Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

Known Problem

KSC backup task fails with System error 0x800703FA [KSC for Windows]

Description Sometimes KSC backup task may fail with the following error: #1181 (-2147023878) System error 0x800703FA (Illegal operation attempted on a registry key that has been marked for deletion.) At first, rebooting the OS may help, but the error may return. Cause The user identity associated with the COM+ application was logged on when the COM+ application was first initialized. If that user logs off, their profile will be unloaded and the COM+ application will no l
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC backup fails with error Database is corrupted. At least one repository corrupted [KSC for Windows]

Scenario Backup task fails indicating corrupted files. Specific file names may vary.  The following error appears in Kaspersky Event Log (file name may vary): Database is corrupted. At least one repository corrupted C:\ProgramData\Application Data\KasperskyLab\adminkit\1093\gsyn\klsdata.dat has been corrupted and will not be recovered. Hardware fixing and application reinstallation are required. Possible root causes The most common reasons are OS crash and unexpected reb
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC backup fails with "Error -1963 ('Database connection is broken " 'Connection failure{08S01};' [KSC for Windows]

Scenario After the deployment of KSC in the environment, the Backup task fails with the following error using the KSC Backup task or klbackup utility (screenshot is below). All the permissions were correctly assigned on the shared folder, and ports were opened, but still the backup was failing. There were no blocking events in the Firewall traffic logs. Error -1963 ('Database connection is broken " 'Connection failure{08S01};' LastStataement='select type from sys.system_object whe
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC Application registry doesn't clear information about deleted applications [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Application registry in KSC contains information about applications that was deleted. Reinstalling Network Agent on a workstation should solve a problem. This behavior can be caused by per-user applications. You can alter how long network agent will retain information about applications on a managed workstation: On a managed workstation : Add a registry key: [HKEY_LOCAL_MACH
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC API use cases examples - tasks results and statistics data for Dashboards and Reports [KSC for Windows]

Description and cautions The article shares working examples of using KSC API calls for one of the available scenarios - retrieving tasks results and statistics data for Dashboards and Reports. For the Windows version of cURL, you need to specify that the arguments need to be escaped with "\", otherwise there will be an error. For example:  'Authorization: KSCBasic user=\"YXBpLXVzZXI=\", pass=\"cGFzc3dvcmQ=\", internal=\"1\"' Details Prerequisites internal
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC API use cases examples - retrieving Events, HW, SW inventory [KSC for Windows]

Description and cautions The article shares working example of using KSC API calls for one of the available scenarios - retrieving events, HW and/or SW inventory data. For the Windows version of cURL, you need to specify that the arguments need to be escaped with "\", otherwise there will be an error. For example:  'Authorization: KSCBasic user=\"YXBpLXVzZXI=\", pass=\"cGFzc3dvcmQ=\", internal=\"1\"' Details Prerequisites internal user: api-user Exa
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC API use cases examples - publishing KSC virtual server Administration Agent package [KSC for Windows]

Description and cautions The article shares working examples of using KSC API calls for one of the available scenarios - publishing KSC virtual server Administration Agent package. For the Windows version of cURL, you need to specify that the arguments need to be escaped with "\", otherwise there will be an error. For example:  'Authorization: KSCBasic user=\"YXBpLXVzZXI=\", pass=\"cGFzc3dvcmQ=\", internal=\"1\"' Details Prerequisites Make sure
svc_kms

svc_kms in Known Problem

0
How-to

KSC API use cases examples - host isolation with KES/KEA [KSC for Windows]

Description and cautions The article is giving some use cases examples of KSC API calls to ease one's start using the API. In that KB we are looking at host isolation with KES/KEA scenario. For the Windows version of cURL, you need to specify that the arguments need to be escaped with "\", otherwise there will be an error. For example:  'Authorization: KSCBasic user=\"YXBpLXVzZXI=\", pass=\"cGFzc3dvcmQ=\", internal=\"1\"' Details Prerequisites internal use
svc_kms

svc_kms in How-to

1
Known Problem

KSC and ROBOT attack [KSC for Windows]

This article explains ROBOT attack, RSA Key Exchange, OpenSSL and KSC. Explanation If you are running security analyzer and it shows that connections on ports 13000 (server-nagent traffic) and 17000 (activation proxy) are suspicious for a ROBOT attack, don't panic. Automatic analysis is not accurate. Run specific diagnostics to make sure that KSC traffic is actually not vulnerable. Examples: https://testssl.sh/ https://github.com/robotattackorg/robot-det
svc_kms

svc_kms in Known Problem

0
How-to

Kaspersky Update Utility return codes [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. 0 - Update completed successfully 1 - All files are up-to-date (No available updates) Result codes depending on OS type: Windows Linux(FreeBSD) Return code description -1 255                        Co
svc_kms

svc_kms in How-to

0
Known Problem

Issue with encoding of events transferred to SIEM by the KSC [Kaspersky Security Center]

KSC sends events to SIEM in UTF-8 encoding. If the events received from KSC in the SIEM system look unreadable, for example, like this: Тип приложениÑ: ÐеизвеÑтное приложение\r\nÐаправление: ВходÑщее\r\nПротокол: ICMPv6\r\nСтатуÑ: Разрешено\r\nУдаленныРIt is necessary to configure UTF-8 encoding in the SIEM system itself.
Stan Shpatar

Stan Shpatar in Known Problem

0
Known Problem

Install required updates and fix vulnerabilities task malfunctions after changing KSC Service account [Kaspersky Security Center for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem You change the account of the administration server service via the klsrvswch tool. Note that this is the only way to change the account, manual modification (for example, via services.msc) is not supported.  Then, the you run the Install required updates and fix vulnerabilities task. As a result, the task is cancelled and updates are not installed.  Diagnostics The following
svc_kms

svc_kms in Known Problem

0
Known Problem

Importing a new SSL certificate for KSC Web Console [Kaspersky Security Center]

Problem After importing a custom certificate instead of a default self-signed one for accessing KSC 13 Web Console, you cannot reach Web Console. When using the default certificate, there is now issue with Web Console. Solution There are several causes and solutions for this issue: You might be using Internet Explorer or any other unsupported browser to access Web Console. So first we need to check if the browser is supported by KSC. Ref : https://support.kas
svc_kms

svc_kms in Known Problem

0
How-to

How to write klserver and klnagent trace to a custom location + rotation [KSC for Windows]

Article applies to KSC13-14.2 versions.  Sometimes you need to keep KSC tracing on for a long period of time to catch the error and there is little disk space left on the system disk. Step-by-step guide There is a way to change the default location of $klserver-1093.log file - use klscflag.exe utility" klscflag.exe -tset -pv "klserver" -l 4 -d O:\Temp O:\temp can be changed to any existing folder name in file system. Remember to create this folder before run
svc_kms

svc_kms in How-to

0
How-to

How to use IP address to open RDP connections from KSC console [KSC for Windows]

RDP connection invoked via KSC console uses hostname to connect to a host - mstsc.exe is invoked with /v hostname parameter.  Edit command line used to invoke mstsc.exe with ip address parameter instead of the hostname: Open Custom tools → Configure custom tools Select Remote Desktop, click Modify Edit Command line text box, it should contain <host_ip> instead of <A>:
svc_kms

svc_kms in How-to

0
How-to

How to use FQDN as a display name [KSC for Windows]

There is a known limitation in KSC. When hosts are managed from different domains and there are hosts with the similar names in these domains then 'doubles' will appear. To avoid this, use FQDN (fully qualified domain name) as a display name instead of NETBIOS name. Step-by-step guide Set up the following server flag: SrvUseFqdnAsDisplayNames [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093
svc_kms

svc_kms in How-to

0
How-to

How to set the search mode of the nearest DP (klnagent sends ICMP packets to find out the nearest distribution point (time to live exceeded in transit)) [KSC for Windows]

Description and cautions You may experience low time to live value set in ICMP network packets sent by klnagents.  The following can be seen in wire shark traffic dump: Explanation: There are two modes of distribution point search: 0 - search of the nearest DP using a tool similar to traceroute. It generates a number of ICMP packets to find out the neatest route to DP - this is the default mode.  1 - selection of random DP without sending such amount of ICMP p
svc_kms

svc_kms in How-to

0
How-to

How to set PLC Project Integrity Check task in the KSC Console [KSC for Windows]

You can set and run PLC Project Integrity Check task in KICS4Nodes console. But it is not clear how to add PLC projects into the task settings in the KSC Console. Before PLC Project Integrity Check task setting the PLC Project Investigation task should be successfully executed. Step-by-step guide Go to the KICS4Nodes policy -> Properties -> Logs and Notifications -> Interaction with Administration Server | Settings. Enable Versions of PLC projects op
svc_kms

svc_kms in How-to

0
How-to

How to save server list in MMC Console after upgrade [KSC for Windows]

If you are using the MMC console with different servers, you may want to keep a list of configured servers after upgrading to a new version. Fortunately, this is possible. Step-by-step guide Follow these steps before the upgrade. Save Kaspersky Security Center XX file from C:\Users\%username%\AppData\Roaming\Microsoft\MMC Upgrade. Start and close the MMC console. Remove newly create Kaspersky Security Center XX file from C:\Users\%username%\AppData\Roaming\
svc_kms

svc_kms in How-to

0
How-to

How to run bat files remotely [KSC for Windows]

This article is about Kaspersky Security Center for Windows (KSC for Windows) In this article we will share the steps on how run a .bat file remotely through Kaspersky Security Center (KSC). How to execute a batch file on the remote hosts Create an installation package based on a file Create a remote installation task for that Installation package Assign the task to a target hosts and start it During task execution NAgent will run the file using a 32-bi
svc_kms

svc_kms in How-to

0
How-to

How to Restrict Policy Modification in KSC Using a Custom Role [KSC for Windows]

Description You may want to allow certain users to do everything, but without giving them access to modify policies, manage users, or assign roles. However, when using default roles provided by KSC, some permissions are either too broad or unchangeable. Steps to Create the Custom Role: Open Kaspersky Security Center. Go to Administration Server Properties → Users Roles. Click “Add” to create a new role. Enter a role name (e.g., Rule for Hospitals).
svc_kms

svc_kms in How-to

0
How-to

How to restore a device that was deleted from KSC [Kaspersky Security Center]

If you accidentally deleted a device from KSC, you can either wait until the next sync (15 minutes by default), or run these commands in a cmd started as administrator: cd C:\Program Files (x86)\Kaspersky Lab\NetworkAgent klnagchk.exe -sendhb Or this command, if you deleted a device running linux: sudo /opt/kaspersky/klnagent64/bin/klnagchk -sendhb After that the device should reappear in Unassigned devices.
Stan Shpatar

Stan Shpatar in How-to

0
How-to

How to replace iOS MSM Server Client Root Certificate [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem There is no mechanism to replace client root certificate used for iOS MDM via reserve certificate.  That's why replacing the client root certificate used for iOS MDM will cause iOS MDM server to lose synchronization with all devices. Details of active certificate can be viewed in the properties of iOS MDM server, on the "Certificates' tab. Step-
svc_kms

svc_kms in How-to

0


×
×
  • Create New...