thewild

Security Center : How to force client refresh? [Solved][INC000005244299]

50 posts in this topic

We use Security Center 9 to deploy KES 8 on our network.

We often have to reinstall or upgrade workstations. When this happens, Security Center keeps the old informations about this client computer in memory : on the properties page, it is always the old IP address with the old informations about which version of KAV is installed etc...

 

If the IP address as changed, I have found no way to force an update and Security Center just can't see this new computer.

It seems that Security Center caches DNS entries somewhere, but I haven't found how to clean this cache and rescan all workstations.

 

If I try to redeploy KES8 on this computer (if the address has not changed), it fails saying that it is already installed. If I force it (install even when already installed), it hangs on "waiting for a connection...".

 

I tried to delete the computer from the "administered computers" group, but this does not help.

I also tried to rescan the network, but this still does not help.

 

What are the recommended steps to follow when reinstalling / upgrading a client computer ?

A good start would be to find a way to force Security Center to flush its DNS cache and rescan a particular computer (or all of them, I don't mind).

 

Thanks for your help !

Share this post


Link to post
Share on other sites
We use Security Center 9 to deploy KES 8 on our network.

We often have to reinstall or upgrade workstations. When this happens, Security Center keeps the old informations about this client computer in memory : on the properties page, it is always the old IP address with the old informations about which version of KAV is installed etc...

 

If the IP address as changed, I have found no way to force an update and Security Center just can't see this new computer.

It seems that Security Center caches DNS entries somewhere, but I haven't found how to clean this cache and rescan all workstations.

 

If I try to redeploy KES8 on this computer (if the address has not changed), it fails saying that it is already installed. If I force it (install even when already installed), it hangs on "waiting for a connection...".

 

I tried to delete the computer from the "administered computers" group, but this does not help.

I also tried to rescan the network, but this still does not help.

 

What are the recommended steps to follow when reinstalling / upgrading a client computer ?

A good start would be to find a way to force Security Center to flush its DNS cache and rescan a particular computer (or all of them, I don't mind).

 

Thanks for your help !

Hi,

Delete the computer from the "administered computers" group, then delete these computer from Unassigned computers too. Then rescan the network.

 

 

Share this post


Link to post
Share on other sites
Delete the computer from the "administered computers" group, then delete these computer from Unassigned computers too. Then rescan the network.

 

Hi, thanks for your answer.

I tried that, but rescanning the network does not bring the computer back. I tried with the "active directory" scanning and "IP range" scanning, none of them brought the new computer back.

 

Is there no way to flush the DNS/IP cache of the Security Center ?

Share this post


Link to post
Share on other sites
Hi, thanks for your answer.

I tried that, but rescanning the network does not bring the computer back. I tried with the "active directory" scanning and "IP range" scanning, none of them brought the new computer back.

 

Is there no way to flush the DNS/IP cache of the Security Center ?

 

Hi,

Reinstall the network Agent with unchecked the option " Do not install application if it is already installed" Check the connection from client end running klnagchk.exe at command prompt.

 

Share this post


Link to post
Share on other sites
Hi,

Reinstall the network Agent with unchecked the option " Do not install application if it is already installed" Check the connection from client end running klnagchk.exe at command prompt.

But I cannot reinstall the Network Agent if the computer is not seen by Security Center !

Share this post


Link to post
Share on other sites
But I cannot reinstall the Network Agent if the computer is not seen by Security Center !

 

Hi,

Then Install network agent using pull method. (Manually install at client end)

Share this post


Link to post
Share on other sites
Hi,

Then Install network agent using pull method. (Manually install at client end)

 

Well, the point is that I want to be able to centrally manage my workstations, even when their IP addresses change.

If I have to manually install things on all clients, the whole point of Security Center and central administration is defeated.

Don't you think so ?

There must be a way around this, no ?

Share this post


Link to post
Share on other sites
Well, the point is that I want to be able to centrally manage my workstations, even when their IP addresses change.

If I have to manually install things on all clients, the whole point of Security Center and central administration is defeated.

Don't you think so ?

There must be a way around this, no ?

 

Hi,

I mean When you change your IP address of your systems. your admin sever show the old IP information for that system. When you delete your systems from groups and unassigned computers and rescan the network it take time to appear in the unassigned computers. If you want to avoid for wait you reinstall the network agent manually on that system or run "klmover -address <Admin server IP address> on command prompt. The klmover file is located at "C:\Program Files\Kaspersky Lab\NetworkAgent\klmover.exe".

Share this post


Link to post
Share on other sites
Hi,

I mean When you change your IP address of your systems. your admin sever show the old IP information for that system. When you delete your systems from groups and unassigned computers and rescan the network it take time to appear in the unassigned computers. If you want to avoid for wait you reinstall the network agent manually on that system or run "klmover -address <Admin server IP address> on command prompt. The klmover file is located at "C:\Program Files\Kaspersky Lab\NetworkAgent\klmover.exe".

OK I understand then.

Do you mean then that the long delay for computers to reappear under "unassigned computers" is normal ?

Share this post


Link to post
Share on other sites
OK I understand then.

Do you mean then that the long delay for computers to reappear under "unassigned computers" is normal ?

 

Hi,

Yes, I face this many time to appear the system take long time to reappear in the unassigned computers

Edited by Mystery4u

Share this post


Link to post
Share on other sites
Hi,

Yes, I face this many time to appear the system take long time to reappear in the unassigned computers

OK. Thanks a lot then, I'll try this next time !

Share this post


Link to post
Share on other sites

Make sure you use sysprep when reinstalling your computers and the network agent isn't a component of you rmaster workstation.

Share this post


Link to post
Share on other sites

If the client computer is in different subnet, the router not necessary forward scan, and the computer wont appear if no agent installed which point to the server. Manual install still work, if you know the client ip address, and run a deploy task to that ip (not name).

Share this post


Link to post
Share on other sites
Make sure you use sysprep when reinstalling your computers and the network agent isn't a component of you rmaster workstation.

We don't use sysprep, we perform normal installation then image our computers. We just restore the image when it is needed.

 

Share this post


Link to post
Share on other sites
If the client computer is in different subnet, the router not necessary forward scan, and the computer wont appear if no agent installed which point to the server. Manual install still work, if you know the client ip address, and run a deploy task to that ip (not name).

It is in the same subnet.

Installing via IP address is an option, indeed.

Share this post


Link to post
Share on other sites
It is in the same subnet.

Installing via IP address is an option, indeed.

Just tried our typical "re deployement" via IP adresse : it still does not work ! It looks as if KSC9 even has reverse DNS cache !!!

I try to install to the IP address of my freshly reinstalled workstation, but SC9 translates the IP address to a computer name that is different from what it should be !

 

I double and triple checked with nslookup and ping / ping -a, and all come to the same conclusion : SC9 really has a problem with DNS caching !!!

Share this post


Link to post
Share on other sites

Maybe i'm wrong, but i cant believe, that kaspersky use own cache. When u run nslookup & ping from the administration server, u saw the right address&name, or the wrong?

Share this post


Link to post
Share on other sites
Maybe i'm wrong, but i cant believe, that kaspersky use own cache. When u run nslookup & ping from the administration server, u saw the right address&name, or the wrong?

On the administration server, the IP address in KSC9 is not the one I have when I ping the computer name.

And I can't find a way to force KSC9 to update it. That's the whole point of my post actually.

 

Yes, I find it hard to believe too, but what else ??

Share this post


Link to post
Share on other sites
We don't use sysprep, we perform normal installation then image our computers. We just restore the image when it is needed.

Well that implies lot of problems if you are restoring without any sysprep (sadly the Newtwork Agent doesn't like sysprep too).

 

You DNS entries will be messed up - you have to activate DNS scavenging.

 

Kaspersky Network Agent will be messed up, and the client in KSC too.

 

Try to delete the client from the console entirely (once from Managed Computers, a se cond time from Unefined Computers), then redetect it and add it again to the console.

 

If it still not better you'll have to uninstall the agent and install it again.

Share this post


Link to post
Share on other sites

Are you using clone image to reinstall PC ?

For me, always reinstall once user left my company.

I use both clone image and newly install from recovery cd as well,

do you try to install NA during your process ?

Suppose you are using server name for your KAK server, try to add

server name in your system hosts file.

Hope these help.

Good luck.

 

Share this post


Link to post
Share on other sites
Well that implies lot of problems if you are restoring without any sysprep (sadly the Newtwork Agent doesn't like sysprep too).

You DNS entries will be messed up - you have to activate DNS scavenging.

Why would my DNS entries be messed up ? The computer gets a new IP address, but DNS updates work fine. As soon as it's back online forward and reverse lookup are fine from any computer on the network.

 

Try to delete the client from the console entirely (once from Managed Computers, a se cond time from Unefined Computers), then redetect it and add it again to the console.

If it still not better you'll have to uninstall the agent and install it again.

Actually, if I install the agent manually, it works (tried it yesterday).

But usually we deploy the agent together with KES, and that's what does not work.

 

Removing and redetecting the client does not work either. It is redetected with the same IP address, and detection via IP range does not work at all (I don't know why).

 

Are you using clone image to reinstall PC ?

For me, always reinstall once user left my company.

I use both clone image and newly install from recovery cd as well,

do you try to install NA during your process ?

Suppose you are using server name for your KAK server, try to add

server name in your system hosts file.

We reinstall with images usually (barebone images, only Windows and updates are included, no other software), but now we deploy Windows 7 so we install from scratch. No recovery or sysprep, just clean normal installations.

As I sais previously, we do not install NA manually, we deploy it from KSC9, which in this case does not work well because of our IP address "cache" problem...

And as I said, if we install NA and specify the server name, it works just fine.

 

Thanks to all for trying to help, that's very appreciated !

Share this post


Link to post
Share on other sites
Why would my DNS entries be messed up ? The computer gets a new IP address, but DNS updates work fine. As soon as it's back online forward and reverse lookup are fine from any computer on the network.

Your DNS server will have several entries for your computer, which is making Kaspersky detect ghost computers i think.

Share this post


Link to post
Share on other sites
On the administration server, the IP address in KSC9 is not the one I have when I ping the computer name.

 

This is normal, the admin server keep showing the latest contact ip address. Because there is no agent @ computer, it wont contact to the server. If you want to keep this machine object in the administration server, it is possible that another computer appear on the server with the same name+~1 when you install manual the agent to the client.

My advice is: in the console click right on the root of the administration server -> Search.

Find the machine and right click-> Remove. (it just remove from any group)

Right click again -> Remove. (completely removes that workstation object from admin server. maybe that step missing, and thats why adminserver shows object with the old ip).

Wait till workstation appears again in the unassigned computers. If its in same subnet and VLAN, it has to, if administration server ip subnet scanning configured right.

If you don't want to wait, you had to deploy network agent over the (new) ip address. On the adminkit 8 it always worked, deploying over ip never reversed to computer name back, only after installed agent report back.

It is possible to show different computer name for a short time, when the computer use such ip address which was another computer object @admin server, and the server thinks that that computer switched on, but after agent report to adminkit, the name changing to the right. (or force synchronization).

 

We sometimes put the network agent installation package to the image (with some other little necessary install exe), and when we restore that image, just one click to install all of them (with a well configured batch file)

 

Share this post


Link to post
Share on other sites
Your DNS server will have several entries for your computer, which is making Kaspersky detect ghost computers i think.

I don't think this could happen.

We have DHCP configured for automatic DNS updates, and whenever a new IP address is attributed to a computer its DNS records are also updated.

I never had problems of ghost records in the DNS server

 

My advice is: in the console click right on the root of the administration server -> Search.

Find the machine and right click-> Remove. (it just remove from any group)

Right click again -> Remove. (completely removes that workstation object from admin server. maybe that step missing, and thats why adminserver shows object with the old ip).

Maybe I was missing this second step indeed ! Will try that now.

Still, the problem with that is that I have to wait for a network rescan. I can trigger it manually, but it still takes some time. That's a shame since I know (and the system knows) the right IP address for this computer...

 

Share this post


Link to post
Share on other sites
That's a shame since I know (and the system knows) the right IP address for this computer...

But the server don't know...until rescan the subnet. :P

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now