Jump to content
george.h

KES10 Shutting Down Already ON Systems [2001969]

Recommended Posts

At some point during the many patches and updates for KES/KSC/KLNA that get deployed automatically, I found that one VERY useful feature seemed to start working properly as follows:

 

I could schedule Update and Virus scan tasks for any time I wished and enable both "Activate computer by WOL" and "Turn off computer after task is completed".

 

For a while it worked perfectly. At night (I have an Update task scheduled at 23:00 and a full Virus Scan for 00:05) any machine switched OFF (most) would power on, run the task, then shut down again. Machines already ON when the scheduled time came around, would STAY ON after completion, which is how it should work according to the explanation I received from Kaspersky (on here) some while ago.

 

This is very very useful, as I also have an Update scheduled for 11:00, during the day. I used to also have a virus scan but that suddenly started to take HOURS and cripple performance, so I disabled it. Again any machine switched OFF (few) would power up, do the task then shut down again. Machines already ON, which is ALMOST ALL, would run the task and then STAY ON!

 

One additional useful behaviour I noticed (not sure if it is by design), is that machines at the far end of a VPN tunnel, which ordinarily don't respond to WOL, DO when issued by Kaspersky providing at least ONE KSC managed PC at the far of end of the tunnel IS switched on. It is almost as if it proxies the WOL through it.

 

I'm not sure when, but a couple of months ago I noticed a lot of machines were staying on over night which hadn't before - in fact ALL of them. When I eventually got round to investigating I found the "Turn off computer after task is completed" had been disabled. So I re-enabled it, and all hell broke loose.

 

For some reason it has reverted to the old behaviour from quite a while ago - it turns off EVRYTHING, not matter what it's initial power state. So when then 11:00am virus update task competed during the working day, EVERYONES PC just shutdown on them!

 

It is also a major pain for the machines at the far end of the VPN tunnel. I would normally ensure at least ONE is powered up so that the rest can be powered up via WOL (how that worked I don't know but it did and was bloody useful!). Now they ALL get shut down and, with nothing to proxy through, can't be powered back up via WOL.

 

KSC is 10.2.434 with patches b, c, d and e

KLNA is 10.2.434 on all machines with a minimum of patches b and e (some also have c or d or both, not sure why).

Endpoints are KES 10.2.4.674 MR2. Not all machines show as MR2 in KSC but they are. Generally any that have had it installed from a package with MR2 built in don't show it - not a very bright idea that one!

Enpoints are Windows 7 Pro SP1 (all but 2 are 64-bit) plus all outstanding updates.

 

So what has happened to stop this very useful feature from working?

 

It is very useful as some of our machines power USB equipment which users would rather not have left powered on over weekends and holidays (such as USB spectrometers)., but which should still get updates. Those same users can keep irregular hours (including holidays) and the machines need to be up to date, protection wise.

 

Any suggestions?

Edited by george.h

Share this post


Link to post

Hi,

 

Please make sure that UDP 15000 port is listened by hosts.

Could you please check this behavior with the KSC and NA 10.3.407 version and KES 10.2.5.3201 version?

 

BR

Share this post


Link to post
Hi,

 

Please make sure that UDP 15000 port is listened by hosts.

Could you please check this behavior with the KSC and NA 10.3.407 version and KES 10.2.5.3201 version?

 

BR

 

Thanks for the suggestion Artem, I'll check UDP15000. I'll also look at moving up to KSC/NA 10.3.407 and KES 10.2.5.3201. Any downsides to upgrading the version of KES? Such as having to recreate all the tasks (again) as I had to for 674 MR2? I'd rather know about that beforehand rather than suddenly find none of the tasks work as I did the first time around.

 

Some explanation of how this mechanism is supposed to work would help in figuring out why it may not be working, rather than just "try this", "try that", "try the other". After all it WAS working.

 

Regards

George

Edited by george.h

Share this post


Link to post
Hi,

 

Please make sure that UDP 15000 port is listened by hosts.

Could you please check this behavior with the KSC and NA 10.3.407 version and KES 10.2.5.3201 version?

 

BR

 

Hi Artem,

 

I've checked UDP 15000 and all endpoints are listening on that. No surprise there, since they all show up in KSC and can (generally speaking) be managed from it.

 

As I said in my previous reply, an explanation of how the Wake Up/Shutdown mechanism is supposed to work would be appreciated.

 

Also, do KSC/NA 10.3.407 and KES 10.2.5.3201 address the issue (on some machines) of WebAV spontaneously and randomly malfunctioning and blocking all web browsing until KES is stopped, then restarted.

Edited by george.h

Share this post


Link to post

All tasks and policies are the same as for MR2 version, so there is no need to create them again.

It is very important to use the latest versions of any programs, because many bugs and vulnerabilities are fixed comparing with the old one.

That's why we recommend you to upgrade your products first.

 

BR

Share this post


Link to post
All tasks and policies are the same as for MR2 version, so there is no need to create them again.

It is very important to use the latest versions of any programs, because many bugs and vulnerabilities are fixed comparing with the old one.

That's why we recommend you to upgrade your products first.

 

BR

 

Thanks for the info Artem about policies and tasks for latest versions.

 

I appreciate that it is "best" to keep up to date. However, long experience has also shown that upgrading from existing stable versions, for the sake of "keep up with version numbers", all to often breaks things. Sometimes catastrophically so.

 

I will be upgrading but, with the Christmas holiday period approaching I'm going to be cautious to ensure I'm not introducing a truck of problems just before I start my holidays.

Edited by george.h

Share this post


Link to post
All tasks and policies are the same as for MR2 version, so there is no need to create them again.

It is very important to use the latest versions of any programs, because many bugs and vulnerabilities are fixed comparing with the old one.

That's why we recommend you to upgrade your products first.

 

BR

 

Hi Artem,

 

Just a quick update. Ive downloaded the full (1.2GB) install package for KSC 10.3.407 and upgraded the admin server (which is the same Hyper-V VM as our primary 2012r2 file server). I've also installed KES 10.2.5.3201 (with KLNA 10.3.407) on both it and the Hyper-V VM runnig our DC.

 

Over the next day or so I'll roll-out KES 10.2.5.3201 (with KLNA 10.3.407) across the endpoints, verify they all working correctly, and that the policies and tasks have been converted correctly and are also ok.

 

I'll then be able to retest "Shutdown after task completes" with machines already OFF (to check if they power on, run the tasks and shut down again), and some machines already ON (to check if they run the tasks and then STAY ON).

 

 

Share this post


Link to post
Good, we'll wait for information from you.

 

BR

 

I haven't even begun to rollout KES 10.2.5.3201 to the user endpoints. So far my impression - wish I hadn't bothered. Nothing but problems.

 

1. Non-MR2 policies (for machines PRIOR to MR2) were converted and applied to all machines, INCLUDING MR2 (should not have been)

2. MR2 specific policies, which I'd created BECAUSE I had to for MR2, were NOT converted and disabled

3. Non-MR2 tasks, which only applied to any machines with KES PRIOR to MR2, were converted and applied to ALL machines, INCLUDING MR2 (should not have been)

4. MR specific tasks, which I'd created BECAUSE the other tasks DIDN'T WORK with MR2, were not converted BUT STILL APPLIED! Sort of!

5. All the tasks are now not working properly

6. Kaspersky has now initiated a shut down of the domain controller TWICE! It could only have got that from the older (non-MR2) tasks which SHOULD NEVER HAVE BEEN APPLIED. Even then, after I'd deleted all of the non-MR2 tasks and re-applied the MR2 ones - which DID NOT INCLUDE A SHUTDOWN after completing a task - it STILL SHUTDOWN!!!!

 

What a mess! I'd much rather you'd just fixed the damned problems in the older versions of KES, KSC and KLNA.

 

I've now deleted ALL of the tasks and am having to waste an awful lot of time creating NEW tasks, which you specifically said I would not have to.

 

Also you have still not provided ANY information on how the Power ON/Shutdown mechanism is supposed to work, which I specifically requested.

Edited by george.h

Share this post


Link to post
I haven't even begun to rollout KES 10.2.5.3201 to the user endpoints. So far my impression - wish I hadn't bothered. Nothing but problems.

 

1. Non-MR2 policies (for machines PRIOR to MR2) were converted and applied to all machines, INCLUDING MR2 (should not have been)

2. MR2 specific policies, which I'd created BECAUSE I had to for MR2, were NOT converted and disabled

3. Non-MR2 tasks, which only applied to any machines with KES PRIOR to MR2, were converted and applied to ALL machines, INCLUDING MR2 (should not have been)

4. MR specific tasks, which I'd created BECAUSE the other tasks DIDN'T WORK with MR2, were not converted BUT STILL APPLIED! Sort of!

5. All the tasks are now not working properly

6. Kaspersky has now initiated a shut down of the domain controller TWICE! It could only have got that from the older (non-MR2) tasks which SHOULD NEVER HAVE BEEN APPLIED. Even then, after I'd deleted all of the non-MR2 tasks and re-applied the MR2 ones - which DID NOT INCLUDE A SHUTDOWN after completing a task - it STILL SHUTDOWN!!!!

 

What a mess! I'd much rather you'd just fixed the damned problems in the older versions of KES, KSC and KLNA.

 

I've now deleted ALL of the tasks and am having to waste an awful lot of time creating NEW tasks, which you specifically said I would not have to.

 

Also you have still not provided ANY information on how the Power ON/Shutdown mechanism is supposed to work, which I specifically requested.

 

Hello!

 

Please check, what exactly policies for which version were used.

 

About your question:

 

1. Turn on is applied via WOL, exactlier magic packet.

 

2. Shut down - the machine with KES receives the command shutdown -f

 

Thanks!

Share this post


Link to post
Hello!

 

Please check, what exactly policies for which version were used.

 

About your question:

 

1. Turn on is applied via WOL, exactlier magic packet.

 

2. Shut down - the machine with KES receives the command shutdown -f

 

Thanks!

 

Well first of all why did it convert non-MR2 policies in the first place and apply them to MR2 machines? This is in addition to DISABLING the existing MR2 specific policy! It should NOT have done that.

 

It also should NOT have applied BOTH non-MR2 AND MR2 specific tasks to MR2 machines - but it DID. And they still don't seem to work! All the desktop machines started a virus scan at 10:30am'ish when the only scheduled scan is not until 00:15 TOMORROW!

 

Worst of all, KSC keep crashing - OFTEN! I go to start an installation task, modify the list of computers and "(Not Responding)", followed a little while later by "Lost connection to Administration Server".

 

So far - utter garbage!#

 

Sorry but I need MUCH more information on precisely HOW Kaspersky does the wake-up/shutdown? How does it determine if a machine SHOULD be shutdown (i.e. if it was ALREADY ON!). Why did it used to work with machines at the far end of a VPN if ONE KSC managed PC is on, even though standard WOL utilities can't? Except now that either doesn't work or only works sometimes.

Edited by george.h

Share this post


Link to post
Well first of all why did it convert non-MR2 policies in the first place and apply them to MR2 machines? This is in addition to DISABLING the existing MR2 specific policy! It should NOT have done that.

 

It also should NOT have applied BOTH non-MR2 AND MR2 specific tasks to MR2 machines - but it DID. And they still don't seem to work! All the desktop machines started a virus scan at 10:30am'ish when the only scheduled scan is not until 00:15 TOMORROW!

 

Worst of all, KSC keep crashing - OFTEN! I go to start an installation task, modify the list of computers and "(Not Responding)", followed a little while later by "Lost connection to Administration Server".

 

So far - utter garbage!#

 

Sorry but I need MUCH more information on precisely HOW Kaspersky does the wake-up/shutdown? How does it determine if a machine SHOULD be shutdown (i.e. if it was ALREADY ON!). Why did it used to work with machines at the far end of a VPN if ONE KSC managed PC is on, even though standard WOL utilities can't? Except now that either doesn't work or only works sometimes.

 

Please collect the traces on the problematic machines, so we could investigate this problem.

 

We will check the information about the mechanism of automatic shutdown.

 

Thanks!

Share this post


Link to post
Please collect the traces on the problematic machines, so we could investigate this problem.

 

We will check the information about the mechanism of automatic shutdown.

 

Thanks!

 

How about providing some answers to my questions, followed by instructions on ripping out 10.3.407 and reverting back to the previous version 10.2.434? That was at least stable. This one is anything but.

 

I can't seem to be able to do the simplest thing, like stop an installation tasks that has hung, or delete an old task, without it crashing.

 

UPDATE: Stopping and starting the Kaspersky Lab Administration Server service APPEARS to have improved it stability. At least it seems to be able to do more than one task at once without crashing!

 

So far I am NOT impressed - and I still require answers to my questions BEFORE I'm wasting time gathering umpteen traces. YOU should know why your software would convert non-MR2 tasks and policies and apply them WRONGLY to MR2 machines.

Edited by george.h

Share this post


Link to post
How about providing some answers to my questions, followed by instructions on ripping out 10.3.407 and reverting back to the previous version 10.2.434? That was at least stable. This one is anything but.

 

I can't seem to be able to do the simplest thing, like stop an installation tasks that has hung, or delete an old task, without it crashing.

 

Basing on your description, the installation of the update went wrong.

 

Do you havе a possibility to reinstall KSC?

 

I mean, you create a backup, than uninstall KSC and install it again in a clean way and than restore the policies and setting from the backup.

 

Thanks!

Share this post


Link to post
Basing on your description, the installation of the update went wrong.

 

Do you havе a possibility to reinstall KSC?

 

I mean, you create a backup, than uninstall KSC and install it again in a clean way and than restore the policies and setting from the backup.

 

Thanks!

 

I'd appreciate some answers first. If I HAVE to go down the route of re-installing KSC, it WILL be 10.2.434 and I'll not be touching 10.3.407 ever again.

 

YOU know the internals of your software - YOU work out why it could have made a complete pigs ear of the tasks and policies and provide some answers.

 

Also, the endpoints which HAVE been upgraded to KES 10.2.5.3201 (mr3 - for some reason a couple show mr2.mr3 why?) they still use way too much CPU resources.

Edited by george.h

Share this post


Link to post
I'd appreciate some answers first. If I HAVE to go down the route of re-installing KSC, it WILL be 10.2.434 and I'll not be touching 10.3.407 ever again.

 

YOU know the internals of your software - YOU work out why it could have made a complete pigs ear of the tasks and policies and provide some answers.

 

Also, the endpoints which HAVE been upgraded to KES 10.2.5.3201 (mr3 - for some reason a couple show mr2.mr3 why?) they still use way too much CPU resources.

 

As I have already said, the migration from 10.2.434 to 10.3.407 could have gone wrong, I mean, that either the installation itself had a mistake or the procedure of migration could have had some mistakes.

 

Thanks!

Share this post


Link to post
As I have already said, the migration from 10.2.434 to 10.3.407 could have gone wrong, I mean, that either the installation itself had a mistake or the procedure of migration could have had some mistakes.

 

Thanks!

 

I think your product has already screwed up more than enough today for me to give it a second chance to screw up even more by re-installing it. It did screw up and you (Kaspersky Labs) need to go back to the installer and it's scripts to figure out WHY. Under what circumstances could it happen and NOT report a SINGLE error during installation and migration.

 

Besides the initial big problem - KSC crashing frequently - appears to have stabilised since restarting the Administration Server service (which you didn't even suggest). Since I deleted all of the screwed up tasks and policies BEFORE I restarted the service, my best option is to see if it has now CORRECTLY applied the new policies and tasks. It will give some indication of how many of the problems have been caused by the screwed up policies/tasks.

 

I wonder how much of KSC's instability was also caused by the same screw up, and if restarting it after they were deleted has helped "clear out the garbage"?

 

All of this is still just to get to a position where I can re-test the original issue - endpoints which are already on being shutdown when using using the "Shutdown after task completes" option. I still would appreciate a proper answer on how that mechanism is supposed to work as I very much doubt it is a simple as "send WOL, send shutdown command".

 

After all I was told (on here by Kaspersky Labs) that is should only shut down an endpoint if that was already powered up when the WOL for the task was sent. Or have I been given completely incorrect information - which would make it a pretty useless feature?

 

 

Share this post


Link to post
I think your product has already screwed up more than enough today for me to give it a second chance to screw up even more by re-installing it. It did screw up and you (Kaspersky Labs) need to go back to the installer and it's scripts to figure out WHY. Under what circumstances could it happen and NOT report a SINGLE error during installation and migration.

 

Besides the initial big problem - KSC crashing frequently - appears to have stabilised since restarting the Administration Server service (which you didn't even suggest). Since I deleted all of the screwed up tasks and policies BEFORE I restarted the service, my best option is to see if it has now CORRECTLY applied the new policies and tasks. It will give some indication of how many of the problems have been caused by the screwed up policies/tasks.

 

I wonder how much of KSC's instability was also caused by the same screw up, and if restarting it after they were deleted has helped "clear out the garbage"?

 

All of this is still just to get to a position where I can re-test the original issue - endpoints which are already on being shutdown when using using the "Shutdown after task completes" option. I still would appreciate a proper answer on how that mechanism is supposed to work as I very much doubt it is a simple as "send WOL, send shutdown command".

 

After all I was told (on here by Kaspersky Labs) that is should only shut down an endpoint if that was already powered up when the WOL for the task was sent. Or have I been given completely incorrect information - which would make it a pretty useless feature?

 

In case, that these 2 features do not work properly, we need the traces from KES and KSC while reproducing the problem.

 

I mean hereby, that the traces must be enabled in advance and after that the problem should be reproduced.

 

Thanks!

 

 

Share this post


Link to post
In case, that these 2 features do not work properly, we need the traces from KES and KSC while reproducing the problem.

 

I mean hereby, that the traces must be enabled in advance and after that the problem should be reproduced.

 

Thanks!

 

Hi Ivan,

 

After an initial several hours of infuriating frustration and pulling out of hair (not that I had much!) things appear to have stabilised considerably. All the endpoints have now had KLNA 10.3.407 and KES 10.2.5.3201 deployed to them. From my experience I would make the following observations:

 

1. Many of the initial problems seem to be due to the way the upgrade to KSC dealt with the existing policies and tasks. It basically screwed them and applied them to the wrong machines wreaking no end of havoc. That really should be looked at. However, so long as the current apparent stability of my PC estate continues, there is no way I'm volunteering to re-install KSC to find out what happened or why.

2. Anyone else finding the same issues - policies and tasks for older KES versions being "converted" then applied to the wrong machines, the correct ones being disabled or no working properly - might find deleting ALL policies and tasks, then restarting the Kaspersky Labs Administration Server service, followed by the endpoints, may help. Only then create new tasks and policies and apply them.

3. Don't try and do ANYTHING on the admin server during a virus scan task on the server itself.

4. When deploying over lower-speed connections, particularly WiFi to laptops or remote VPNs, do them one endpoint at a time. KSC has a tendency to become unresponsive if the communication isn't very very reliable. It also tends to hang if you try to run other tasks at the same time as an install to a lower-speed connection endpoint.

5. If/(when) KSC becomes unresponsive for more than 30-60 seconds ("Not Responding" in the title bar), restart the Kaspersky Labs Administration Server service. That seems to be the quickest way to get it back.

 

For the moment I'm just going to see if the overnight updates and virus scans work ok, including waking up 12 local endpoints.

 

There also seem to be some issues with version reporting - a number of endpoints report MR2,MR3?

 

I also still need that explanation on exactly HOW the "wake up/shutdown" mechanism is supposed to work as regards machines already powered on.

 

Share this post


Link to post

Hi,

 

As Ivan Ponomarev stated above, turn on is applied via WOL, exactlier magic packet and to shut down - the machine with KES receives the command shutdown -f.

 

To figure out what is going wrong please collect admin server+admin server networkagent traces, KES+network agent traces from local host while the issue reoccurs.

 

Thank you!

Share this post


Link to post
Hi,

 

As Ivan Ponomarev stated above, turn on is applied via WOL, exactlier magic packet and to shut down - the machine with KES receives the command shutdown -f.

 

To figure out what is going wrong please collect admin server+admin server networkagent traces, KES+network agent traces from local host while the issue reoccurs.

 

Thank you!

 

Well so far upgrading has actually made this WORSE! Two groups of machines are configured so far JUST to use WOL, NO SHUTDOWN. Last night Kaspersky SHUT THE WHOLE LOT DOWN! Every single machine in a group with tasks configured to use WOL were shutdown. One group (12 machines) were all off. The other group (4 machines at the far end of a VPN) were all ON.

 

The problem behaviour so far has been that while WOL will power on machines they stay on - which is as expected. If you set the "Shutdown after task complete" option, it shuts them down irrespective of whether they were already on or not.

 

NOT ANY MORE!

 

Now even just being configured to wake up via WOL, they ALL get shut down. This makes the WOL facility UTTERLY USELESS!

 

At the moment I have no traces because at this stage I wasn't expecting problems - NONE of the tasks has the "shutdown after task completes" set!

 

You are also going to have to open a ticket for me as that is the only route to upload traces - my experiences with trying to get anything meaningful in the way of support via Wick Hill in the past have shown them to be a complete waste of time.

 

In the mean time here are some screen shots - that at least will give you something to go on.

 

Congratulations! Far from potentially fixing the original problem, your recommendation of upgrading to the latest version has not only FAILED to fix the problem, it has actually introduced a WORSE PROBLEM!

 

At the moment I've a hairsbreadth away from saying "instead of sending you traces, how about you send me a refund for the remaining 8 months of our licenses and I'll go and buy someone else's product that WORKS!"

post-376085-1481706017_thumb.jpg

Edited by george.h

Share this post


Link to post

And final two.

 

For the moment I have no option but to COMPLETELY disable WOL in ALL tasks.

post-376085-1481706312_thumb.jpg

post-376085-1481706316_thumb.jpg

Edited by george.h

Share this post


Link to post

For completeness (in the absence of traces) here is a screen shot from the event log of one of the 4 machines at the far end of the VPN which were ALREADY ON. Again - shutdown by Kaspersky when no shutdown was set - ONLY WOL.

 

post-376085-1481707151_thumb.jpg

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.