Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

Known Problem

KSC backup fails with error Database is corrupted. At least one repository corrupted [KSC for Windows]

Scenario Backup task fails indicating corrupted files. Specific file names may vary.  The following error appears in Kaspersky Event Log (file name may vary): Database is corrupted. At least one repository corrupted C:\ProgramData\Application Data\KasperskyLab\adminkit\1093\gsyn\klsdata.dat has been corrupted and will not be recovered. Hardware fixing and application reinstallation are required. Possible root causes The most common reasons are OS crash and unexpected reb
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC update error: retranslation operation results in the TLS error "CrlHasExpired" [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Product:  KSC 11 and more recent versions Consider the following problematic scenario: You use a caching proxy server to download updates for the KSC Server, for example, Squid. KSC is configured to download updates via https (default config).  $up2date-1103-eka.log analysis KL uses the HTT
svc_kms

svc_kms in Known Problem

0
How-to

How to move WSUS folder [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.   You're using KSC as WSUS server and moving the Windows Update folder to another drive so it won't occupy space on the C drive. However, when you're downloading Windows updates to KSC, the “C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer” folder is increasing its size up to 15.5 GB. Solution Here is the procedure: Make a backup copy of KSC. Stop KSC service C
svc_kms

svc_kms in How-to

0
Known Problem

KSC Web Console shows an error after upgrade - incorrect user or password [KSC for Windows]

The problem is in the certificate - it has a 1024 bit long key. While Web Console now works only with 2048 bit long keys.  The customer needs to reissue KSC server certificate to 2048 key length. What to do -  1. Generate reserve KSC certificate - for example by using command -  klsetsrvcert -t CR -g "dns_name" -o "RsaKeyLen:2048" where DNS name is DNS name of KSC 2. Wait several days - hosts will connect to KSC and receive reserve cert.  The customer could check on c
svc_kms

svc_kms in Known Problem

0
Known Problem

NetAgent14: Installation Error "System Error 0x1F (Device attached to the system doesn't work) [KSC for Windows]

Problem Description, Symptoms & Impact The installation of the Network Agent isn't possible on a device because of the error System error 0x1F (A device attached to the system is not functioning.) Diagnostics In the MSI Log and Application Eventlog can be found the following line: (1192/0x0 ("System container 'LOC-PUB-6EEB50F8D2EB46029DB4CCB77E0DA651' is corrupt") Workaround & Solution The issue comes from a corrupt cryptostorage in the OS. It's not a KL rel
svc_kms

svc_kms in Known Problem

0
How-to

How to configure KSC 11-14.2 Web console idle timeout [KSC for Windows]

Problem KSC Web Console can be used for monitoring purposes. It is particularly important to have no timeout disconnection errors in this scenario. To avoid them, the timeout before Web Console disconnects can be increased.  Step-by-step guide All you have to do is the following: Edit node.js web server config file located at C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\server\config.json Change the following values and restart KSC WC se
svc_kms

svc_kms in How-to

0
Known Problem

KSC Upgrade [KSC for Windows]

The best practice is to back up your current Administration Server and then install the new version of Kaspersky Security Center. To do so, follow these steps: Back up the data of Kaspersky Security Center using one of the methods described below: Backup and Restore Wizard Backup task Check if you can install Kaspersky Security Center on your current server. For system requirements, see Online Help. Then export the list of currently inst
svc_kms

svc_kms in Known Problem

0
Known Problem

NAgent 15 klmover behavior change [KSC for Windows]

In NAgent 15, klmover was updated and now requires NAgent uninstallation password, if it is set in NAgent's policy. Right now the password can't be passed to klmover as an argument, but it can be supplied via echo: echo <password>|klmover -address <administration server ip> Because cmd doesn't parse quotes and spaces in echo properly, if klmover is star
svc_kms

svc_kms in Known Problem

0
How-to

How to create a user that has full rights to only one admin group and cannot see other managed groups [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. In this scenario we will create an internal user "test-user" on KSC who has permission on admin group "Virtualized" only, while couldn't view nor manage admin groups "servers" and "workstations". Step-by-step guide 1. Take a backup from KSC admin server in order to make sure that incorrect changes will not impact your KSC. 2. Login to KSC admin server using admin account and go to KSC admin serve
svc_kms

svc_kms in How-to

0
How-to

How to add a custom certificate for administration server [KSC for Windows]

Maximum validity of the custom certificate (administration server/web console): A maximum of 5 years can be stored as the maximum validity for the certificate for the administration server The maximum validity for the certificate for the web console cannot exceed 397 days Two different certificates must be used: After the specified time has expired, a new certificate must be generated manually (at best 90 days in advance) and stored as a replacement certificate. Cli
svc_kms

svc_kms in How-to

0
Known Problem

Patch Management FAQ [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. If you open KSC -> Advanced -> Application management -> Software Updates, there is a column Not assigned for installation (new version). Some computers may have this status or Not assigned for installation status. What does it mean? Installation status Not assigned for installation means that the update is applicable for this host (as a minor upgrade), but there is no patch management tasks
svc_kms

svc_kms in Known Problem

0
Known Problem

Install required updates and fix vulnerabilities task malfunctions after changing KSC Service account [Kaspersky Security Center for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem You change the account of the administration server service via the klsrvswch tool. Note that this is the only way to change the account, manual modification (for example, via services.msc) is not supported.  Then, the you run the Install required updates and fix vulnerabilities task. As a result, the task is cancelled and updates are not installed.  Diagnostics The following
svc_kms

svc_kms in Known Problem

0
Known Problem

Importing a new SSL certificate for KSC Web Console [Kaspersky Security Center]

Problem After importing a custom certificate instead of a default self-signed one for accessing KSC 13 Web Console, you cannot reach Web Console. When using the default certificate, there is now issue with Web Console. Solution There are several causes and solutions for this issue: You might be using Internet Explorer or any other unsupported browser to access Web Console. So first we need to check if the browser is supported by KSC. Ref : https://support.kas
svc_kms

svc_kms in Known Problem

0
How-to

How to use FQDN as a display name [KSC for Windows]

There is a known limitation in KSC. When hosts are managed from different domains and there are hosts with the similar names in these domains then 'doubles' will appear. To avoid this, use FQDN (fully qualified domain name) as a display name instead of NETBIOS name. Step-by-step guide Set up the following server flag: SrvUseFqdnAsDisplayNames [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093
svc_kms

svc_kms in How-to

0
How-to

How to write klserver and klnagent trace to a custom location + rotation [KSC for Windows]

Article applies to KSC13-14.2 versions.  Sometimes you need to keep KSC tracing on for a long period of time to catch the error and there is little disk space left on the system disk. Step-by-step guide There is a way to change the default location of $klserver-1093.log file - use klscflag.exe utility" klscflag.exe -tset -pv "klserver" -l 4 -d O:\Temp O:\temp can be changed to any existing folder name in file system. Remember to create this folder before run
svc_kms

svc_kms in How-to

0
Known Problem

Get error "curl: (58) schannel: Failed to import cert file" when sending a request via KPSN API from Windows client [Kaspersky Private Security Network]

Issue An attempt to send POST request via KPSN API from a Windows client.: curl --cert C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem --key C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_key.pem -k -X POST -d "{\\"action ": \\"check_url\\",\\"data ": {\\"urls ": [\\"website1.com "]}}" https://10.90.116.27:80/api/ Fails with the following error: curl: (58) schannel: Failed to import cert file C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem, last error is 0x8009200
Stan Shpatar

Stan Shpatar in Known Problem

0
How-to

How to Restrict Policy Modification in KSC Using a Custom Role [KSC for Windows]

Description You may want to allow certain users to do everything, but without giving them access to modify policies, manage users, or assign roles. However, when using default roles provided by KSC, some permissions are either too broad or unchangeable. Steps to Create the Custom Role: Open Kaspersky Security Center. Go to Administration Server Properties → Users Roles. Click “Add” to create a new role. Enter a role name (e.g., Rule for Hospitals).
svc_kms

svc_kms in How-to

0
How-to

How to export task history [KSC for Windows]

For any types of issues with tasks managed by KSC, we require export of task execution history in .txt file. Task execution history is a sequence of events generated by client computer during task execution. Step-by-step guide To export task execution history, follow these steps: Open task results window.    In the upper part of the task results window, select problem computer.   Right-click some event in the lower part of the task results window,
svc_kms

svc_kms in How-to

0
Known Problem

NAgent upgrade failure due to mismatch between .msi packages [KSC for Windows]

Problem Network agent upgrade fails. Network Agent installation from an .msi package different from the new .msi package is the root cause. See the below logs: KLNAG_INS_MSI: CheckInstalledMsiName: installed name 'KasperskyNetworkAgent', installed ext '.msi'  MSI_UTILS: CAGetProperty(OriginalDatabase) called...  KLNAG_INS_MSI: CheckInstalledMsiName: installing name 'Kaspersky Network Agent', installing ext '.msi'  KLNAG_INS_MSI: CheckInstalledMsiName: names are NOT equal  Solution
svc_kms

svc_kms in Known Problem

0
How-to

How to replace iOS MSM Server Client Root Certificate [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem There is no mechanism to replace client root certificate used for iOS MDM via reserve certificate.  That's why replacing the client root certificate used for iOS MDM will cause iOS MDM server to lose synchronization with all devices. Details of active certificate can be viewed in the properties of iOS MDM server, on the "Certificates' tab. Step-
svc_kms

svc_kms in How-to

0
Known Problem

KSC Application registry doesn't clear information about deleted applications [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Application registry in KSC contains information about applications that was deleted. Reinstalling Network Agent on a workstation should solve a problem. This behavior can be caused by per-user applications. You can alter how long network agent will retain information about applications on a managed workstation: On a managed workstation : Add a registry key: [HKEY_LOCAL_MACH
svc_kms

svc_kms in Known Problem

0
Known Problem

Error 80240037 Windows patch management [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.   Problem: You have a new CPU in your managed device and Windows operating system released prior to Windows 10\Windows Server 2016. Start "Find vulnerabilities and required updates" for a managed devices. Task results and Kaspersky Event log on a workstation may indicate a following error: Windows Update Agent error 80240037 ("The functionality for the operation is not supported.") #1181 (
svc_kms

svc_kms in Known Problem

0
How-to

How to check the network connectivity/sites collapse issues with the KSCCC server [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Make sure the network agent of KSCCC has already been implemented: Download the Network agent installer of KSCCC from the web console. Click the installer and confirm that it has already has been installed and click OK. Finding the HDS site which is used by this NA:  Run the klnagchk utility within C:\Program Files (x86)\Kaspersky Lab\NetworkAgent to check the network conn
svc_kms

svc_kms in How-to

0
Known Problem

KSC Distribution Points auto-assignment and selection [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Sometimes it's not clear how KSC assigns Distribution Point (DP) for Managed groups or NLA subnets, and how clients choose DP.  Automatic assignment of distribution points is enabled in Kaspersky Security Center by default. The Administration Server automatically selects the scopes for distribution points, and assigns one or multiple distribution points to each scope depending on how many client
svc_kms

svc_kms in Known Problem

0


×
×
  • Create New...