KSC 11 Download updates to Administration Server Repository

[guitardood]

Please help!!

Having tons of problems with the Download Updates task.  It keeps failing to verify signatures of multiple files.  It takes two hours to run.  Task keeps sending email saying “Some updates not downloaded or missing from the source”.

KSC Version is 11.0.0.1131 with both patches A and B.

KSC keeps trying to use s08.upd.kaspersky.com, which has multiple DNS records (round-robin).

If I try to manually go to https://s08.upd.kaspersky.com, in a browser, I get complaints about certificate chain, that root certificate “Kaspersky Lab Public Services TLS CA” is not trusted.  Almost seems like what happened when consortium untrusted Symantec’s Root Cert.  This happens on multiple systems via multiple different internet connections.

I downloaded the root certificate and added it to the “Trusted Root” store on the server running KSC.  That fixed the problems with going to https://s08.upd.kaspersky.com in the browser, but the KSC is still having file signature errors.  I’ve since removed the root cert from the system’s store.

This behavior has been going on for about two weeks.

I’ve seen other people having similar issues, is there any progress at resolving this?

Best,

Guitardood

[nexon]

Hi,

Welcome.

Did you know ? New version 12 is availabe https://support.kaspersky.com/15445#block1

[guitardood]

I do, thank you, but not ready to upgrade just yet.

 

Best,

guitardood

[ak01]

I have similar issues: https://community.kaspersky.com/kaspersky-corporate-products-27/failed-to-verify-the-file-signature-failed-to-retranslate-the-component-error-to-update-database-via-ksc-moved-7466#post42636

[tjacobs]

Hi,

same here. The problem started on Friday April 24 between 16:00h and 17:30h CAT (Germany).

We did not get new signatures sice Friday.

BR,
Torsten.

[Flood and Flood's wife]

Hello @guitardood, @ak01 & @tjacobs, 

Please raise the issue directly with Kaspersky Technical Team via your Kaspersky Company account

Thank you🙏

Flood🐳

[guitardood]

With some help from tech support, I was able to resolve my issue.  Tech support suggested that the issue was with an installed management plug-in.  I wound up uninstalling and reinstalling them.  After, I deleted the update task, cleared the update repository, recreated the update task and rebooted.  Updates have been functioning normally since.

Not sure which plug-in was causing the issue because uninstalling plug-ins caused a different issue, however, once I got the plug-in issue resolved.

Thanks to everybody here for your help and ideas.

Best,

Guitardood

[Hee]

same problem here, error since 27 April 2020, endpoint last update was 27 Apr 2020

Event name        Running (71%)
Severity:        Info
Application:        Kaspersky Security Center 11 Administration Server
Version number:        11.0.0.1131
Task name:        Download updates to the repository
Device:        Administration Server <Xxxx005>
Group:        Managed devices
Time:        4/30/2020 1:21:45 PM
Virtual Administration Server name:        
Description:        Failed to verify the file signature. 'https://s18.upd.kaspersky.com/updates/apu/apu-1901g.xml'
 

[Mahhn]

same problem here, support has assisted us with tickets to 0 success. 

• Bypass the firewall for the server - didn’t resolve issue
• clear the repository, delete the update task, make a new one. - didn’t resolve issue
• back up the config, uninstall KL management, reinstall, restore - didn't resolve issue

Putting in a new version is NOT an option, as it will break the encryption of the large amount of laptops deployed. Might as well move to another product if that is needed.

[Matrixology]

Has someone been able to finally find a solution to the update problem? I also wonder why Kaspersky does not provide a single update file instead of tonnes of files bundled into Updates folder. I have been unable to update my Kaspersky SVM (Light Agent) since long due to 'Functional Failure: Required files are missing from the Update Source'.

[Mahhn]

Matrixology, after working with support and having their engineers look into it, I was informed that the part that is failing are components we aren't using (we do have the mobile device plug in, but no devices, so not sure if that's it). I was not informed what was failing though :/ . Our desktops and VMs are getting updates, we were able to confirm by update version on the systems. so, for now it’s a bother, but not effecting protection - for our site anyways.

I recommend checking your SVM or light agent for the date of updates applied to them. You may be okay too, but checking there, is the only way to be sure.

They did have a work around if we were still having issues, its a separate program that downloads the updates, then deposits them to the KL repository so it can push them to systems. That may be a solution for some.

[Matrixology]

Matrixology, after working with support and having their engineers look into it, I was informed that the part that is failing are components we aren't using (we do have the mobile device plug in, but no devices, so not sure if that's it). I was not informed what was failing though :/ . Our desktops and VMs are getting updates, we were able to confirm by update version on the systems. so, for now it’s a bother, but not effecting protection - for our site anyways.

I recommend checking your SVM or light agent for the date of updates applied to them. You may be okay too, but checking there, is the only way to be sure.

They did have a work around if we were still having issues, its a separate program that downloads the updates, then deposits them to the KL repository so it can push them to systems. That may be a solution for some.

Dear thanks for the response. I have checked SVMs and Light Agent VMs but database is still old. Can I have your email ID for detailed chat on your update procedures etc. May be I am missing something on configuration side.

[Matrixology]

............    

As for separate program I think you mean Kaspersky Update Utility. I used it but of no success.

[ak01]

I tried everything mentioned (clear update repository, delete an recreate global update task again, …), but nothing helped (update task ran for hours, almost every time “not all components were updated”.

I ended up in updating mit KSC to v12 and that solved the issue.

KES11.3 uses another (new) update mechanism, which (I guess) KSC also needs to support.

[KIbrom14]

same here , i even reinstall the KSC11  again but no solution.  i believe installing KSC12  will solve it!!!

[Prashanthpavi]

Paviprashanth

 

[Prashanthpavi]

Uppi₹&@0007