Jump to content
Chris68

KSC Mobile Device Management Configuration [Solved]

Recommended Posts

Hallo All,

 

New to the forum and new to Kasperski so please forgive if this has been discussed before.

 

I have installed A new KAS server and have deployed the clients to the internal windows machines and have not had any problems yet, however the mobile device management part does not seem to work as I understood in the manuals and other pre sales info, and support either does not understand or does not have time to deal with it.

 

The Mobile connect Exchange Part is set up on the Exchange server (2007) and active sync works without a problem.

On a internal wireless network the sync and install to the Android device works without a problem.

 

Now this is where the problem starts the android Smartphones will spend their lives connected only though Active sync to the Exchange server How do i get them to connect to the KAS server from external?

 

I have attempted a few firewall rules with no luck however my understanding is that all commmunication will be tunneled through the ActiveSync connection.

 

Thanks in advance

regards

Chris

Share this post


Link to post

Hello! Does your Administration Server has static external IP address? Have you opened the ports for mobile devices? This should be done in Administration Server properties.

Did your mobile devices get connected do your KSC at least once? I mean, do you see them in your Administartion Server's Managed Computer group? Or at least in Unassigned group?

Share this post


Link to post

Hello Ivan,

 

My KAS Administration server does not have a external static IP address I was attempting to connect to it through the firewall with a dnat rule.

 

The devices connect to the KAS Server internally without a problem and I do see them and can manage them in KAS when they are connected internally.

 

In the KAS Server the ports are open.

 

I did not find any mention of putting the KAS server directly on the external no firewall net in any of the docs From Kaspersky.

 

Thanks for the Response

Regards

Chris

Share this post


Link to post
Hello Ivan,

 

My KAS Administration server does not have a external static IP address I was attempting to connect to it through the firewall with a dnat rule.

 

The devices connect to the KAS Server internally without a problem and I do see them and can manage them in KAS when they are connected internally.

 

In the KAS Server the ports are open.

 

I did not find any mention of putting the KAS server directly on the external no firewall net in any of the docs From Kaspersky.

 

Thanks for the Response

Regards

Chris

 

Hello,

 

You need to configure your ports forwarding for mobile devices from your server on the firewall. We cannot provide any documentation regarding it as it depends on your devices and software used.

Share this post


Link to post

Hello Evgeny,

 

I realize that however all of my software Providers that require a external connection of some Kind give guidelines as to the setup of the port forwarding rules.

And in the documentation and Marketing information state the requirement.

 

However I could have found the reason that the DNAT rule was not allowing the device to connect in the setup of the MDM server I used the default server name in the install which created a certificate for the internal server name. This could possibly be why the device is not connecting using the external ip.

 

http://support.kaspersky.com/9793 shows this also a internal server name SC10-server.kav4isa.local reinstalling through the control panel did not bring me to the shown configuration menu it went through without any possibility of configuration.

Any ideas.

 

Thanks

Regards

Chris

Share this post


Link to post
Hello Evgeny,

 

I realize that however all of my software Providers that require a external connection of some Kind give guidelines as to the setup of the port forwarding rules.

And in the documentation and Marketing information state the requirement.

 

However I could have found the reason that the DNAT rule was not allowing the device to connect in the setup of the MDM server I used the default server name in the install which created a certificate for the internal server name. This could possibly be why the device is not connecting using the external ip.

 

http://support.kaspersky.com/9793 shows this also a internal server name SC10-server.kav4isa.local reinstalling through the control panel did not bring me to the shown configuration menu it went through without any possibility of configuration.

Any ideas.

 

Thanks

Regards

Chris

 

Hi Chris,

 

But is it possible to get it changed for you through the menu shown on the provided screenshot?

 

However, as I see it uses default port there that must be configured initially during setup.

Share this post


Link to post

Hello Evgeny,

 

no the reinstall of the mobile device support did not recreate the Certificate. Even deleting the Cert C:\ProgramData\KasperskyLab\adminkit\1093\cert\klsrvmob.cer just recreated the same one.

 

The ports are open internally it works fine however our mobiles are not configured to be connected to the internal network.

 

Thanks

Regards

Chris

Share this post


Link to post

Almost the same problem here.

 

To change the initial setup settings (Administration server address for mobile devices connection), you have to go Add/Remove Programs-> Kaspersky Security Center -> Modify. Uncheck Mobile device support during modify, finish it, to remove. Than again run Modify, check Mobile device support, it will ask server address. The first step also removes certificate, then creates a new one the second.

 

I also have internal server w/o external address using nat, forwarded 13000, 13291, 13292, 14000, 17000, 17100 ports (not necessary all, i think).

I can monitor with Wireshark, the connection to the server arrive [sYN]-[RST, ACK], but thats all. I don't know surely which address have to specify in the first step (I think the external), but i don't think if its a certificate problem, because they don't even make it to certificate exchange.

Do I need to open other ports?

Share this post


Link to post
Almost the same problem here.

 

To change the initial setup settings (Administration server address for mobile devices connection), you have to go Add/Remove Programs-> Kaspersky Security Center -> Modify. Uncheck Mobile device support during modify, finish it, to remove. Than again run Modify, check Mobile device support, it will ask server address. The first step also removes certificate, then creates a new one the second.

 

I also have internal server w/o external address using nat, forwarded 13000, 13291, 13292, 14000, 17000, 17100 ports (not necessary all, i think).

I can monitor with Wireshark, the connection to the server arrive [sYN]-[RST, ACK], but thats all. I don't know surely which address have to specify in the first step (I think the external), but i don't think if its a certificate problem, because they don't even make it to certificate exchange.

Do I need to open other ports?

Hello!

Please kindly submit an incident to your CompanyAccount for this issue and let us know its number.

Thank you!

Share this post


Link to post

Thank you.

One day after I can monitor more network activity, saw the certificate request. :blink:

I changed the 'Administration server address for mobile device connection' parameter to our external IP address, and @ the client also to the IP address, and now its working! So I just have to find out, how and why the dns name not working.

Share this post


Link to post
Thank you.

One day after I can monitor more network activity, saw the certificate request. :blink:

I changed the 'Administration server address for mobile device connection' parameter to our external IP address, and @ the client also to the IP address, and now its working! So I just have to find out, how and why the dns name not working.

Thank you for the info!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.