Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

How-to

How to change address of KSN Proxy [KSC for Windows]

Problem Sometimes it is necessary to replace the KSN proxy address in products like KSWS, KESS or KES after restoring KSC from backup or when Server moved to new Hardware. Unfortunately, there are no settings in the policy for this. Solution The corresponding option can be found in the properties of Installation packages node in KSC. See the effects of changing this value: Note that after changing these settings, you must also rebuil
svc_kms

svc_kms in How-to

0
How-to

How to add a custom certificate for administration server [KSC for Windows]

Maximum validity of the custom certificate (administration server/web console): A maximum of 5 years can be stored as the maximum validity for the certificate for the administration server The maximum validity for the certificate for the web console cannot exceed 397 days Two different certificates must be used: After the specified time has expired, a new certificate must be generated manually (at best 90 days in advance) and stored as a replacement certificate. Cli
svc_kms

svc_kms in How-to

0
Known Problem

How a Distribution Point for a host is selected [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.   If two different update agents on a PC are assigned in different ways: To an administration group. Based on a network location. Which one will have a higher priority for the PC? Among the update agents assigned to administration groups, the one assigned to the administration group, that is closest to the target host in the group hierarchy, has the higher priority. If the upd
svc_kms

svc_kms in Known Problem

0
Known Problem

Get error "curl: (58) schannel: Failed to import cert file" when sending a request via KPSN API from Windows client [Kaspersky Private Security Network]

Issue An attempt to send POST request via KPSN API from a Windows client.: curl --cert C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem --key C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_key.pem -k -X POST -d "{\\"action ": \\"check_url\\",\\"data ": {\\"urls ": [\\"website1.com "]}}" https://10.90.116.27:80/api/ Fails with the following error: curl: (58) schannel: Failed to import cert file C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem, last error is 0x80092002 Th
svc_kms

svc_kms in Known Problem

0
Known Problem

Get error "curl: (58) schannel: Failed to import cert file" when sending a request via KPSN API from Windows client [Kaspersky Private Security Network]

Issue An attempt to send POST request via KPSN API from a Windows client.: curl --cert C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem --key C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_key.pem -k -X POST -d "{\\"action ": \\"check_url\\",\\"data ": {\\"urls ": [\\"website1.com "]}}" https://10.90.116.27:80/api/ Fails with the following error: curl: (58) schannel: Failed to import cert file C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem, last error is 0x8009200
Stan Shpatar

Stan Shpatar in Known Problem

0
Known Problem

Fix vulnerabilities task fails with error 'Transaction became the database conflict victim: '1205, ...' [KSC for Windows]

Problem While running Fix vulnerabilities task, the following error can occur: 'Transaction became the database conflict victim: '1205, 'Lock wait timeout exceeded; try restarting transaction' , LastStatement='CALL vapm_arrange_task_updates(119, 0xC89EAD3312227039C9FAC933840D7936)' Solution Most possible, the reason of the problem is that you have Fix vulnerabilities task or tasks with a big number of vulnerabilities that should be fixed inside one task. For example, you scro
svc_kms

svc_kms in Known Problem

0
Known Problem

Failed to install the software module update - Bad Junction [KSC for Windows]

Problem Description, Symptoms & Impact When deploying Auto patches from KSC, installing Network Agent or Kaspersky Endpoint Security, installation fails with bad junction errors. Diagnostics While Auto patch deployments over KSC will directly generate an event in Events section of KSC, manual Network Agent or KES installations will end with Fatal Error message and installation logs will contain information such as below: Application: Kaspersky Security Cent
svc_kms

svc_kms in Known Problem

0
Known Problem

Events are not received by KSC or not transferred to SIEM [KSC for Windows]

Problem Sometimes the problem with events receiving/transferring on KSC (including export to SIEM) may occur. The first thing that you have to check is Kaspersky Event Log. The following warnings may occur: Warning Total number of events stored in database (4010532) has exceeded the actual limit of 4000000 event(s). Starting to delete excessive events from the database... Warning 600 event(s) have been deleted from the database because the limit
svc_kms

svc_kms in Known Problem

0
Known Problem

Errors "0x52E", "0x200A" and "'Access is denied" when deleting a task [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. These errors appear when the remote installation task of NAgent or KES with NAgent was created with the Assign package installation in Active Directory group policies option selected. At the first startup they start under the account specified in the New Task Wizard. If that user has access for creating domain policies and groups, the task will be completed successfully, and "GPO" and "Security Group" w
svc_kms

svc_kms in Known Problem

0
Known Problem

Error 80240037 Windows patch management [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.   Problem: You have a new CPU in your managed device and Windows operating system released prior to Windows 10\Windows Server 2016. Start "Find vulnerabilities and required updates" for a managed devices. Task results and Kaspersky Event log on a workstation may indicate a following error: Windows Update Agent error 80240037 ("The functionality for the operation is not supported.") #1181 (
svc_kms

svc_kms in Known Problem

0
Known Problem

Equality logic in subnet conditions of klnagent connection profiles [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Consider the following scenario: You have a large local area network 10.36.0.0/16. There is a managed device with the following IP config: IPv4 address: 10.36.35.10 and Subnet Mask: 255.255.255.0. You create a new subnet condition for klnagent connection profile: 10.36.0.0/16. Actual result: The connection profile is not applied to the managed device. The reason of this behavior is equali
svc_kms

svc_kms in Known Problem

0
Known Problem

Deployment of a Kaspersky failover cluster [KSC for Windows]

Description and cautions That article is describing a specific scenario: HA Cluster KSC with 4 CGWs between two different and geographical isolation DC (Data Center). High level procedure: KLAdmins group: ksc, rightless / gmsa-ksc-server, gmsa-ksc-nwc; $KSC-NODE-1, $KSC-NODE-2, $SQL-SRV / sql / gmsa-sql-server SMB shares: data, state, sc_backup, kl-share | SMB Permissions NTFS ACL - - Full Control for KLAdmins Created MS SQL Database - KLFOC | Grand Access
svc_kms

svc_kms in Known Problem

0
Known Problem

Configuring domain authentication by using NTLM and Kerberos protocols [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. The article is giving a working configuration instructions for domain authentication by using NTLM and Kerberos protocols. NOTE: Domain authentication in OpenAPI over Kerberos protocol has the following restrictions: Administration Server address must be specified exactly as the address for which the Service Principal Name (SPN) is registered for domain account name. In the domain, yo
svc_kms

svc_kms in Known Problem

0
Known Problem

Computer description field is not updated on KSC console

Problem Computer description may stop updating on KSC console. It may be different from what is set on managed PC in computer properties. Solution If computer description field was changed on KSC side manually it will no be updated again. To enable synchronization with local description you have to delete the computer from managed computers group, then from unassigned, and add it back. In case it did not help check that the following services are enabled (set to automatic sta
svc_kms

svc_kms in Known Problem

0
Known Problem

Akconnect utility description [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. When troubleshooting typical KSC issues, you will likely need to check the availability of TCP port 13000 on the KSC Server.  Both telnet and akconnect tools can be used to achieve this. Syntax is very simple: akconnect host port Examples: akconnect.exe 192.168.1.19 13000 >akconnectoutput.txt telnet 192.168.1.19 13000 >telnetoutput.txt Where 192.168.1.19 is the IP address or DN
svc_kms

svc_kms in Known Problem

0
Known Problem

"Administration Server has untrusted self signed certificate" error in Web Console [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Scenario: When login to KSC Web Console, it shows the following error: Administration Server uses an untrusted self-signed certificate. Please modify the application configuration by specifying a valid certificate for Administration Server. Alternative wording (for older KSC versions): Administration Server has untrusted self signed certificate. Please, reconfigure the application with corre
svc_kms

svc_kms in Known Problem

0


×
×
  • Create New...