Jump to content
Paul_R_Canada

KES 10 RDP Failure, RDP fails after loading KES 10 on SBS [Solved]

Recommended Posts

Hi all, very frustrated, loaded KES 10 on an SBS08 server, slowly disabled everything systematically, firewall, network blocker, turning off advanced features, opening RDP on firewall even thorugh it was off - you name it, but RDP simply fails to work until it's stripped off completely..

 

This was a security center push upgrade from KES 8

 

Ran the KES removal guiltily for all programs and reloaded KES 10 again - same results.

 

HELP!

 

Paul.

Share this post


Link to post
Hi all, very frustrated, loaded KES 10 on an SBS08 server, slowly disabled everything systematically, firewall, network blocker, turning off advanced features, opening RDP on firewall even thorugh it was off - you name it, but RDP simply fails to work until it's stripped off completely..

 

This was a security center push upgrade from KES 8

 

Ran the KES removal guiltily for all programs and reloaded KES 10 again - same results.

 

HELP!

 

Paul.

 

Hi all

 

I have the same problem too

 

I can ping the PCs but can't connect to them with File & Print sharing

 

any help ????

Share this post


Link to post

I see I'm not alone. For me this happens when connected by vpn to the SBS box - the vpn connects just fine but rdp fails. Once inside on the nternal network (if I connect by vpn direct to my router) RDP works fine. For some reason KES10, when vpn'd directly into the server blocks RDP.

Share this post


Link to post

What network did you define under policy >> anti-virus protection >> firewall >> networks? Do you have your local network defined there?

Share this post


Link to post

I have a similar problem but it only happens on one machine.

 

It's a fresh PC install, Endpoint 10 pushed from Security Center 10 and I can't RDP or ping that machine. I have added my network to trusted networks tab in firewall settings and also allowed everything in network packet rules with the same result.

 

The only thing that will allow me to ping that machine/rdp to it is if I turn off the firewall in the policy manager.

Share this post


Link to post
What network did you define under policy >> anti-virus protection >> firewall >> networks? Do you have your local network defined there?

 

Hi Keith, thanks for you input. We defined the local subnet in network, we tried the firewall on and off - problem remains with or without the definition in place.

Share this post


Link to post
I have a similar problem but it only happens on one machine.

 

It's a fresh PC install, Endpoint 10 pushed from Security Center 10 and I can't RDP or ping that machine. I have added my network to trusted networks tab in firewall settings and also allowed everything in network packet rules with the same result.

 

The only thing that will allow me to ping that machine/rdp to it is if I turn off the firewall in the policy manager.

 

For our situation the firewall turned off in policy makes no difference- still not working. we tried loading a non-managed package and defining it directly on the server as a test, with no better results: Hours of adding/removing/testing and rebooting in between to test all situations we could think of.

 

Kaspersky is injecting something into the TCP/IP stack that is causing a firewall/block, it allows VPN to connect but completely ignores/blocks RDP requests - I'm thinking something hidden at the registry level but.... it's a guess.

Share this post


Link to post
What network did you define under policy >> anti-virus protection >> firewall >> networks? Do you have your local network defined there?

192.168.100.0/24 ist defined as trusted network in the policy.

 

On the clients in options/firewall/networks there are two items:

- Internet / connected / public network

- 192.168.100.16/24 (LAN) / connected / trusted network (local IP of that client)

 

I also tried to uninstall KES10 and reinstalled KES10, same result.

Share this post


Link to post

Hi

 

Please, do the following thing:

 

On the machines with KES you can't get access to disable KES FW (or simply unload it), go to Windows Firewall settings and turn it off manually for all the network types. Then start KES again and check the accessibility of the machine now.

For each attempt please specify the target OS version.

Thank you.

Share this post


Link to post
Hi

 

Please, do the following thing:

 

On the machines with KES you can't get access to disable KES FW (or simply unload it), go to Windows Firewall settings and turn it off manually for all the network types. Then start KES again and check the accessibility of the machine now.

For each attempt please specify the target OS version.

Thank you.

I already unlocked the firewall settings in the policy, so I am able to access the firewall settings on the clients.

However, I disabled KES10-Firewall on my PC => Windows Security Center says Kaspersky Firewall is off, Windows Firewall is off. Now I can ping this machine. When Kaspersky Firewall is re-enabled ping fails.

Another try: Right-click on Kaspersky task icon, Exit/Close (I have german UI, so I don't know how this is labeled in english UI) => Windows Security Center says Kaspersky Firewall is in sleep mode (?), Windows Firewall is off. Same result: now I can ping this machine, when I restart Kaspersky ping fails again.

Share this post


Link to post
I already unlocked the firewall settings in the policy, so I am able to access the firewall settings on the clients.

However, I disabled KES10-Firewall on my PC => Windows Security Center says Kaspersky Firewall is off, Windows Firewall is off. Now I can ping this machine. When Kaspersky Firewall is re-enabled ping fails.

Another try: Right-click on Kaspersky task icon, Exit/Close (I have german UI, so I don't know how this is labeled in english UI) => Windows Security Center says Kaspersky Firewall is in sleep mode (?), Windows Firewall is off. Same result: now I can ping this machine, when I restart Kaspersky ping fails again.

 

And you have 192.168.100.16/24 defined as Trusted Network in policy ? And both who pings and "pingee" are in this very network ? What OS ?

Share this post


Link to post
And you have 192.168.100.16/24 defined as Trusted Network in policy ? And both who pings and "pingee" are in this very network ? What OS ?

KSC10 runs on Windows Server 2008 R2

KES10 clients run on Windows 7 x64 Professional

we still have some KES8 clients (Win 7 x64, Win 7 x86, XP x86, Server 2008 R2 x64)

 

All Clients and Servers are in the same network (192.168.100.xxx).

 

KES10 Clients can ping Server and KES8 Clients, but not other KES10 Clients.

 

192.167.100.0/24 is defined as trusted network in policy. I added 192.168.100.16/24 as trusted network, same result.

 

Instantly after disabling Kaspersky Firewall, pinging works fine.

Share this post


Link to post

Sorry, I just remembered:

We have another KES10-PC with Windows 7 x86. And we do not have any problems with that PC. Ping, RDP, RPC, everything works. Of course, this PC is in the same network and uses the same policy. Perhaps an x64 problem?

 

btw, sorry for double post. I'm using a different PC now and can't edit my last post.

Share this post


Link to post
Sorry, I just remembered:

We have another KES10-PC with Windows 7 x86. And we do not have any problems with that PC. Ping, RDP, RPC, everything works. Of course, this PC is in the same network and uses the same policy. Perhaps an x64 problem?

 

btw, sorry for double post. I'm using a different PC now and can't edit my last post.

 

Hi, thanks for your investigation. Let's dig a little bit more.

 

Go to the policy and temporarily create a new packet rule, allowing everything and all the protocols for all the sources and destinations. Check it and put it at the first position on the list. Wait for its arrival at the workstation and check the network functionality again, will you ?

Share this post


Link to post
Hi, thanks for your investigation. Let's dig a little bit more.

 

Go to the policy and temporarily create a new packet rule, allowing everything and all the protocols for all the sources and destinations. Check it and put it at the first position on the list. Wait for its arrival at the workstation and check the network functionality again, will you ?

Hi, thanks for the support.

 

I created a new policy, defined the local network as trusted network and created a new packet rule "ALLOW ALL". Also, I set all existing rules to "allowed". See attached screenshot 1_policy.jpg.

I set this new policy active and waited for the workstation. But still no ping. See attached screenshot 2_ping.jpg. First ping is with enabled KES10-firewall (and new policy active), second ping is with disabled KES10-firewall.

Screenshots are german, but I hope you see what happens.

post-458026-1363267760_thumb.jpg

post-458026-1363267769_thumb.jpg

Share this post


Link to post
Hi, thanks for the support.

 

I created a new policy, defined the local network as trusted network and created a new packet rule "ALLOW ALL". Also, I set all existing rules to "allowed". See attached screenshot 1_policy.jpg.

I set this new policy active and waited for the workstation. But still no ping. See attached screenshot 2_ping.jpg. First ping is with enabled KES10-firewall (and new policy active), second ping is with disabled KES10-firewall.

Screenshots are german, but I hope you see what happens.

 

 

Then please, turn on traces, restart KES8, ping it from another computer and/or try starting an RDP session and attach traces here. We also need HKLM\Software\Wow6432Node\KasperskyLab hive exported and attached as well. Thanks.

Share this post


Link to post

Bump! I thought I was going crazy. I added my Lan subnet to trusted networks which, as I read it, should allow any local network traffic. No dice. I lose all of my reporting on SBS2011, can't ping any machines, and no RDP even with the RDP rule active. Something is seriously wrong. This isn't my first firewall.

Edited by Lorne Guse

Share this post


Link to post

Same problem here. Turned off most of the options in the policies except file level scanning & firewall. Added local network as trusted. Can't vpn then rdp on to local trusted network. Avaya phone Manager is being corrupted even though added as an exception - reinstalled 3 times only turning off firewall will not corrupt it. Had lots of problems using the in built tools for uninstalling symantec and spent a lot of time manually uninstalling & fixing clients before pushing out kes 10. Had problems installing kes 10 to 64 bit clients. To top it all off I've tried to log on to the KSC and am getting "connection to Administration Server is lost" When you update/ change a policy & refresh it, it takes an age to update the 64 bit clients. Not happy kaspersky, we advise customers to change from symantec. mcafee & sophos and now are experiencing the problems that we wanted to move away from - on a pristine install. Please get this sorted as this client is seriously thinking of going back to symantec. I'm going to reinstall KSC - what troubleshooting tools do you want me to run?

 

 

Thanks

Share this post


Link to post

Ok, Now I can open KSC 10.0.3361 but get an "application management plug-in is missing or is not registered prperly" error. If I ok it I then get a completely blank Policy property gui. In short no control over servers, clients - any managed computers etc. The KSC 10.0.3361 is also installed on a 64 bit O/S - Windows Server 2008 R2. I've googled the error but there are only solutions for version 8.

l

Kaspersky Engineers, pease respond.

 

Thanks

Share this post


Link to post
Then please, turn on traces, restart KES8, ping it from another computer and/or try starting an RDP session and attach traces here. We also need HKLM\Software\Wow6432Node\KasperskyLab hive exported and attached as well. Thanks.

OK, I will try this next week. Sorry, no time today...

Just to be sure: I download trace_nagent-4.zip and trace_server-4.zip from http://support.kaspersky.com/9323, run them on host respectively server, ping the host from server and post the log files here, right?

Share this post


Link to post
OK, I will try this next week. Sorry, no time today...

Just to be sure: I download trace_nagent-4.zip and trace_server-4.zip from http://support.kaspersky.com/9323, run them on host respectively server, ping the host from server and post the log files here, right?

 

Not exactly these, but in the local GUI MainWindow->Support->Traces. Then restart KES, even better if you can restart OS.

 

Share this post


Link to post
I've run a trace with the firewall on

 

LAN = local subnet = trusted network

RDP = Allow

 

No ping, No RDP, SBS2011 does not see the workstations. Something is very wrong. Seeing as I'm evaluating this software for to purchase for a client I'm not feeling impressed.

 

Thanks for the try, but the service log turned out truncated (you can see it size - just 100 kb). Will you please collect it once again ?

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.