IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> Clients update [Solved], Download from KSC vs Internet
Julius Peterec
post 20.03.2017 14:25
Post #1


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




Dear Sirs,

I found a problem with updates download for clients. Instead of downloading updates from KSC as it's specified in local mode, clients are going directly to public internet based on mobile mode.
Maybe the problem is on KSC server itself. If I check connections with netstat -a, the most of connections on port TCP 13000 are in TIME_WAIT state.
Windows firewall is turned off.
I already changed MaxUserPort and TcpNumConnections in system registry.

OS: Windows 2012 R2 Server
KSC: 10.3.407

Could you please advise, what could be the problem?
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 20.03.2017 14:31
Post #2


Technical Support Specialist
**************

Group: KL Russia
Posts: 11617
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 20.03.2017 13:25) *
Dear Sirs,

I found a problem with updates download for clients. Instead of downloading updates from KSC as it's specified in local mode, clients are going directly to public internet based on mobile mode.
Maybe the problem is on KSC server itself. If I check connections with netstat -a, the most of connections on port TCP 13000 are in TIME_WAIT state.
Windows firewall is turned off.
I already changed MaxUserPort and TcpNumConnections in system registry.

OS: Windows 2012 R2 Server
KSC: 10.3.407

Could you please advise, what could be the problem?


Hello.

Please specify what versions of products you use on managed servers.
For troubleshooting connection to KSC, there is a dedicated utility klnagchk (in the Network Agent folder). Please run it (Admin privileges required) and let us know the output.

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 20.03.2017 16:07
Post #3


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




Hello,

Output from klnagchk.exe looks OK. I made a test on one PC.
Reports on client itself also shows that Endpoint was updated from KSC, but in the same time I see also downloading of updater.xml.klz file and dif files from public Kaspersky server.
Attached File(s)
Attached File  Update.PNG ( 294,59K ) Number of downloads: 10
 
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 20.03.2017 16:12
Post #4


Technical Support Specialist
**************

Group: KL Russia
Posts: 11617
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 20.03.2017 15:07) *
Hello,

Output from klnagchk.exe looks OK. I made a test on one PC.
Reports on client itself also shows that Endpoint was updated from KSC, but in the same time I see also downloading of updater.xml.klz file and dif files from public Kaspersky server.


Please specify product versions as suggested (KES, KSWS).
Please check group update task settings: disable KL servers in update servers if necessary.

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 20.03.2017 16:22
Post #5


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




KES: 10.2.2.10535

I will try to disable KL server also for mobile mode.
Go to the top of the page
 
+Quote Post
Julius Peterec
post 20.03.2017 16:42
Post #6


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




I checked another computer which made an attempt to download updes from KL server instead of KSC.
You can see log in attached file.

I checked Reports on that machine and no update task was running during that time period. Also all logged Updates are from KSC. All times.
For updates I use my own Regular update (converted) task. Only KSC is allowd now.
Default update task is scheduled Manually.

Looks like another process is running updates on PCs. My planned task are download from KSC, and some others from KL?
Attached File(s)
Attached File  Upload.txt ( 78,33K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 20.03.2017 16:50
Post #7


Technical Support Specialist
**************

Group: KL Russia
Posts: 11617
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 20.03.2017 15:42) *
I checked another computer which made an attempt to download updes from KL server instead of KSC.
You can see log in attached file.

I checked Reports on that machine and no update task was running during that time period. Also all logged Updates are from KSC. All times.
For updates I use my own Regular update (converted) task. Only KSC is allowd now.
Default update task is scheduled Manually.

Looks like another process is running updates on PCs. My planned task are download from KSC, and some others from KL?


There is an option in Advanced policy settings called "Allow local tasks to be displayed and managed". If that is enabled, it will be possible to run both the group update task and the local one alongside each other, and they might have different settings. Please check if you are able to access the local update task settings on a KES host and modify them.

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 20.03.2017 16:59
Post #8


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




I have cleared this option.
Go to the top of the page
 
+Quote Post
Julius Peterec
post 20.03.2017 17:22
Post #9


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




QUOTE(Julius Peterec @ 20.03.2017 13:59) *
I have cleared this option.


To avoid misunderstanding. This option was already disabled.
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 20.03.2017 17:26
Post #10


Technical Support Specialist
**************

Group: KL Russia
Posts: 11617
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 20.03.2017 16:22) *
To avoid misunderstanding. This option was already disabled.


Are you able to check which process tries to communicate with the servers?
Please specify if you are using KSN, and if KSC server is used as a KSN proxy.

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 20.03.2017 17:39
Post #11


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




QUOTE(Kirill Tsapovsky @ 20.03.2017 14:26) *
Are you able to check which process tries to communicate with the servers?
Please specify if you are using KSN, and if KSC server is used as a KSN proxy.

Thank you.


Process check is a little bit difficult during user work.
I use KSN and KSC is used as a KSN proxy.
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 20.03.2017 17:45
Post #12


Technical Support Specialist
**************

Group: KL Russia
Posts: 11617
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 20.03.2017 16:39) *
Process check is a little bit difficult during user work.
I use KSN and KSC is used as a KSN proxy.


Then, do the connections happen constantly or do they follow a certain schedule (that corresponds with that of one of the update tasks probably)? This could help localize the issue.

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 20.03.2017 17:54
Post #13


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




QUOTE(Kirill Tsapovsky @ 20.03.2017 14:45) *
Then, do the connections happen constantly or do they follow a certain schedule (that corresponds with that of one of the update tasks probably)? This could help localize the issue.

Thank you.

If I run my Regular update task manually, I don't see any attempts on proxy server.
It must be a different update task running on its own scheduling.
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 20.03.2017 17:57
Post #14


Technical Support Specialist
**************

Group: KL Russia
Posts: 11617
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 20.03.2017 16:54) *
If I run my Regular update task manually, I don't see any attempts on proxy server.
It must be a different update task running on its own scheduling.


You can check if other tasks apply to this host in its properties in the Console, Tasks section.

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 21.03.2017 10:31
Post #15


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




QUOTE(Kirill Tsapovsky @ 20.03.2017 14:57) *
You can check if other tasks apply to this host in its properties in the Console, Tasks section.

Thank you.

Unfortunately I see only my Regular update task and default Update.
Go to the top of the page
 
+Quote Post
Julius Peterec
post 21.03.2017 11:09
Post #16


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




Actual status.
At 7:58 I can see attempts from monitored PC to public KL server.
At 8:00 Regular update task has started - Event list.
Attached File(s)
Attached File  Update_event_list.PNG ( 100,13K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 21.03.2017 11:16
Post #17


Technical Support Specialist
**************

Group: KL Russia
Posts: 11617
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 21.03.2017 10:09) *
Actual status.
At 7:58 I can see attempts from monitored PC to public KL server.
At 8:00 Regular update task has started - Event list.


To investigate this issue, KES traces + Wireshark logs are required during these connection attempts.
However, you are using version 10.2.2.10535, which currently has limited support. In order to escalate this issue, please upgrade to the latest version (10.2.5.3201), possibly on one or several hosts to see if this issue persists, and collect the mentioned data if necessary.

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 21.03.2017 17:42
Post #18


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




QUOTE(Kirill Tsapovsky @ 21.03.2017 08:16) *
To investigate this issue, KES traces + Wireshark logs are required during these connection attempts.
However, you are using version 10.2.2.10535, which currently has limited support. In order to escalate this issue, please upgrade to the latest version (10.2.5.3201), possibly on one or several hosts to see if this issue persists, and collect the mentioned data if necessary.

Thank you.


I made upgrade to verzion 10.2.5.3201 on test PC. Looks, it solved problem.
I suggest to wait untill tomorrow morning for the final confirmation.
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 21.03.2017 18:34
Post #19


Technical Support Specialist
**************

Group: KL Russia
Posts: 11617
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 21.03.2017 16:42) *
I made upgrade to verzion 10.2.5.3201 on test PC. Looks, it solved problem.
I suggest to wait untill tomorrow morning for the final confirmation.


Please let us know the results afterwards.

Thank you!


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 22.03.2017 15:38
Post #20


Advanced Member I
***

Group: Members
Posts: 69
Joined: 6.11.2014




QUOTE(Kirill Tsapovsky @ 21.03.2017 15:34) *
Please let us know the results afterwards.

Thank you!


After whole day of monitoring it looks like the upgrade to the newest version solved problem.
You can close ticket.
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 24.04.2017 07:37