Jump to content
thewild

Reinstalling KSC on new server, no restore

Recommended Posts

Since I was asked to upgrade to fix my scan problem (i.e. all files scanned every time), I realized that my backup was corrupted.

I'm taking this as an opportunity to move KSC to my new server (long awaiting task).

I don't want to backup and restore, because I want to change the database to MySQL (previously MSSQL).

I installed everything on the new server, installed application packages, installed the plugins, and imported my key file. Everything is OK sa far.

I haven't found a way to export the tasks from my KSC 10.1.249. Apparently in the new KSC there is an "export task" option, but not in the old one. Have I missed something, or should I just recreate all the tasks ?

Appart from that, and before running my "change administration server" task, should I add all the computers to my "managed computers" group on the new server ? Or will the "change administration server" task handle that ?

Also, when asked fro the new administration server address in the "change administration server" task, I'd like to set this to a cname that I have setup for ksc (i.e. ksc.mydomain.com). For now it is pointing to the old server, and I would just have to change this record in my DNS to point to the new one. Is this the way to go ?

 

Thanks

Share this post


Link to post

Hi,

Цитата

Have I missed something, or should I just recreate all the tasks ?

Since it`s a new version of KSC the tasks should be created anew.

Цитата

should I add all the computers to my "managed computers" group on the new server ? 

All PC, which will be connected to new server will be places at "Unassined computers". You have to move them to corresponding groups manually or using relocation rules.

Цитата

. Is this the way to go ?

Since you are using domain name to specify the server, you have to change PTR. However, more relible way is to specify KSC IP(if static).

Share this post


Link to post
il y a 56 minutes, Nikolay Arinchev a dit :

Hi,

Since it`s a new version of KSC the tasks should be created anew.

All PC, which will be connected to new server will be places at "Unassined computers". You have to move them to corresponding groups manually or using relocation rules.

Since you are using domain name to specify the server, you have to change PTR. However, more relible way is to specify KSC IP(if static).

OK, seems to work on a test machine. I don't understand you point about PTR. PTR is pointing to the computer's FQDN, which is different from its alias.

 

I got a problem though : I deployed the latest KES 10 (because I was instructed to do so to get support for my iSwift problem), but the deployment task created a bunch of local files that I cannot remove. This did not happen with my previous KSC/KES combination, and to me the deployment package configuration looks exactly the same.

What is the solution to this ?

 

Share this post


Link to post
Цитата

, but the deployment task created a bunch of local files that I cannot remove.

Could you please be more specific?

What files you are talking about? Could you please provide us with directory listing or a screenshot?

Share this post


Link to post

Sorry, I meant it created local tasks. This did not happen before, only the tasks specified in the administration server where created on the workstations.

Share this post


Link to post
3 hours ago, thewild said:

Sorry, I meant it created local tasks. This did not happen before, only the tasks specified in the administration server where created on the workstations.

Hello,

please give us a screenshot for better understanding .

Thank you.

 

Share this post


Link to post

hCoFHDz.png

The three "manual" tasks were created automatically. I can't prevent them from being created, I can't remove them.

The translations are "vulnerability scan", "integrity check" and "custom scan"

There were three other "local" tasks that I managed to remove with a setup.ini file by setting :

[Tasks]
ScanMyComputer=0
ScanCritical=0
Updater=0

Very very bad workaround, IMHO. Having to use a ini file to prevent task creation, what a mess...

Anyway, I can't remove the remaining ones.

Even unchecking "allow management of local tasks" does not hide them.

Share this post


Link to post
4 hours ago, thewild said:

hCoFHDz.png

The three "manual" tasks were created automatically. I can't prevent them from being created, I can't remove them.

The translations are "vulnerability scan", "integrity check" and "custom scan"

There were three other "local" tasks that I managed to remove with a setup.ini file by setting :

[Tasks]
ScanMyComputer=0
ScanCritical=0
Updater=0

Very very bad workaround, IMHO. Having to use a ini file to prevent task creation, what a mess...

Anyway, I can't remove the remaining ones.

Even unchecking "allow management of local tasks" does not hide them.

it's by design.

do these default task interrupt infrastructure operability somehow ? 

Thank you.

 

Share this post


Link to post
Le 15/09/2017 à 18:26, Dmitry Eremeev a dit :

it's by design.

do these default task interrupt infrastructure operability somehow ? 

Thank you.

 

No, but the previous ones did (scan my computer, etc.). The settings.ini trick is a terrible solution.

I think these tasks should be removable by policy, don't you ?

Share this post


Link to post

If this is what you are referring to, I already unchecked "allow management of local tasks" in my policy, but they are still visible and still running.

Share this post


Link to post

How can I do that ?

I can confirm some settings are applied at least : the File Antivirus is configured as per my policy settings, and my group tasks are correctly configured on my workstation.

Share this post


Link to post

Local interface should state(right upper corner) that you are working under policy and local settings should be configured according to the policy.

Thank you!

Share this post


Link to post
il y a 53 minutes, Nikolay Arinchev a dit :

Local interface should state(right upper corner) that you are working under policy and local settings should be configured according to the policy.

Thank you!

I don't see any reference to running under policy on the local interface.

If I remove the device from the "managed devices" group, the group tasks disappear. If I readd it to the group, the tasks reappear.

Share this post


Link to post

Since local interface does not say that PC is under policy no changes are inherited from policy(see screenshot)

Also, please notice, that tasks are distributed to all versions of KES, while policies should be created to each KES version separately and plugins for all used versions should be installed.

Untitled.png

Share this post


Link to post

Yes, you were right Nikolay. I had not converted the policy from MR1 to SP2, and thought it was working because I saw the tasks.

It's OK now, thanks. The local tasks are now well hidden.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.