Jump to content
conslider

cannot add wks from adminkit

Recommended Posts

hi , trying out the new kav 5. wks .197 and adminkit .0403. The adminkit did browsed all the user under my network .. some it can see them but some it cannot. The img attached shows that i coudnt add this wks. but the wks is on and i even pushed installed the networkagent(by specifying the ip address manually). the wks using xp pro sp1.no firewall. what could be the reason i cannot add this wks?the adminkit i installed on win2003.i could also ping the wks using ip address but not computername.

 

add.JPG

Share this post


Link to post

Hi I have the same problem but I'm using 4.5. My dns is working well, I just dont get it why it wont add some workstations.

Share this post


Link to post
hi , trying out the new kav 5. wks .197 and adminkit .0403. The adminkit did browsed all the user under my network .. some it can see them but some it cannot. The img attached shows that i coudnt add this wks. but the wks is on and i even pushed installed the networkagent(by specifying the ip address manually). the wks using xp pro sp1.no firewall. what could be the reason i cannot add this wks?the adminkit i installed on win2003.i could also ping the wks using ip address but not computername.

 

add.JPG

 

This message means that either you don't have computer with this IP address in the Administration Server database or you have more than one computer in the database having the same IP.

Share this post


Link to post

This message means that either you don't have computer with this IP address in the Administration Server database or you have more than one computer in the database having the same IP.

 

 

ok,

I am sure that all IPs are unique.

I am also sure the computer does exist, works and have the netagent installed and runnig.

The "discovery" task that the admin server made simply misse dthat computer as it is not netbois enabled.

How can I convince the admin server that such IP exists and should be added to the list?

Manually editing the DB tables is out of question?

Share this post


Link to post
This message means that either you don't have computer with this IP address in the Administration Server database or you have more than one computer in the database having the same IP.

ok,

I am sure that all IPs are unique.

I am also sure the computer does exist, works and have the netagent installed and runnig.

The "discovery" task that the admin server made simply misse dthat computer as it is not netbois enabled.

How can I convince the admin server that such IP exists and should be added to the list?

Manually editing the DB tables is out of question?

 

Current version of AdminKit does not show IP addresses of the client computers when client computer IP cannot be resolved via DNS or Netbios.

 

Everything works for this computers as usual, the only difference is that you should add this computer to administration group manually.

 

To do this just find this computer in the 'Unassigned' folder and drag one to the required administration group.

 

Possiblity to view connect IP address for client computers will be added in MP3 of AdminKit.

Share this post


Link to post

To do this just find this computer in the 'Unassigned' folder and drag one to the required administration group.

 

*this* is the problem. the computer is not visible in the microsoft network (it has NO netbios).

because of this, the computer is not found by the adminkit.

the adminkit is not showing the computer in any group, but the computer is up and running.

 

there should be a method for the human operator to add a specific computer into the database event if the adminkit did not find such computer (as symantec corporate av does)

Share this post


Link to post
To do this just find this computer in the 'Unassigned' folder and drag one to the required administration group.

 

*this* is the problem. the computer is not visible in the microsoft network (it has NO netbios).

because of this, the computer is not found by the adminkit.

the adminkit is not showing the computer in any group, but the computer is up and running.

 

there should be a method for the human operator to add a specific computer into the database event if the adminkit did not find such computer (as symantec corporate av does)

 

If you installed network agent on this computer and network agent connected to the server, Admin Kit shows this computer in the 'Unassigned' folder.

 

You can push network agent remotely on the computer using remote deployment task. In the remote deployment task you can provide IP address of the computer even in case it is not registered in the Admin Kit database.

Share this post


Link to post

If you installed network agent on this computer and network agent connected to the server, Admin Kit shows this computer in the 'Unassigned' folder.

 

agent manually installed, computer rebooted, it is not appearing.

 

You can push network agent remotely on the computer using remote deployment task. In the remote deployment task you can provide IP address of the computer even in case it is not registered in the Admin Kit database.

 

I did it.

set up a task to deploy the remote agent.

run the task.

the log for the task is the following:

 

a) with use remote agent to deploy:

Remote installation failed on the host: Cannot download the package using network agent because it is not installed on the target host yet.

(obviously)

 

B) with use shared folders to deploy:

remote installation failed on the host: The computer seems to be disconnected from the network.

(it has no netbios enabled)

Share this post


Link to post

Can you install the net agent locally on the computer you are talking about? Also you can try to use the 'Find Computer' option, (right click on the localhost icon).

 

This is from the doc, may be outdated but:

 

If the Network Agent is not installed, or this client has not connected to the Administration Server yet (for example, if the Network Agent was locally installed), the Administration Server determines the IP address of this computer by its NetBIOS or DNS name.

 

Check the doc for info on local installation of the net agent. It is pretty easy.

 

Mike

Share this post


Link to post
If you installed network agent on this computer and network agent connected to the server, Admin Kit shows this computer in the 'Unassigned' folder.

 

agent manually installed, computer rebooted, it is not appearing.

 

Client should appear in the corresponding domain or workgroup folder in the 'Unassigned' group. In case Network Agent is not part of any workgroup or domain, it should appear in the root of 'Unassigned' folder. It may be required to refresh console tree, it is not updated automatically.

 

In case Network Agent is already installed on the computer, please make sure that communication between Network Agent and Administration Server is correctly configured. Usually this is the main reason when you see some of the clients but not others.

 

Correct communication link between Network Agent and Administration Server requires the following:

 

 

1) TCP ports 13000 and 14000 should be opened on the Administration Server side. In other words, Network Agent (client) should be able to connect to the Administration Server computer using these TCP/IP ports.

 

2) It is recommended to open UDP port 15000 on the client side so that Administration Server will be able to send UDP packet to the client on the port 15000 and initiate connection by Administration Server request. In case port 15000 is not opened or client IP address is unknown (because client is behind NAT or proxy server), it is required to set ‘Keep connection’ option in the client properties to have the possibility to monitor client status in real time. If you don't need to monitor client status in real time, it is not required to open port 15000 on the client. Client sends all required information during periodical connections to the server. Events are delivered on the server in the real time.

 

3) Make sure that DNS is correctly configured and clients are able to resolve Administration Server DNS address. In case DNS is absent on the client side, it is required to set administration server address for the Network Agent in the form of IP address.

 

4) Make sure that clients use correct SSL certificate of the Administration Server. In case you installed part of clients and after that reinstall Administration Server, clients cannot connect to the server because server certificate is wrong.

 

 

It will be helpful if you send us Kaspersky Event Log (in tab delimited format) for one of the computers that cannot be connected to the server. The reason for connection error is registered there.

Share this post


Link to post

solved,

but with the following:

removed agent

enabled netbios

rebooted

reinstalled agent

used IP address for the management server

rebooted

 

dns and tcp port were working well before and after the reinstallation.

 

quite tricky if to be done on a production server...

anyway, it's done.

Share this post


Link to post
solved,

but with the following:

removed agent

enabled netbios

rebooted

reinstalled agent

used IP address for the management server

rebooted

 

dns and tcp port were working well before and after the reinstallation.

 

quite tricky if to be done on a production server...

anyway, it's done.

 

Enabling nebios and rebooting was not required. :)

 

We are going to add the following in AdminKit MP3:

 

1) It will be possible to view network structure as subnets.

2) It will be possible to scan subnets using ICMP packets.

3) Client connect IP will be shown in the AdminKit console.

4) It will be possible to add clients to AdminKit database using IP address of client? We need to think how to resolve issues when IP address of client changes (DHCP) or many clients have the same IP address (client is behind NAT or proxy server).

5) We'll add command line utility to check correctness of Network Agent connection with the server and to change parameters of connection if required.

 

Tell us if you need such an utility right now. We can upload one on the forum page.

Share this post


Link to post

> 4) It will be possible to add clients to AdminKit database using IP address of client?

We need to think how to resolve issues when IP address of client changes (DHCP)

 

this one sholdn't be a roblem: being a syadmin, you want to install kav on that PC *now*, and *now* you know its IP address. at least, the IP install should be available as "manual" only and not "scheduled".

 

> or many clients have the same IP address (client is behind NAT or proxy server).

 

too tricky this one. I guess that behind nat, the install should be initiated by the client.

this with the goal to keep it simple and short.

 

> 5) We'll add command line utility to check correctness of Network Agent connection with the server and to change parameters of co

 

very useful, I like it

 

Tell us if you need such an utility right now. We can upload one

 

I am evaluating the product now, it could help.

 

(let me say, not to criticize but to suggest, that symantec's console is far more user friendly. Also panda's is, but it lacks of options for the scan engine)

 

thanks

Share this post


Link to post
(let me say, not to criticize but to suggest, that symantec's console is far more user friendly. Also panda's is, but it lacks of options for the scan engine)

 

 

Thanks for the feedback. We are planning GUI modifications now to make console more user-friendly in the MP3 of AdminKit. It would be very useful if you (and other Admin Kit users) tell us what areas of functionality in Admin Kit console are hard to use. We need to know what to improve :)

 

Thanks

Share this post


Link to post

I allow you to read further only if you supply us an *estimated* date for MP3 release ;-)

 

 

 

notes in very sparse order!

 

in general:

reduce the number of clicks to reach a piece of information.

 

ok for using many tabs,

but not ok, e.g. to use: tab-choose element-tab-list-details of list element-properties

 

tasks: less clicks to choose what pc are the target

 

view one special group containg all of the pcs

view at a glance if the AV is working/alive (by polling it) or not

view at a glance the DB and the engine version, not by date, but by a serial number or something the like

view at a glance if the pc was infected, not by listing the numbers of viruses

view the real time scanning status (now I just scanned this file, now this file, now this file)

view the virus history for a pc directly with right click, not by going in the "events" section

view the scan history for a pc directly in its tab

view the virus history for all pc in specific place

view of all schedules in a specific place

view of specific history of DB updates /log of activities with kaspersky's servers

 

disable possibilty for pc administrators to disable the av services

 

no comments on distributed servers, located in different networks, becaus I couldn't test them.

Share this post


Link to post
I allow you to read further only if you supply us an *estimated* date for MP3 release ;-)

 

MP3 is scheduled for October.

Share this post


Link to post
> 4) It will be possible to add clients to AdminKit database using IP address of > 5) We'll add command line utility to check correctness of Network Agent connection with the server and to change parameters of co

 

very useful, I like it

 

Tell us if you need such an utility right now. We can upload one

 

I am evaluating the product now, it could help.

 

 

Hello. Here are the utilities. One utility check correctness of Network Agent connection with Administration Server, other utility change parameters of Network Agent connection. Utilities should be started from the Network Agent installation directory. We'll add something similar in MP3 of AdminKit.

klnagchk.zip

klmover.zip

Share this post


Link to post
I allow you to read further only if you supply us an *estimated* date for MP3 release ;-)

notes in very sparse order!

 

in general:

reduce the number of clicks to reach a piece of information.

 

ok for using many tabs,

but not ok, e.g. to use: tab-choose element-tab-list-details of list element-properties

 

tasks: less clicks to choose what pc are the target

 

1. view one special group containg all of the pcs

2. view at a glance if the AV is working/alive (by polling it) or not

3. view at a glance the DB and the engine version, not by date, but by a serial number or something the like

4. view at a glance if the pc was infected, not by listing the numbers of viruses

view the real time scanning status (now I just scanned this file, now this file, now this file)

5. view the virus history for a pc directly with right click, not by going in the "events" section

6. view the scan history for a pc directly in its tab

7. view the virus history for all pc in specific place

8. view of all schedules in a specific place

9. view of specific history of DB updates /log of activities with kaspersky's servers

10. disable possibilty for pc administrators to disable the av services

 

no comments on distributed servers, located in different networks, becaus I couldn't test them.

 

Thanks for the feedback. Here are some comments how particular tasks could be accomplished:

 

2. You can view this in the 'Status' column in MMC console.

3. Antivirus databases version report shows exact database version (number of records).

4. You can view this in the 'Number of viruses' column in MMC console.

5. This is a good idea. I think we'll add this in MP3.

7. 'Events' node in MMC console contains this information if you configured in policy to store events on the server. 'Virus activity report' contains this information too.

8. It is recommended to create group tasks for the tasks that require particular schedule. Group task has one particular schedule.

9. The same as 8. If you use group task, you can view all activity in the 'History' window in the group task properties.

10. Just enable 'Real time protection' in the 'Predefined tasks' tab in policy and lock this tab.

Share this post


Link to post

please bear in mind that I answer with my point of view, which is:

everyone of us has a million things to do, and want to use the less time possible to achieve routine tasks.

Also, every guideline in "Usability" matters tend toward using the less clicks possible to improve the "user's experience".

if something is easy to use, it's liked much more by the users.

let's go:

 

> 2. You can view this in the 'Status' column in MMC console.

 

not really.

if the pc is switched off or the av service is stopped, even for hours, the status is OK.

this is deceiving.

after, let's say, one hour or less, the console should tell "AV on this pc is not working". and , more important, "at a glance". no clicks in "properties" tab.

it would be enough to change the words in the status column with: "not running", and changing the icon appereance

 

> 3. Antivirus databases version report shows exact database version (number of records).

 

again, it is crucial to have this information "at a glance". no clicks.

spare the user to go to see reports for their "bird's eye" activities

 

> 4. You can view this in the 'Number of viruses' column in MMC console.

 

the number in the column does not stand out much.

it would be enough to change the words in the status column with: infected, and changing the icon appereance. After all, you already have the "reset virus counter" one click away.

 

> 7. 'Events' node in MMC console contains this information if you configured in policy to store events on the server. 'Virus activity report' contains this information too.

 

you cannot save your filters view in the events node!

you dont' want to browse a 2000 lines log to find out information.

the very minumum should be to have the chance to filter out the "all-including" log

in different ways, and recall them with the less click possible

 

> 8. It is recommended to create group tasks for the tasks that require particular schedule. Group task has one particular schedule.

 

I would like to go in a single place and see all things that were programmed in the whole enterprise, and if some of them failed or not.

guess how? with the less click possible

 

> 10. Just enable 'Real time protection' in the 'Predefined tasks' tab in policy and lock this tab.

 

this does not work.

if the user is pc's administrator, he can stop the kav service.

if the service is stopped, the pc is not protected, no matter if the setup is locked or not.

other products have something that re-enables the Av service after a short time, if it is disabled for whatever reason.

Share this post


Link to post
> 2. You can view this in the 'Status' column in MMC console.

 

not really.

if the pc is switched off or the av service is stopped, even for hours, the status is OK.

this is deceiving.

after, let's say, one hour or less, the console should tell "AV on this pc is not working". and , more important, "at a glance". no clicks in "properties" tab.

it would be enough to change the words in the status column with: "not running", and changing the icon appereance

 

> 3. Antivirus databases version report shows exact database version (number of records).

 

again, it is crucial to have this information "at a glance". no clicks.

spare the user to go to see reports for their "bird's eye" activities

 

> 4. You can view this in the 'Number of viruses' column in MMC console.

 

the number in the column does not stand out much.

it would be enough to change the words in the status column with: infected, and changing the icon appereance. After all, you already have the "reset virus counter" one click away.

 

> 7. 'Events' node in MMC console contains this information if you configured in policy to store events on the server. 'Virus activity report' contains this information too.

 

you cannot save your filters view in the events node!

you dont' want to browse a 2000 lines log to find out information.

the very minumum should be to have the chance to filter out the "all-including" log

in different ways, and recall them with the less click possible

 

> 8. It is recommended to create group tasks for the tasks that require particular schedule. Group task has one particular schedule.

 

I would like to go in a single place and see all things that were programmed in the whole enterprise, and if some of them failed or not.

guess how? with the less click possible

 

> 10. Just enable 'Real time protection' in the 'Predefined tasks' tab in policy and lock this tab.

 

this does not work.

if the user is pc's administrator, he can stop the kav service.

if the service is stopped, the pc is not protected, no matter if the setup is locked or not.

other products have something that re-enables the Av service after a short time, if it is disabled for whatever reason.

 

2. Which version of Admin Kit and KAV for WKS you are evaluating? This issue was solved in MP1 of Admin Kit. Change in RTP status is reported to the server in real time. We change status of computer to 'Critical' after receiving three subsequent confirmations that RTP is not running. Default synchronization period is 15 minutes, so computer changes the status to 'Critical' within half an hour.

 

4. It is possible to configure changing computer status to 'Critical' when number of viruses found is more than 1. See 'Computer Status' tab in server settings.

 

8. With group task you have the settings for all clients in single place. This is the purpose of group task.

Share this post


Link to post
We are going to add the following in AdminKit MP3:

 

...

4) It will be possible to add clients to AdminKit database using IP address of client?  We need to think how to resolve issues when IP address of client changes (DHCP) or many clients have the same IP address (client is behind NAT or proxy server).

 

Should this be possible by now? Last week I upgraded our admin kit to 5.0.474 and today I tried by installing network agent ver 5.0.474 to a PC. This PC is in a subnet separated from the admin server by a router, so there is no direct "Microsoft Network" visibility between the two, but IP connectivity exists and DNS configuration is verified OK.

 

When I try to add this workstation to a group using IP address, it fails with the message:

"Cannot add host(s) from the list below to the group".

Share this post


Link to post
When I try to add this workstation to a group using IP address, it fails with the message:

"Cannot add host(s) from the list below to the group".

 

I found that in my case there was a problem with TCP/IP settings on the server. Once I configured the default gateway correctly, the workstations in other subnets showed up :)

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.