Jump to content
george.h

KES 8 (.831) Deployment Problem

Recommended Posts

I've been scratching my head over this for some time now and seen others have been having similar issues but no body seems to have found the cause.

 

Basically it is a small network with KSC9 installed on a Windows 2003 STD server. There are 6 machines on the local network, the Admin server itself, the main server (2003 SBS), and 4 desktops. In addition there are two more desktops at the end of a VPN at a remote site (all desktops at both sites are XP Pro SP3). I downloaded KES 8 CF1 and created and install package, and did the same with latest network agent. Updated KSC on the admin server to the latest version etc....

 

Now, delopying the new network agent and .831 version of KES 8 went fine to all the local network machines (including both servers, although I've had to remove it from the 2003 SBS server for unrelated reasons). I can happily deploy the network agent to the two remote machines. However, whenever I try to deploy KES .831 it gets as far as "copying files" and 53% and sticks. No errors, it just sits there (for days if I let it before stopping it). I can find no install logs with the correct dates on either of the two PCs for KES. The network agent yes, but not KES. I've tried delopying with and without the n etwork agent, an d using and not using the agent. If tried uninstalling KES and the agent and re-installing, but same 53% log jam with KES. I can happily uninstall and re-install the older release of KES (.6xx something, can't remember exactly off the top of my head). But .831 just refuses to play.

 

Any pointers as to where to look next please?

 

P.S. My reason for removing KES from the 2003 SBS machine was the after a set of updates about 3 months ago it bluescreens at startup/restart with KES 8 installed (either the .6xx or .831 version). I'm still working on that one.

Edited by george.h

Share this post


Link to post
Just checked what the .6xx version of KES 8 is and it is .646

 

George

 

 

I have this same issue. Please post if you get it figured out. I have about 30 machines throughout the counrty that are connected via VPN and have not been able to get this to install on a single one. Like you said the network agent updates without a problem.

Share this post


Link to post

So far I've not found anything to give a clue, and no one from Kaspersky has suggested any way of trying to determine what is going on. The usual "install logs" don't help as there aren't any!

 

It's a complete puzzle.....

Share this post


Link to post

Is it possible that your network firewall has IPS over the VPN connection? It might be detecting something in the setup package and breaks the connection during the install. I'd try pushing out the network agent and KES separately to see if one or the other or both continue to fail with install.

Share this post


Link to post
Is it possible that your network firewall has IPS over the VPN connection? It might be detecting something in the setup package and breaks the connection during the install. I'd try pushing out the network agent and KES separately to see if one or the other or both continue to fail with install.

 

Could be, I'd have to check Watchguard's manuals as the VPN is between a pair of Firebox X20e's. Seems strange though that this only affects deploying .831. Deploying .646 worked (and still works) fine to these two machines. I have tried deploying the network agent and KES separately and KES still sticks at 53% of copying files. I've also tried deploying not using the agent - same result.

 

Just looked at the logs of the two Fireboxes at each end of the VPN tunnel for an attempted remote install and there is no indication of the tunnel dropping out upto or after the point at which KES sticks at 53%. Any idea of any other logs I could look at to try to figure out what is going on please? As I said earlier, the install and setup logs don't help as none are created - they don't seem to be created until after the file copy process.

 

Thanks!

George

Share this post


Link to post

I use WatchGuard hardware as well. The IPS is just a hunch, because I have found it to occasionally impede transfer of some files. It could just be that the WG file signatures from one release differ from another and are interfering. In the WG policy manager, you should be able to increase the logging for each policy for monitoring. You can also uncheck IPS for the VPN policies (at both local and remote locations) and try again.

Share this post


Link to post

I've seen this happening, sticking at 53% ("copying files") but when I check the client computer, KES is being installed. And about 10-15 min after that, the task gets completed.

 

I think that if you wait long enough you will either get a "Completed successfully, waiting for reboot" or "Task Error". Have you tried that?

Share this post


Link to post
I've seen this happening, sticking at 53% ("copying files") but when I check the client computer, KES is being installed. And about 10-15 min after that, the task gets completed.

 

I think that if you wait long enough you will either get a "Completed successfully, waiting for reboot" or "Task Error". Have you tried that?

 

Left them for 4 days at one stage (over a weekend). Absolutely no sign that anything had happened at the client end. It still reports .646, no indication of a reboot required or anything. Interestingly when I try and re-run the task the KES part goes straight to 50%, sits there for ages, nudges up to 53% and then nothing more for days.

 

I use WatchGuard hardware as well. The IPS is just a hunch, because I have found it to occasionally impede transfer of some files. It could just be that the WG file signatures from one release differ from another and are interfering. In the WG policy manager, you should be able to increase the logging for each policy for monitoring. You can also uncheck IPS for the VPN policies (at both local and remote locations) and try again

 

They are both Edge units so the VPNs are manually setup branch VPNs, not managed via Policy Manager, and as far as I can tell it is a straight pass through based upon destination IP address - no traffic filtering or anything.

Share this post


Link to post
Left them for 4 days at one stage (over a weekend). Absolutely no sign that anything had happened at the client end. It still reports .646, no indication of a reboot required or anything. Interestingly when I try and re-run the task the KES part goes straight to 50%, sits there for ages, nudges up to 53% and then nothing more for days.

They are both Edge units so the VPNs are manually setup branch VPNs, not managed via Policy Manager, and as far as I can tell it is a straight pass through based upon destination IP address - no traffic filtering or anything.

 

Don't take the percentage shown as absolute.

 

It's jumping to 50% probably because the task checks for NetworkAgent installation, and it's already there so 50% is already done.

 

While copying, the percentage shown in task progress bar is not related to the copying progress.

 

Try double clicking the computers (individually) and check "do not disconnect from administration server". Wait for about 15 min and try to run the task again.

 

Share this post


Link to post
Don't take the percentage shown as absolute.

 

It's jumping to 50% probably because the task checks for NetworkAgent installation, and it's already there so 50% is already done.

 

While copying, the percentage shown in task progress bar is not related to the copying progress.

 

Try double clicking the computers (individually) and check "do not disconnect from administration server". Wait for about 15 min and try to run the task again.

 

I'd wondered about that, although it is exactly the same (straight to 50%) if I don't include the Network Agent in the task. Anyway, I gave it a try with "do not disconnect from administration server", left it running for 24 hours. Absolutely zip. No change. Exactly the same behaviour and no trace of anything actually having been done to the client PC.

 

Getting to feel like this set of licenses will be the last we buy for Kaspersky, and switch to something where remote management works (also getting fed up with the stacks of read errors KES logs).

Share this post


Link to post

I've applied the Network Agent trace registry entries and try a remote install again. Hopefully that may give some indication as to why it never seems to get beyond "copying files".

 

Would be much better if that functionality could be done via a tick box on the Administration Server rather than having to faff about installing registry settings locally.

 

Now going to wait a good few hours and see if it produces anything.

 

George

Share this post


Link to post

Still absolutely no hints from any logs as to why 831 won't install to these two remote machines.

 

Any suggestions from Kaspersky?

 

P.S. The logs that are produced are HUGE, yet the attachments allowed on here are tiny..... hmmmmm

Share this post


Link to post
Still absolutely no hints from any logs as to why 831 won't install to these two remote machines.

 

Any suggestions from Kaspersky?

 

P.S. The logs that are produced are HUGE, yet the attachments allowed on here are tiny..... hmmmmm

Try a manual installation on the remote computer with a package created in the KSC9? Maybe it will show up some error what you can debug and find out how to fix for the other computers.

 

Ervin

Share this post


Link to post
Still absolutely no hints from any logs as to why 831 won't install to these two remote machines.

 

Any suggestions from Kaspersky?

 

P.S. The logs that are produced are HUGE, yet the attachments allowed on here are tiny..... hmmmmm

Download KES from support site: http://support.kaspersky.com/kes8wks?level=2

and try to create new install packedge of KES (without nagent)

 

Share this post


Link to post
Left them for 4 days at one stage (over a weekend). Absolutely no sign that anything had happened at the client end. It still reports .646, no indication of a reboot required or anything. Interestingly when I try and re-run the task the KES part goes straight to 50%, sits there for ages, nudges up to 53% and then nothing more for days.

They are both Edge units so the VPNs are manually setup branch VPNs, not managed via Policy Manager, and as far as I can tell it is a straight pass through based upon destination IP address - no traffic filtering or anything.

 

I found the following tended to occur -- unrelated to VPN itself, but usually seen most on VPN.

 

When pushing the client out, if either of the following cases occur:

 

1) It takes more than 2 hours

2) Kaspersky 6 has not been fully uninstalled and a Kaspersky 6 tasks runs

 

Then it will do exactly what you say.

 

In the case of users on slow connections, or users on VPN, I, in general, had to deploy the client manually on the computer.

 

I also left a few computers downloading for days and had the same thing occur. It wasn't a setting on the computer, as if I switched them to where they got the file in a shorter time frame, it would go fine.

 

After about 50+ installs, I found anything over 2 hours transfer tended to be where it would just stop cold. Additionally, if Kasp 6 was not completely removed ahead of time, if a Kasp 6 task ran (especially update databases), it would completely kill what was going on.

 

Hope that's of some help.

 

Share this post


Link to post

Anything is possible, but wouldn't explain why I can deploy .831 to local machines using the package perfectly

 

Yet, when I try to deploy across the VPN, it doesn't (with or without Net Agent) even after a complete remote uninstall of Enpoint 8.0.646 and NetAgent. Yet I can redeploy NetAget and .646 again across the VPN without a hitch. One of the machines had Kaspersky 6 on it, the other has only ever had Endpoint 8 and no other antivirus sofware.

 

The whole point of KSC 9 and the NetAgent is so that I DONT HAVE to physically go and install it on remote machines.

 

I've just retried the deployment after upgrading the hardware at the remote end of the VPN tunnel so now our main site has a Firebox X20e and the remote one a Firebox X10e (was a X5w). Still the same problem. However while sitting here on site and monitoring the target PC, it seemed to be doing something for while (20 mins or so) then nothing (no network activity). However still no evidence on the target PC that anything has actually happened (no logs or temp files I can find) and KSC 9 says "Copying files - 53%".

 

Having just got over the frustration of the "unprocessed objects" fiasco and patch H to fix it when previous ones were supposed to (and why did that take 24 hours before KSC 9 stopped saying "unprocessed objects") I'm rather losing both faith and interst in Kaspersky.

Share this post


Link to post

I had 3 computers deployed temporally in a remote site all the computers were connected 1 by 1 to our corporate network through Sonicwall Global Vpn client, it happened after 1 week that 1 of the computer was not able communicate with our network correctly loosing vpn connection or timeout on operations like file transfer etc. I don't had time to debug the issue so i uninstalled KES8 and it was ok the vpn connection again (turning off was not helping) after a day started at an other machine the same issue so i had started to make more analysis i was thinking that in that place the internet was not working ok.. but testing the connection till their GW was ok also from my site to their site the WAN ip's were ok, made some tests with KES also only leaving AV module active but the same happened. After trying to install KAV 6 MP4 back fixed the problem through vpn don't know what it was or what happened but after 3 months the computers were back in my site and installed KES8 and they are working without problems.

 

Ervin

Share this post


Link to post
Anything is possible, but wouldn't explain why I can deploy .831 to local machines using the package perfectly

 

Yet, when I try to deploy across the VPN, it doesn't (with or without Net Agent) even after a complete remote uninstall of Enpoint 8.0.646 and NetAgent. Yet I can redeploy NetAget and .646 again across the VPN without a hitch. One of the machines had Kaspersky 6 on it, the other has only ever had Endpoint 8 and no other antivirus sofware.

 

The whole point of KSC 9 and the NetAgent is so that I DONT HAVE to physically go and install it on remote machines.

 

I've just retried the deployment after upgrading the hardware at the remote end of the VPN tunnel so now our main site has a Firebox X20e and the remote one a Firebox X10e (was a X5w). Still the same problem. However while sitting here on site and monitoring the target PC, it seemed to be doing something for while (20 mins or so) then nothing (no network activity). However still no evidence on the target PC that anything has actually happened (no logs or temp files I can find) and KSC 9 says "Copying files - 53%".

 

Having just got over the frustration of the "unprocessed objects" fiasco and patch H to fix it when previous ones were supposed to (and why did that take 24 hours before KSC 9 stopped saying "unprocessed objects") I'm rather losing both faith and interst in Kaspersky.

 

you probably won't want to hear this, but Kaspersky goes through this every 3 years or so. I pretty much just plan for having a crappy time for a month or two with them, because, in the end, the rest of time + those crappy months is still better than the time we've spent with other anti-virus vendors.

 

Well, excluding that Kaspersky "kill 50% computers and you can ONLY fix them on-site" bug from circa 2007 (I think). That one was a bit of a bear. :D

 

 

Share this post


Link to post
you probably won't want to hear this, but Kaspersky goes through this every 3 years or so. I pretty much just plan for having a crappy time for a month or two with them, because, in the end, the rest of time + those crappy months is still better than the time we've spent with other anti-virus vendors.

 

Well, excluding that Kaspersky "kill 50% computers and you can ONLY fix them on-site" bug from circa 2007 (I think). That one was a bit of a bear. :D

 

I know what you mean - had to rapidly rollback an update on McAffee a few years back at a certain well known bank ("Fred the Shred") after the update started throwing up loads of false detections. Not fun when it's just been rolled out to 30,000+ desktops.....

 

My own feeling is that the remote deployment mechanism just isn't robust enough. Why it works fine if I deploy NetAgent 9.2.69 and KES 8.1.0646 to the far end of a VPN tunnel, but not 8.1.0.831 is just weird. Especially as the very same installation package of 8.1.0.831 deploys fine on the local lan....

 

Hmmm

Edited by george.h

Share this post


Link to post

Looks like I'm going to have to go to the problem site for something else so I'll give a stand-alone installation package a go. However, even if this works I'll regard it as nothing more a "fudge" until Kaspersky fix it....

Share this post


Link to post
Looks like I'm going to have to go to the problem site for something else so I'll give a stand-alone installation package a go. However, even if this works I'll regard it as nothing more a "fudge" until Kaspersky fix it....

 

Well, created a "stand-alone" installation package for .831 and installed that on one of the remote PCs today since I had to go there anyway. It seemed to install ok, except now KSC doesn't see it as being installed at all! It sees the net agent on that machine but not KES yet KES seems to be running on it ok...

 

Unless there is a simple fix for this I'm backing out the "stand-alone" install and remote installing the older version. At least that remote installs without all this crap with stalling at 53%.

 

Not impressed. This has been dragging for months now and no answers from Kaspersky....

Edited by george.h

Share this post


Link to post

Still plodding on with this problem.

 

Did another download of .831 and created yet another installation package AND stand alone install. Tried a remote install to the two machines at the end of the VPN - no change, still shows "Copying files 53%". It said that shortly after I started it on Friday evening, it still said it on Monday morning.

 

So, did an other stand-alone install using the newest stand alone install package I created. That seems to install fine, except KSC 9 still says neither machine has KES installed and neither will do an update.

 

:dash1:

Share this post


Link to post
Still plodding on with this problem.

 

Did another download of .831 and created yet another installation package AND stand alone install. Tried a remote install to the two machines at the end of the VPN - no change, still shows "Copying files 53%". It said that shortly after I started it on Friday evening, it still said it on Monday morning.

 

So, did an other stand-alone install using the newest stand alone install package I created. That seems to install fine, except KSC 9 still says neither machine has KES installed and neither will do an update.

 

:dash1:

Hi George.

 

I'm no expert on this program by any means, but I will make a suggestion that has worked for me in a few similar cases. Try running klnagchk.exe on one of the problem computers, this is found in the net agent folder in program files. Make sure that net agent is trying to connect to the proper server. One thing you might try to do is make sure your administration server address will resolve through DNS, and then use the DNS name as the address instead of an IP. If you've already thought of this, I am sorry that I can be of no further help, and I wish you the best of luck.

Share this post


Link to post
Hi George.

 

I'm no expert on this program by any means, but I will make a suggestion that has worked for me in a few similar cases. Try running klnagchk.exe on one of the problem computers, this is found in the net agent folder in program files. Make sure that net agent is trying to connect to the proper server. One thing you might try to do is make sure your administration server address will resolve through DNS, and then use the DNS name as the address instead of an IP. If you've already thought of this, I am sorry that I can be of no further help, and I wish you the best of luck.

 

Thanks for the suggestion. I'll give it try later today. Much appreciated.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.