Jump to content
ForYouAreCrunchy

Device Has Gone Out of Control After Upgrade to KSC10.5.1781

Recommended Posts

INFRASTRUCTURE:

KSC10 10.5.1781 - Windows Server 2016

KES11 - Mostly WIndows 10

KES10SP2 - Mostly WIndows 10, some Windows 7

NetAgent 10.4.343

NetAgent 10.5.1781


I'm experiencing an issue where I have hundreds of devices considered "out of control", devices with both netagent 10.4.343 and 10.5.1781. Both KES10SP2 and KES11.

Doing some testing, I have found that KSC10 considers them "out of control" when they have been disconnected from the network for about 45 minutes.

I tested this with my own laptop.

  1. I turned the laptop off, waiting for a status change in the KSC10 MMC console.
  2. 45 minutes after shutting the device off, the status changed to "Device has gone out of control".
  3. After turning the laptop back on and re-establishing a connection, the devices goes back to an "OK" state.

This incredible amount of "Critical" statuses in my statistics dashboard/reporting is definitely not reflecting well on our endpoint security posture and would like to know what it will take to make sure KSC10 isn't considering offline devices "out of control".

image.thumb.png.e00c0a9bd6a690f9aa586e3397a14e88.png

 

 

image.png

Edited by ForYouAreCrunchy

Share this post


Link to post

These were the instructions provided by the technician who advised on this upgrade to solve an issue with devices being stuck with status "there are unprocessed files" when there are not ones.
 

DETAILED STEPS FOR THE UPGRADE PROCESS:
1) Upgrade to Kaspersky Security Center 10 SP3 (10.5.1781)
• In the current security center, please mark the versions you have installed, eg what version of Endpoint, as you will need the plugins for those in the new server.

Download > https://aes.s.kaspersky-labs.com/english/administrationkit/ksc10/ksc_10sp3_10.5.1781_full_en.exe

• Before anything else, please delete all old policies, tasks and installation packages of application not in use.

• Run the KLBackup Utility (Start Menu > All Programs > Kaspersky Security Center > Kaspersky Lab Backup Utility) in order to create a backup of the current Kaspersky Security Center settings. Save this on your desk top. *** This is to be used incase the upgrade fails .***

• If running SQL express 2008, it is recommended you upgrade to the latest sql express 2014 or above on the server before installing the KSC 10.5
https://www.microsoft.com/en-us/download/confirmation.aspx?id=42299

• Run the downloaded “ksc_10sp3_10.5.1781_full_en.exe” to open the new Kaspersky Security Center installation GUI.
• Select “Install Kaspersky Security Center Administration Server” to begin install and choose the defaults
• Choose a typical installation and follow to the defaults.
• When the installation completes and is upgraded, open the KSC, and cancel the policy and task wizard migration.
• The policies and tasks for KES 11 will be created with default settings, although you can create new KES policies with settings based on current policies later.
• Verify that you have all your plugins and you should be all set with the upgrade.


2) Upgrade the Network Agent to version 10.5.1781
• Go to "Tasks"
• Create a New Task
• Select Install Application Remotely ( Under KSC 10 Administration Server)
• Select the Network Agent Package (110.5.1781)
• Un-check "Using Network Agent" option
• Un-check the box "Do not install if already installed" and the box "Using Network Agent"
• Select: "Do not restart computers"
• Do not move computers
• Select target computers ( Select all clients under Managed computers BUT the KSC Server).
• Add the account that has proper privilege to install - Usually a Domain Admin Account
• Schedule as manual.
• Name the task accordingly (i.e.: “Network Agent Deployment”)
• Run the task
*** After successful installation, Network Agent will be upgraded to version 10.5.1781
NO REBOOT REQUIRED.


3) FOR WINDOWS WORKSTATIONS ONLY WIN 7 & ABOVE.
( Requires client machines to have at least 1.5 GB Available RAM )

***
a. If you have any of the following versions of Kaspersky Endpoint Security 10 installed:
10.1.xxx
10.2.1.xxx
10.2.2.xxxx

You will need to first create a task to uninstall the those versions and reboot the client before upgrading to Kaspersky Endpoint Security 10 SP2 (10.3.0.6294) In addition you will need to confirm the AES module ( in all old version clients that were encrypted ) is also removed and client rebooted.


b. For versions :
10.2.4.xxxxx
10.2.5.xxxx
10.2.6.xxxx
10.3.0.xxxx

You can upgrade over the top without uninstalling first.

• To create a task to uninstall the application go to tasks.
• Select Create a task and scroll to Kaspersky Security Center section, click Advanced ans select Uninstall application remotely.
• Select the first option - Uninstall application supported by Kaspersky Security 10 .
• Select the application to be removed - ( Correct version of Kaspersky Endpoint Security 10 you need to remove).
• Select to either prompt the user or restart the computer. Either way, the client has to be rebooted.
• Select the clients you need to run the task to.
• Specify a Domain admin account.
• Choose the schedule to run the task, manually is the default.
• Name the task appropriately.
• Finish the task and you can run the task when ready.
• Once the task has run successfully, and the client rebooted, please follow the instructions to deploy the Kaspersky Endpoint Security 10 SP2 (10.3.0.6294).



TO INSTALL THE LATEST Kaspersky Endpoint Security 11 (11.0.0.6499).

• Install the Anti-Virus to Kaspersky Endpoint Security 11 (11.0.0.6499).
• Go to "Tasks for Specific Computers"
• Create a New Task
• Name the task "Anti-Virus Install".
• Select Install Application Remotely
• Select the Anti-Virus Package Kaspersky Endpoint Security 11 (11.0.0.6499).
• Un-check the box "Using Network Agent"
• Select Reboot Option
• Do not move computers
• Select target computers
• Add the account that has proper privilege to install
• Schedule as manual.
• Run the task
*** After successful installation, REBOOT REQUIRED.

*** After successful installation, KES10 will be upgraded to version 11.0.0.6499
REBOOT REQUIRED.



 

3b) FOR SERVERS ONLY

• Install Kaspersky Security 10 for Windows Server 10.1.0.622

Before installing Kaspersky Security 10 for Windows Server please verify that you meet the system requirements.
http://support.kaspersky.com/ksws10#requirements

a. If you have any of the following versions of Kaspersky Endpoint Security 10 installed, these will need to be uninstalled and server REBOOTED before deploying KSWS10.

10.1.xxx
10.2.1.xxx
10.2.2.xxxx
10.2.4.xxxxx
10.2.5.xxxx
10.2.6.xxxx
10.3.0. xxxx

You will need to first create a task to uninstall these versions and reboot the servers before upgrading to Kaspersky Security 10 for Windows Server (10.1.0.622)

** If you have the Kaspersky Windows Server Enterprise Edition (WSEE) Version 8, please uninstall it as well, no reboot required before deploying KSWS 10, although I would recommend one.


To manage via Kaspersky Security Center:

1. Download the installation file to the server running Security Center.
https://products.s.kaspersky-labs.com/english/file_servers/kswinserver10/ks4ws_10.1.0.622_en.exe

2. Run the ks4ws_10.1.0.622_en.exe installation (it will extract some files to C:\ks4ws\10.0.1.622\english).
Install the Application Plug-in on the Security Center server. Once the plugin is installed exit the installation.

http://products.kaspersky-labs.com/products/english/file_servers/kavwinserverenterprise10.0/klcfginst.exe

3. To install via Kaspersky Security Center:
• Create an installation package in Security center.
Open Security Center- Go to Advanced - Remote Installation –Installation Packages – Create installation package - Create Kaspersky Lab’s
Installation Package – Select.
Browse to C:\ks4ws\10.0.1.486\english\server\ – Choose the .kud file.
Follow the prompts to create the installation package.

• Create an installation task in Security center- Task for Specific computers
Choose Kaspersky Security Center Administration Server- Install application remotely – Select the new package - follow the prompts.

4. The Kaspersky Security 10 for Windows Server Interface/GUI is an optional installation. You can install it locally, copy the following folder to the server(s).
C:\ks4ws\10.0.1.486\english\client\x86 OR x64\ And run the Setup.
5. The tasks and policies are a little different, here are the tasks that you need to create.
(creating the policy is no different than creating one for KSE)
> In your servers group >> policy tab >> Create a policy for the Kaspersky Security 10 for Windows Server
> Program Database Updates >> Signatures and Definitions (Normal Update Task)
> Program Module Updates >> Critical Fixes, Auto-Patches ... etc
> On-Demand Scan Task >> Regular Virus Scan Task

 

Edited by ForYouAreCrunchy

Share this post


Link to post

Hi,

So the problem is that once a device is turned off it become "Out of control" 45 minutes late. 

Once the device is turned on, everything goes back to normal.

Is that correct?

Thank you!

Share this post


Link to post
15 hours ago, Nikolay Arinchev said:

Hi,

So the problem is that once a device is turned off it become "Out of control" 45 minutes late. 

Once the device is turned on, everything goes back to normal.

Is that correct?

Thank you!

This is correct.

Share this post


Link to post
30 minutes ago, Ivan.Ponomarev said:

Hello!

Please provide the fulll HSI report from the KSC and one of the affected machines.

Thanks!

I will provide a report. Do you want me to get the GSI from an affected workstation while it is considered "out of control"?

Share this post


Link to post

Hello,

 

Same Issue here. After (i am not sure but maybe also 45 minutes) a couple of time our devices which are shutdown went "out of control" which is very annoying....

KSC: 10.5.1781

KES: 11.0.0

Windows 10.

 

Would appreciate any solution... thanks :)

 

Regards

Martina

Share this post


Link to post
On 10/25/2018 at 11:44 AM, Ivan.Ponomarev said:

Hello!

Yes, please. 

Thanks!

I've sent the requested information to you via a private message with a Dropbox link since there's STILL a 4MB max file size on these support forums.

21 minutes ago, Martina.Spet said:

Hello,

 

Same Issue here. After (i am not sure but maybe also 45 minutes) a couple of time our devices which are shutdown went "out of control" which is very annoying....

KSC: 10.5.1781

KES: 11.0.0

Windows 10.

 

Would appreciate any solution... thanks :)

 

Regards

Martina

Welcome to the forums!

Share this post


Link to post

Hello!

In the klnagchk output I can see that there are no successful synchromizations between this machine and the KSC. Also I can see many locations set for this Network Agent. If it is possible, reinstall the agent and apply the policy that does not have alternative connection profiles and check if the issue occurs. 

Also please check if the IP address of the KSC is resolved in the right way. 

Thanks!

Share this post


Link to post
11 hours ago, Ivan.Ponomarev said:

Hello!

In the klnagchk output I can see that there are no successful synchromizations between this machine and the KSC. Also I can see many locations set for this Network Agent. If it is possible, reinstall the agent and apply the policy that does not have alternative connection profiles and check if the issue occurs. 

Also please check if the IP address of the KSC is resolved in the right way. 

Thanks!

No successful synchronizations - how is it possible that this device has never had a successful sync but the KSC10 server sees it as being in an "OK" state when connected to the network, databases are updated and virus scans are being run against the machine?

I'm going to test a different network agent profile on this device with a very simple set of connection profiles to see if it helps.

Issue cannot be considered resolved yet.

Thank you!

Share this post


Link to post
35 minutes ago, Nikolay Arinchev said:

Hi,

Could you please clarify what startup type is selected for Network Agent service?

Thank you!

Startup type for the Network Agent service appears to be: Automatic (Delayed)

I've applied a simplified Net Agent policy to the device and syncs are now considered "successful". I will test whether or not taking the device off of the network will render it "out of control" after 45 minutes. Thank you!

Share this post


Link to post
2 hours ago, Nikolay Arinchev said:

Please let us know about result.

Thank you!

I have sent the GSI logs to you and @Ivan.Ponomarev via a private message.

I uninstalled the net agent on this device, reinstalled it. Made sure it got a new policy with fewer connection profiles. THese changes were reflected in a klnagchk. There had been successful synchronizations.  I let the device go off the network for 50 minutes, then KSC10 regarded the device as "out-of-control".
Same issue.

Share this post


Link to post
2 часа назад, ForYouAreCrunchy сказал:

I have sent the pertinent files to @KLCentralSupport via a private message.

Hello!

There are some errors in event log and klnagchkl.

EventsProcessorProxy: #1255 Transport level error while connecting to http://*******: general error 0x4E7.

and

"Windows domain controller unavailable"

Please cheek the network connection on this host

Thank you!

Share this post


Link to post
37 minutes ago, Dmitry Parshutin said:

Hello!

There are some errors in event log and klnagchkl.

EventsProcessorProxy: #1255 Transport level error while connecting to http://*******: general error 0x4E7.

and

"Windows domain controller unavailable"

Please cheek the network connection on this host

Thank you!

Sir, I mean no disrespect, but this reply is not helpful at ALL.

Of course it's gonna have these issues, it's not on the corporate network.

We're trying to figure out why KSC10 is considering the device "out of control" and in a critical state instead of simply disconnected.

The problem is on KSC10's side. Not the client's. Is anyone reading???

@Dmitry Parshutin@Konstantin Antonov@Nikolay Arinchev@Ivan.Ponomarev@KLCentralSupport

Edited by ForYouAreCrunchy
Tagging everyone involved in this thread.

Share this post


Link to post
9 hours ago, Nikolay Arinchev said:

Thank you for that info!

Could you please provide us with GSI report from one of affected hosts(to KLCentral Support user)?

I think I'll just take my support request to professional services. We're getting nowhere here. I've sent GSI reports 4 or 5 times now to different people.
Thanks.

Share this post


Link to post

Hello!

Woud you please do the following: 

1. Reinstall the Network Agent and apply to it a test policy that has np alternative connection profiles, AKA locations.

2. Check if the issue reproduces. 

Thanks!

Share this post


Link to post
1 hour ago, Ivan.Ponomarev said:

Hello!

Woud you please do the following: 

1. Reinstall the Network Agent and apply to it a test policy that has np alternative connection profiles, AKA locations.

2. Check if the issue reproduces. 

Thanks!

No. I will not do the same thing again. Having more than one connection profile is not the issue. It's effecting devices with different KES versions, different netagent versions. The issue is not with the client. The issue is with the server. Please help other users in this thread.

Edited by ForYouAreCrunchy

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.