peterecju

Clients update [Solved]

21 posts in this topic

Dear Sirs,

 

I found a problem with updates download for clients. Instead of downloading updates from KSC as it's specified in local mode, clients are going directly to public internet based on mobile mode.

Maybe the problem is on KSC server itself. If I check connections with netstat -a, the most of connections on port TCP 13000 are in TIME_WAIT state.

Windows firewall is turned off.

I already changed MaxUserPort and TcpNumConnections in system registry.

 

OS: Windows 2012 R2 Server

KSC: 10.3.407

 

Could you please advise, what could be the problem?

Share this post


Link to post
Share on other sites
Dear Sirs,

 

I found a problem with updates download for clients. Instead of downloading updates from KSC as it's specified in local mode, clients are going directly to public internet based on mobile mode.

Maybe the problem is on KSC server itself. If I check connections with netstat -a, the most of connections on port TCP 13000 are in TIME_WAIT state.

Windows firewall is turned off.

I already changed MaxUserPort and TcpNumConnections in system registry.

 

OS: Windows 2012 R2 Server

KSC: 10.3.407

 

Could you please advise, what could be the problem?

 

Hello.

 

Please specify what versions of products you use on managed servers.

For troubleshooting connection to KSC, there is a dedicated utility klnagchk (in the Network Agent folder). Please run it (Admin privileges required) and let us know the output.

 

Thank you.

Share this post


Link to post
Share on other sites

Hello,

 

Output from klnagchk.exe looks OK. I made a test on one PC.

Reports on client itself also shows that Endpoint was updated from KSC, but in the same time I see also downloading of updater.xml.klz file and dif files from public Kaspersky server.

post-534654-1490011293.png

Share this post


Link to post
Share on other sites
Hello,

 

Output from klnagchk.exe looks OK. I made a test on one PC.

Reports on client itself also shows that Endpoint was updated from KSC, but in the same time I see also downloading of updater.xml.klz file and dif files from public Kaspersky server.

 

Please specify product versions as suggested (KES, KSWS).

Please check group update task settings: disable KL servers in update servers if necessary.

 

Thank you.

Share this post


Link to post
Share on other sites

KES: 10.2.2.10535

 

I will try to disable KL server also for mobile mode.

Share this post


Link to post
Share on other sites

I checked another computer which made an attempt to download updes from KL server instead of KSC.

You can see log in attached file.

 

I checked Reports on that machine and no update task was running during that time period. Also all logged Updates are from KSC. All times.

For updates I use my own Regular update (converted) task. Only KSC is allowd now.

Default update task is scheduled Manually.

 

Looks like another process is running updates on PCs. My planned task are download from KSC, and some others from KL?

Upload.txt

Share this post


Link to post
Share on other sites
I checked another computer which made an attempt to download updes from KL server instead of KSC.

You can see log in attached file.

 

I checked Reports on that machine and no update task was running during that time period. Also all logged Updates are from KSC. All times.

For updates I use my own Regular update (converted) task. Only KSC is allowd now.

Default update task is scheduled Manually.

 

Looks like another process is running updates on PCs. My planned task are download from KSC, and some others from KL?

 

There is an option in Advanced policy settings called "Allow local tasks to be displayed and managed". If that is enabled, it will be possible to run both the group update task and the local one alongside each other, and they might have different settings. Please check if you are able to access the local update task settings on a KES host and modify them.

 

Thank you.

Share this post


Link to post
Share on other sites
I have cleared this option.

 

To avoid misunderstanding. This option was already disabled.

Share this post


Link to post
Share on other sites
To avoid misunderstanding. This option was already disabled.

 

Are you able to check which process tries to communicate with the servers?

Please specify if you are using KSN, and if KSC server is used as a KSN proxy.

 

Thank you.

Share this post


Link to post
Share on other sites
Are you able to check which process tries to communicate with the servers?

Please specify if you are using KSN, and if KSC server is used as a KSN proxy.

 

Thank you.

 

Process check is a little bit difficult during user work.

I use KSN and KSC is used as a KSN proxy.

Share this post


Link to post
Share on other sites
Process check is a little bit difficult during user work.

I use KSN and KSC is used as a KSN proxy.

 

Then, do the connections happen constantly or do they follow a certain schedule (that corresponds with that of one of the update tasks probably)? This could help localize the issue.

 

Thank you.

Share this post


Link to post
Share on other sites
Then, do the connections happen constantly or do they follow a certain schedule (that corresponds with that of one of the update tasks probably)? This could help localize the issue.

 

Thank you.

If I run my Regular update task manually, I don't see any attempts on proxy server.

It must be a different update task running on its own scheduling.

Share this post


Link to post
Share on other sites
If I run my Regular update task manually, I don't see any attempts on proxy server.

It must be a different update task running on its own scheduling.

 

You can check if other tasks apply to this host in its properties in the Console, Tasks section.

 

Thank you.

Share this post


Link to post
Share on other sites
You can check if other tasks apply to this host in its properties in the Console, Tasks section.

 

Thank you.

Unfortunately I see only my Regular update task and default Update.

Share this post


Link to post
Share on other sites

Actual status.

At 7:58 I can see attempts from monitored PC to public KL server.

At 8:00 Regular update task has started - Event list.

post-534654-1490080147.png

Share this post


Link to post
Share on other sites
Actual status.

At 7:58 I can see attempts from monitored PC to public KL server.

At 8:00 Regular update task has started - Event list.

 

To investigate this issue, KES traces + Wireshark logs are required during these connection attempts.

However, you are using version 10.2.2.10535, which currently has limited support. In order to escalate this issue, please upgrade to the latest version (10.2.5.3201), possibly on one or several hosts to see if this issue persists, and collect the mentioned data if necessary.

 

Thank you.

Share this post


Link to post
Share on other sites
To investigate this issue, KES traces + Wireshark logs are required during these connection attempts.

However, you are using version 10.2.2.10535, which currently has limited support. In order to escalate this issue, please upgrade to the latest version (10.2.5.3201), possibly on one or several hosts to see if this issue persists, and collect the mentioned data if necessary.

 

Thank you.

 

I made upgrade to verzion 10.2.5.3201 on test PC. Looks, it solved problem.

I suggest to wait untill tomorrow morning for the final confirmation.

Share this post


Link to post
Share on other sites
I made upgrade to verzion 10.2.5.3201 on test PC. Looks, it solved problem.

I suggest to wait untill tomorrow morning for the final confirmation.

 

Please let us know the results afterwards.

 

Thank you!

Share this post


Link to post
Share on other sites
Please let us know the results afterwards.

 

Thank you!

 

After whole day of monitoring it looks like the upgrade to the newest version solved problem.

You can close ticket.

Share this post


Link to post
Share on other sites

Hi,

 

Thank you for that info!

Please evaluate support help by using "Rating" option!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now