Jump to content
george.h

KES 8 (.831) Deployment Problem

Recommended Posts

Thanks for the suggestion. I'll give it try later today. Much appreciated.

 

Gave it a try and both PCs reported everything was ok, communication with the admin server was ok and the address being used for the admin server is it's full domain name.

 

I have extracted the logs from one of the machines using the klactgui utility. I've attached the trace files (ZIPped as the forum doesn't allow CABs, odd when that is what klactgui produces) and would appreciate if anyone can make any sense of them......

 

Thanks

George

_klrbtagt.zip

_klriwrp.zip

_klssinstlib.zip

Edited by george.h

Share this post


Link to post

Tried asking the experts on the Watchguard Firebox forums and they have never seen this sort of problem over a VPN between two Firebox X Edge "e" before. All they can think of is a problem with Kaspersky.

 

Looks like this problem will run and run as I've seen neither anyone else find a solution or any further suggestions from Kaspersky (they've not even downloaded the logs I've provided).

 

Hmmmm....

Share this post


Link to post

I don't suppose any else who has had this issue has found anything?

 

Nobody from Kaspersky seems to be interested in looking at this or the logs I've uploaded.

Share this post


Link to post
Well, created a "stand-alone" installation package for .831 and installed that on one of the remote PCs today since I had to go there anyway. It seemed to install ok, except now KSC doesn't see it as being installed at all! It sees the net agent on that machine but not KES yet KES seems to be running on it ok...

 

Exactly my case, except it happens for local machines, no VPN connection. Standalone installs fine, but KSC won't see that KES is installed and policies are not applied.

 

Also as I have mentioned in another thread this is what I observe while "waiting for connection" maybe it will give some hint to someone?

I tried to run klnagchk.exe while "waiting for connection" and got - "Attempt to connect to the Network Agent...Error - Network Agent is not running"

Opened services.msc to check and "Kaspersky Lab Network Agent" seems to be running.. however I can not perform any tasks with it all options are greyed out.

I pressed F5 to refresh service list a few times and noticed that agent service is constantly switching between starting/running, looks like it is restarting with no end.

Share this post


Link to post

Maybe I need to sleep more, but I could not find the edit button for my previous post..

 

Anyway.. tried installing KES 8 with only shared folder:

Kaspersky Endpoint Security 8 for Windows (8.1.0.831): Installation completed successfully. Waiting for application initialization.

 

initialization of course never happens.

 

Tried to remove couple of problem clients from KSC and adding them again got error:

 

Failed to move the following computer into the administration group.

Possible reasons:

- The compiters are not included into Administration Server database.

- The Administration Server database contains several computers with matching network attributes.

 

How do I search for computer by network attributes for example IP? I can not find this computer by netbios name in my KSC, so it must be some other "attributes".

p.s. DNS is ok with these hostnames.

Share this post


Link to post

Have you checked that the installations are going through directly from the server nad not through Update Agents?

By default Update agents are automatically assigned, so if you've got machines in that group with Network Agent already installed, it could be trying to deploy via another machine.

That might explain why unticking network agent (leaving Microsoft Windows resources) works.

You can untick the option for auto assign under admin server - properties - settings.

 

 

Share this post


Link to post
Have you checked that the installations are going through directly from the server nad not through Update Agents?

By default Update agents are automatically assigned, so if you've got machines in that group with Network Agent already installed, it could be trying to deploy via another machine.

That might explain why unticking network agent (leaving Microsoft Windows resources) works.

You can untick the option for auto assign under admin server - properties - settings.

I have tried moving the machine to a new group and still got same result, update agents are not involved in the process.

Share this post


Link to post
I have tried moving the machine to a new group and still got same result, update agents are not involved in the process.

 

This is a different issue to mine as my issue is specifically when trying to deploy to client PCs at the far end of a VPN tunnel.

 

Might be worth creating a seperate thread for your issue.

 

Mine has now been raised officially with Wick Hill UK (the UK support agents).

George

Share this post


Link to post

@complexxl9 - I'm not really sure what your issue is now.

It sounds like you need to run a scan on unassigned computers to find machines in your network before you can add them.

 

@George.h - I would still look into automatically assigned update agents. If you're using default settings, then it's likely going to be using this method to transfer the package. You can also untick the option for Network agent in the task so that the packages are deployed via windows shares. (Generally windows shares transfer quicker than Network Agent)

Share this post


Link to post
@complexxl9 - I'm not really sure what your issue is now.

It sounds like you need to run a scan on unassigned computers to find machines in your network before you can add them.

 

@George.h - I would still look into automatically assigned update agents. If you're using default settings, then it's likely going to be using this method to transfer the package. You can also untick the option for Network agent in the task so that the packages are deployed via windows shares. (Generally windows shares transfer quicker than Network Agent)

 

Hi Chris,

 

Where would I need to look to find automatically assigned update agent? Every option/tick box I've seen for "update agent" when kicking off a remote package deployment I've ensured is cleared. I have also tried deploying with ONLY windows share selected - still the same problem. Get's as far as "Copying files - 53%" then nothing. No errors, no indications of what (if anything) it is doing, other than as far as it is concerned it is still copying files.

 

 

Share this post


Link to post

*** WORKING - FINALLY!!! ***

 

I've finally been able to get the two PCs at the far end of the VPN to do a remote install of KES 8.1.0.831. The deployment, including reboot, took about 20 mins per PC.

 

I changed nothing about the way KSC was trying to deploy the install package for KES .831. I used EXACTLY the same deployment package and process as for the PCs on the local LAN. They were deployed using the 9.2.69 Network Agent I'd been trying to deploy through before, except before I had ZERO success.

 

So, what DID I change to get this working?

 

1. The remote end of the VPN was upgraded from standard ADLS to FTTC (Fibre To The Cabinet) at 50Mbs Down/10 Mbs Up connection speed - though this on it's own made no difference to the problem.

 

2. Over Christmas our HQ end upgraded from a starndard speed ADSL line to a 1/10th share of the capacity on a leased 100Mbs Up AND Down Fibre connection. After this it all worked.

 

So, what conclusions can be drawn?

 

1. There was nothing wrong with the package I was trying to deploy.

2. There was nothing with wrong with the way I was trying to deploy it.

3. There was northing wrong with the configuration of the PCs at the remote end.

4. There was nothing wrong with my Kaspersky Admin server

 

5. There IS something *VERY* wrong with Kaspersky's ability to remotely deploy (via VPNs) over standard speed ADSL links. It is RUBBISH, well and truly BROKEN. Prior to this upgrade the remote PCs could sit there for 5 days trying to deploy .831 and get no further than 53% with no indication of an error - and never completing. After, 20 mins.

 

So, if you want to deploy and manage KES 8 remotely, make damned sure you have very fast links to your remote sites - otherwise buy something else as Kaspersky sucks! Worse they don't seem in the least bit interested in taking the problem seriously, let alone fixing it.

 

I even raised this as a support issue in the UK via Wick Hill - they never came back with any answers. Support is trully appalling!

 

:angry: :angry: :angry:

Edited by george.h

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.