs to reissue KSC server certificate to 2048 key length.
What to do -
1. Generate reserve KSC certificate - for example by using command -
klsetsrvcert -t CR -g "dns_name" -o "RsaKeyLen:2048"
where DNS name is DNS name of KSC
2. Wait several days - hosts will connect to KSC and receive reserve cert.
The customer could check on c
The best practice is to back up your current Administration Server and then install the new version of Kaspersky Security Center.
To do so, follow these steps:
Back up the data of Kaspersky Security Center using one of the methods described below:
Backup and Restore Wizard
Backup task
Check if you can install Kaspersky Security Center on your current server. For system requirements, see Online Help.
Then export the list of currently inst
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Product: KSC 11 and more recent versions
Consider the following problematic scenario:
You use a caching proxy server to download updates for the KSC Server, for example, Squid. KSC is configured to download updates via https (default config).
$up2date-1103-eka.log analysis
KL uses the HTT
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Product: KSC 11+
Applies also to the update utility version 4.1 and more recent.
Consider the following problematic scenarios:
You have installed KSWS on the KSC server and enabled Traffic Security component and Traffic Security uses MITM mechanism to analyze traffic.
You use a 3rd party sof
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Article applies to KSC13-15.1
Consider the following scenario:
Open KSC MMC console;
Go to Kaspersky licenses;
Select KSC license.
Devices on which the license key is active is zero regardless of fact that this key is assigned as active on KSC Server:
Explanation
In older versions of Kaspersky applications, several license key files were provided to activate
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
When running security analyzers on KSC server you may occasionally get warnings about outdated OpenSSL libraries. Normally these vulnerabilities can not be exploited as the OpenSSL library is used in a very specific way.
If vulnerable OpenSSL libraries were found in C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\protcomp then there is actually no way to exploit it. Due to this fact this library is us
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Product: Any KSC version
Problem Description, Symptoms & Impact
Network Agent local installation errors: "Setup Wizard cannot process the command line", "Setup wizard cannot process the internal error."
Diagnostics
Error can be found on the screenshots or in the installation log.
Workaro
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Sometimes it's not clear how KSC assigns Distribution Point (DP) for Managed groups or NLA subnets, and how clients choose DP.
Automatic assignment of distribution points is enabled in Kaspersky Security Center by default. The Administration Server automatically selects the scopes for distribution points, and assigns one or multiple distribution points to each scope depending on how many client
Problem
You install latest Windows Assessment and Deployment Kit (Windows ADK) on the server where KSC is installed, but KSC console still shows message "to deploy OS images, you must install the Windows Assessment and Deployment Kit (Windows ADK) on the device that has KSC installed".
Solution
KSC doesn't see all the needed WADK components being installed. Because Microsoft is always changing components within their installation packages, we recommend to install all utiliti
Problem
You may run into differences between Application Registry and Incompatible Applications Report when trying to find computers with incompatible applications.
For example, you created Device selection based on an Applications registry criteria, where you specified incompatible application name in Application name field and got a device selection of 12 computers. After that, you open Incompatible Applications Report and only get 3 computers with that software. It is expected, and
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
There are multiple fields in database that are not easy to interpret. For example nIP, nStatus and many others. Most of them are from public view v_akpub_host which is one of the main sources of information about managed computer on KSC. The objective of this article is to help understanding the encoding used, if you want to learn more about public views and specific fields refer to klakdb.chm located in the
Description
Sometimes KSC backup task may fail with the following error:
#1181 (-2147023878) System error 0x800703FA (Illegal operation attempted on a registry key that has been marked for deletion.)
At first, rebooting the OS may help, but the error may return.
Cause
The user identity associated with the COM+ application was logged on when the COM+ application was first initialized. If that user logs off, their profile will be unloaded and the COM+ application will no l
Scenario
Backup task fails indicating corrupted files. Specific file names may vary.
The following error appears in Kaspersky Event Log (file name may vary):
Database is corrupted. At least one repository corrupted C:\ProgramData\Application Data\KasperskyLab\adminkit\1093\gsyn\klsdata.dat has been corrupted and will not be recovered. Hardware fixing and application reinstallation are required.
Possible root causes
The most common reasons are OS crash and unexpected reb
