Jump to content
guitardood

klsrvswch utility give error 0x534 (No mapping between account names and security ID's was done.)

Recommended Posts

Hello,

I have a Windows 2012 R2 Server.  It was initially configured as an AD domain controller.  We then installed Kaspersky Security Center 10 and all was running great.

We've since decided to not use WIndows for active directory in favor of another solution.  I demoted the 2012 server as the last in the domain and then uninstalled all of AD/Domain Services taking the server to a simple workgroup member.

Kaspersky Security Center will no longer function. It appears to be trying to start it's services under DOMAIN\KL-......... account.  There is not any KL- local account.  After browsing the web, I found the klsrvswch utility to change KSC account, however, when I run this utility, I get the above mentioned error 0x534.

What if any solution can you provide, short of having to reinstall everything from scratch?

Best,

Chuck

Share this post


Link to post
2 hours ago, guitardood said:

Hello,

I have a Windows 2012 R2 Server.  It was initially configured as an AD domain controller.  We then installed Kaspersky Security Center 10 and all was running great.

We've since decided to not use WIndows for active directory in favor of another solution.  I demoted the 2012 server as the last in the domain and then uninstalled all of AD/Domain Services taking the server to a simple workgroup member.

Kaspersky Security Center will no longer function. It appears to be trying to start it's services under DOMAIN\KL-......... account.  There is not any KL- local account.  After browsing the web, I found the klsrvswch utility to change KSC account, however, when I run this utility, I get the above mentioned error 0x534.

What if any solution can you provide, short of having to reinstall everything from scratch?

Best,

Chuck

Hello,

please state the exact version of KSC server and consoles ?

Do you have backup copy of KSC server ?

Thank you.

Share this post


Link to post

KSC Version 10.4.343

Only backup is from July when I was forced to move KSC from the Windows 2003 server to the 2012 server.  I'd rather not restore from this backup if at all possible.

Thanks for your help.

Best,

Chuck

Share this post


Link to post

Actually, I decided to just restore the entire Windows VM to just prior to my demoting it.

What steps should I do with KSC, prior to demoting the server and removing active directory?  Is running the klsrvswch and chaning to a local system account sufficient?

Thanks again,

Chuck

 

Share this post


Link to post
4 hours ago, guitardood said:

Actually, I decided to just restore the entire Windows VM to just prior to my demoting it.

What steps should I do with KSC, prior to demoting the server and removing active directory?  Is running the klsrvswch and chaning to a local system account sufficient?

Thanks again,

Chuck

 

Yes,

klsrvswch is sufficient, but account which starts server should not be disabled before moving to another account.

Thank you.

 

Share this post


Link to post

Thanks for your response.  I restored the VM backup and have tried the klsrvswch program.  The problem I'm having now: The klsrvswch program will only allow me to choose domain 'User' accounts.  The "Local System Account" option is greyed out and clicking on browse only allows selecting domain 'User' entries.  If I manually type "Network Service" or "Local Service" into the box, I get a "user cannot be found" error dialog.

Appreciate any help you could provide.

 

Best,

Chuck

Share this post


Link to post
10 minutes ago, Konstantin Antonov said:

How did you restored the VM, using revert the snapshot or another?

Thank you!

We do nightly disk clones to external media using the 'ghettoVCB' script by William Lam at https://www.virtuallyghetto.com/2015/05/ghettovcb-vib-offline-bundle-for-esxi.html

I just deleted and then restored the main system disk to the previous evening copy.

Best,

Chuck

Share this post


Link to post

Interestingly, if I go into Services->Kaspersky Security Center 10 Administration Server->Properties->LogOn, I can set it to "Local System Account".  I just don't want to do this, unless recommended by Kaspersky, incase there are other places in KSC configs/databases where this needs to be changed.

Best,

Chuck

Share this post


Link to post
1 hour ago, Ivan.Ponomarev said:

Does your local system account posess administrtive permissions on this machine?

Thanks!

As far as I know, yes.  There are many services listed with "Local System" account credentials.

Best,

Chuck

Share this post


Link to post
On 10/26/2017 at 9:47 PM, guitardood said:

Hello,

I have a Windows 2012 R2 Server.  It was initially configured as an AD domain controller.  We then installed Kaspersky Security Center 10 and all was running great.

We've since decided to not use WIndows for active directory in favor of another solution.  I demoted the 2012 server as the last in the domain and then uninstalled all of AD/Domain Services taking the server to a simple workgroup member.

Kaspersky Security Center will no longer function. It appears to be trying to start it's services under DOMAIN\KL-......... account.  There is not any KL- local account.  After browsing the web, I found the klsrvswch utility to change KSC account, however, when I run this utility, I get the above mentioned error 0x534.

What if any solution can you provide, short of having to reinstall everything from scratch?

Best,

Chuck

Hello.

Moving the host on which KSC server is installed in or out of a domain changes its network settings and basically counts as migration. Currently, migration scenarios for KSC involve removing both the server and the database, reinstalling them and restoring the most recent backup. klsrvswch utility is not intended to replace the migration procedure.

Thank you.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.