Jump to content
george.h

Problems managing endpoint since upgrading to KES 1-.2.4.674 (mr2) [In progress]

Recommended Posts

Ever since our endpoints did an automatic upgrade to KES 10.2.4.674 (mr2) managing them under KSC just hasn't worked properly. KSC version ss 10.2.434.

 

For instance some of the scheduled tasks no longer seem to run reliably, and if I browse to a PC in the management console, look at it's properties then tasks (where I'd normally manually trigger and update or virus scan) I keep getting prompted with "The application administration plugin is not installed. Do you want to......". I've downloaded the plugin (KSC10_KES10SP1) and tried installing it but it still doesn't work properly and if I go to another PC it gives me the same prompt again asking to install it

 

Any ideas?

Share this post


Link to post

I guess this is patch "D" which KSC and the network agents are missing? If so where can I find the information on installation of patch D please?

Share this post


Link to post
Ever since our endpoints did an automatic upgrade to KES 10.2.4.674 (mr2) managing them under KSC just hasn't worked properly. KSC version ss 10.2.434.

 

For instance some of the scheduled tasks no longer seem to run reliably, and if I browse to a PC in the management console, look at it's properties then tasks (where I'd normally manually trigger and update or virus scan) I keep getting prompted with "The application administration plugin is not installed. Do you want to......". I've downloaded the plugin (KSC10_KES10SP1) and tried installing it but it still doesn't work properly and if I go to another PC it gives me the same prompt again asking to install it

 

Any ideas?

You have to keep in mind that you need to create a different policy and tasks for KES10SP1mr2. It is not the same as the ones for KES10SP1mr1. It also requires a different plugin. You can find the plugins here - http://support.kaspersky.com/9333.

Share this post


Link to post
You have to keep in mind that you need to create a different policy and tasks for KES10SP1mr2. It is not the same as the ones for KES10SP1mr1. It also requires a different plugin. You can find the plugins here - http://support.kaspersky.com/9333.

 

Ok. So what you are saying is that now that the endpoints have auto-upgraded to KES 10.2.4.674 (mr2) I have to scrap the existing policies and tasks, create new ones, AND install the appropriate plug-in?

 

Is that correct?

 

Presumably this is in addition to installing the patch D version of KSC 10.2..434 (or installing the patch itself)?

Edited by george.h

Share this post


Link to post
Ok. So what you are saying is that with now the endpoints have auto-upgraded to KES 10.2.4.674 (mr2) I have to scrap the existing policies and tasks, create new ones, AND install the appropriate plug-in?

 

Is that correct?

You have to install the correct plugin first then create tasks and policy. If you are certain that all your clients upgraded to mr2 then you don't have any need for the mr1 policy and tasks.

Share this post


Link to post

I'm wondering how your clients could auto-upgrade to MR2, because I was under the impression that this is not possible. As far as I know you have to install the plugin, download the MR2 package to your KSC and set tasks to install MR2. At least that's how I did it, there was nothing 'automatic' about that whole process.

Share this post


Link to post

Hi,

 

Do you have ant pf installed on clients?

Have you changed settings in "download updates to repository" task?

 

BR

Share this post


Link to post
Hi,

 

Do you have ant pf installed on clients?

Have you changed settings in "download updates to repository" task?

 

BR

 

I'll have to check that. I did a complete re-install of KSC and all the endpoints back in December when I migrated all of the PCs across from our old internal domain and servers (SBS2003 and 2003 standard) across to our brand new Server 2012 virtual servers. As far as I can remember I left all the settings at default for everything bar the main endpoint policies and tasks.

 

Regards

George

 

Share this post


Link to post
Hi,

Please keep us updated.

 

Thank you!

 

Hi Nikolay,

 

Well I installed the MR2 plugin into KSC then installed the Administration Server Security Centre patch D. I then deployed the endpoint network agent patch D to all of the endpoints via KSC. I then created new policies and tasks for the endpoints using the MR2 specific tasks that the plugin provides. I took the opportunity of the UK Bank Holiday on Monday to do this.

 

So far everything seems to be working again in that endpoint Update and Virus Scan scheduled tasks now run at the correct times (every 12 hours at 11:00 and 12:00 respectively) using their correct settings, although the virus scan on the endpoints seems to take rather longer under MR2 than it did under MR1 using the same settings. I can also now browse to a computer under Managed Computers in KSC, open it's properties and manually trigger the Update and Virus Scan tasks again - presumably because MR2 compatible tasks now exist.

 

One other thing I've noticed is a difference in the behaviour of WOL.

 

The scheduled update task for our desktop machines is set to wake them up using WOL, but NOT shut them down again afterwards. In the past they have always remained on after the update was complete irrespective of whether they were on or off when WOL was sent and so have happily performed the midnight virus scan 1 hour after their 11pm update. Now if a machine is OFF when WOL is sent it appears to be shut down again afterwards even though I DO NOT have "shutdown after task is complete" ticked. Is this a change in behaviour? I've had to add WOL to the virus scan task as well to ensure the midnight scan is done (awaiting verification of this).

 

This new behaviour I quite like, if you can verify it has been changed, as I always had a problem with the "shutdown after task is complete" option. If I had that ticked as well as WOL then ALL machines would be be shutdown after the task is finished even if they were already powered on when WOL was sent. When I tested this in the past it resulted in users' PCs suddenly being shut down after their 11:00am update in the middle of users working! Not very useful.

 

I've also checked both the Administration Server Download Updates to Repository and the endpoint Update tasks and they are both set to the default Auto Detect Update List. I'm not sure then how my endpoints did an auto-upgrade to KES SP1 MR2 when others have not had this work - although I should say they also did an auto upgrade to KES SP1 MR1 when that came out. In fact if I do a standard install of KES via KSC "Install Application" to a new PC it gets KES, then a short while later is upgraded to MR1 (now MR2).

 

Regards

George

Edited by george.h

Share this post


Link to post

Hi,

 

If I understood you correctly you have a problem that computers are shut down right after scan is completed even if you didn't select this option, am i right?

If that so, please provide us task that you use.

 

BR

Share this post


Link to post
Hi,

 

If I understood you correctly you have a problem that computers are shut down right after scan is completed even if you didn't select this option, am i right?

If that so, please provide us task that you use.

 

BR

 

Hi,

 

Not quite. The behaviour I am seeing with KES MR2 and KLNA Patch D is as follows:

 

If a machine is already ON and a scheduled task runs which has "Activate computer before task is started via WOL" selected, but NOT "Turn off computer after task is complete", the task runs and the PC stays ON.

If a machine is OFF and a scheduled task runs which has the above WOL options selected, the PC switches on, runs the task then appears to shut down again.

 

Prior to MR2 and Patch D the behaviour was as follows:

 

If a machine is already on and a scheduled task runs which has "Activate computer before task is started via WOL" selected, but NOT "Turn off computer after task is complete", the task runs and the PC stays ON.

If a machine is OFF and a scheduled task runs which has the above WOL options selected, the PC switches on, runs the task and STAYS ON.

 

Having said that the "Turn off computer after task is completed" was not a great deal of use. The behaviour with this option selected IN ADDITION to WOL prior to MR2 and Patch 2, was that after the task is completed the PC would be shut down irrespective of whether it was on or off prior to being sent WOL. This would cause it to shut down while in use by the user.

 

Regards

George

Share this post


Link to post
Hi,

 

Not quite. The behaviour I am seeing with KES MR2 and KLNA Patch D is as follows:

 

If a machine is already ON and a scheduled task runs which has "Activate computer before task is started via WOL" selected, but NOT "Turn off computer after task is complete", the task runs and the PC stays ON.

If a machine is OFF and a scheduled task runs which has the above WOL options selected, the PC switches on, runs the task then appears to shut down again.

 

Prior to MR2 and Patch D the behaviour was as follows:

 

If a machine is already on and a scheduled task runs which has "Activate computer before task is started via WOL" selected, but NOT "Turn off computer after task is complete", the task runs and the PC stays ON.

If a machine is OFF and a scheduled task runs which has the above WOL options selected, the PC switches on, runs the task and STAYS ON.

 

Having said that the "Turn off computer after task is completed" was not a great deal of use. The behaviour with this option selected IN ADDITION to WOL prior to MR2 and Patch 2, was that after the task is completed the PC would be shut down irrespective of whether it was on or off prior to being sent WOL. This would cause it to shut down while in use by the user.

 

Regards

George

 

Forgot to mention, at the moment I am seeing this on the KES 10 SP1 MR2 Update task. I noticed it because two machines were shut down when I checked about 7pm last night. This morning they were still shut down but were both showing as having run the 11pm scheduled update task but DID NOT run the 12am Virus Scan task one hour later. The only way that could happen is if they had woken up, ran the update, then shut down again. They wouldn't have run the Virus Scan as that was not, at the time, configured to activate computers using WOL since in the past it hadn't been necessary.

 

I'm still very concerned about the very much extended virus scan times using the default settings with MR2. Machines which would typically complete a scan in 5-10 minutes (prior to MR2 and Patch D, again using the default settings) are taking anything from 40+ minutes to over an hour. One machine is still running after 2 hours!

Edited by george.h

Share this post


Link to post
Hi,

 

This behavior is expected in current version. You can create a suggestion request in the CompanyAccount to change this behavior.

 

BR

 

Hi Artem,

 

If this is the expected behaviour then I actually like it! It makes more sense to me for PCs to shutdown again if WOL has caused them to power up. I just could not get that to work before without it also shutting down PCs which were already on. We have some PCs which run spectrometers and prefer to be able to shut those down at the end of the day but still have them wake up for overnight updates and scans.

 

I'll do some more testing as I shut down four machines as a test last night and three woke up for the 11pm updates then shut down, then woke up again for the 12:00am (midnight) virus scan then shut back down again. The fourth remained powered up for some reason

 

Best regards

George

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.