Jump to content
TBL2

Databases are out of date, Network Failure While Downloading Updates [split and moved]

Recommended Posts

We look after a number of organisations' IT. We have this same 84% problem at a number of client sites. We use the Kaspersky Security Centre, and we get the problem when going into Sec Centre > Advanced > Remote installation > Installation packages > Additional actions > View current application versions > KES 11 for Windows > Download.

Yes, I can go around the problem by downloading the KESB executable and packaging it, but if I do that, we lose the ability to update the definitions in the deployment package. I would prefer a real solution rather than a workaround.

The following is logged in the event log when it hits the 84% problem:

«Failed to download file 'https://aes.s.kaspersky-labs.com/endpoints/keswin11/11.1.0.15919/english-KES-11.1.0.15919-en-0.2975008.0/beb2b050/keswin_11.1.0.15919_en_aes56.exe'. #1200 Signature mismatch for file 'C:\ProgramData\Application Data\KasperskyLab\adminkit\1093\.working\wusfiles\11\~11D8585AAEB337B5DCB30E92428A14A2~.download': 'System error 0x800B0109 (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.)'»

Once again, the problem is widespread. It occurs at various client sites not connected to one another.

 

Share this post


Link to post

Hello!

What is your KSC version? 

Do you get this error only while updating the bases in the installation packages? What about the updates download tasks? When did the issue come up? 

Thanks!

Share this post


Link to post

That's a completely wrong title for this thread. It has nothing to do with a supposed network failure, and everything to do with the certificate that Kasperslky Lab use for their files (possibly in the UK only, as I see that the exe is signed with a Kaspersky Lab UK signature). The version of the Security Centre does not seem relevant, as i have seen the problem on multiple servers with multiple versions of the Security Centre. But people searching for this problem might not realise that. Instead they will search for things like "84%".

Can you rename the topic?

By the way, I have a workaround now, but I am still interested in Kaspersky's official answer.

Share this post


Link to post

Hi,

Could you please tell us how you`d like to name the topic?

As for problem itself, please provide us with GSI report from KSC host.

Thank you!

Share this post


Link to post

Thank you Nikolay.

I'd name the topic "Kaspersky downloads fail at 84%".

GSI reports won't tell you anything as far as I see. As the error in the event log indicated, the answer is in the certificate that Kaspersky Lab uses to sign its executables. I attach some screenshots. If you just wait for the Security Centre to try and download the new version, it will fail, and the error I reported will be logged. If you open a browser and manually download https://aes.s.kaspersky-labs.com/endpoints/keswin11/11.1.0.15919/english-KES-11.1.0.15919-en-0.2975008.0/beb2b050/keswin_11.1.0.15919_en_aes56.exe then look at the properties of the downloaded executable, you'll be able to install the offending certificate manually into your trusted roots. Once you have done that, close and re-open your Security Centre. You'll then be able to go past the 84% in the Security Centre. At 85%, it asks you to accept a licence agreement. But it won't reach that stage until you have installed that certificate into your trusted roots.

Obviously, this is a little dodgy. I'd like to have a proper, Kaspersky approved, Security Centre based solution, please, rather than our little workaround here.

 

84percent.png

Certs.png

View cert.png

Install cert.png

Share this post


Link to post

Hello,

Why didn't you have the DigiCert Root CA certificate installed in the first place though? Maybe your OS does not have the latest updates?

 

Share this post


Link to post

On all my servers, all my clients, completely unrelated to one another, all happening all of a sudden at the same time, and also happening to several other people (that's why I originally posted this in another, pre-existing thread)? My clients' servers are up to date, by the way.

Actually Oleg, that's a very good question, and one I should direct at Kaspersky's product developers, such as... yourself, for instance. Why should the Security Centre processes, which have been working completely fine for years, and never ever required us to install a certificate manually, suddenly require a manual installation of a certificate? If you can you answer that, you're halfway through producing a fix.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.