Help - Search - Members
Full Version: Security Center : How to force client refresh? [Solved][INC000005244299]
Kaspersky Lab Forum > English User Forum > Protection for Business
Codata
We use Security Center 9 to deploy KES 8 on our network.
We often have to reinstall or upgrade workstations. When this happens, Security Center keeps the old informations about this client computer in memory : on the properties page, it is always the old IP address with the old informations about which version of KAV is installed etc...

If the IP address as changed, I have found no way to force an update and Security Center just can't see this new computer.
It seems that Security Center caches DNS entries somewhere, but I haven't found how to clean this cache and rescan all workstations.

If I try to redeploy KES8 on this computer (if the address has not changed), it fails saying that it is already installed. If I force it (install even when already installed), it hangs on "waiting for a connection...".

I tried to delete the computer from the "administered computers" group, but this does not help.
I also tried to rescan the network, but this still does not help.

What are the recommended steps to follow when reinstalling / upgrading a client computer ?
A good start would be to find a way to force Security Center to flush its DNS cache and rescan a particular computer (or all of them, I don't mind).

Thanks for your help !
Mystery4u
QUOTE(Codata @ 26.03.2012 12:53) *
We use Security Center 9 to deploy KES 8 on our network.
We often have to reinstall or upgrade workstations. When this happens, Security Center keeps the old informations about this client computer in memory : on the properties page, it is always the old IP address with the old informations about which version of KAV is installed etc...

If the IP address as changed, I have found no way to force an update and Security Center just can't see this new computer.
It seems that Security Center caches DNS entries somewhere, but I haven't found how to clean this cache and rescan all workstations.

If I try to redeploy KES8 on this computer (if the address has not changed), it fails saying that it is already installed. If I force it (install even when already installed), it hangs on "waiting for a connection...".

I tried to delete the computer from the "administered computers" group, but this does not help.
I also tried to rescan the network, but this still does not help.

What are the recommended steps to follow when reinstalling / upgrading a client computer ?
A good start would be to find a way to force Security Center to flush its DNS cache and rescan a particular computer (or all of them, I don't mind).

Thanks for your help !

Hi,
Delete the computer from the "administered computers" group, then delete these computer from Unassigned computers too. Then rescan the network.

Codata
QUOTE(Mystery4u @ 26.03.2012 11:11) *
Delete the computer from the "administered computers" group, then delete these computer from Unassigned computers too. Then rescan the network.


Hi, thanks for your answer.
I tried that, but rescanning the network does not bring the computer back. I tried with the "active directory" scanning and "IP range" scanning, none of them brought the new computer back.

Is there no way to flush the DNS/IP cache of the Security Center ?
Mystery4u
QUOTE(Codata @ 26.03.2012 14:13) *
Hi, thanks for your answer.
I tried that, but rescanning the network does not bring the computer back. I tried with the "active directory" scanning and "IP range" scanning, none of them brought the new computer back.

Is there no way to flush the DNS/IP cache of the Security Center ?


Hi,
Reinstall the network Agent with unchecked the option " Do not install application if it is already installed" Check the connection from client end running klnagchk.exe at command prompt.
Codata
QUOTE(Mystery4u @ 26.03.2012 11:30) *
Hi,
Reinstall the network Agent with unchecked the option " Do not install application if it is already installed" Check the connection from client end running klnagchk.exe at command prompt.

But I cannot reinstall the Network Agent if the computer is not seen by Security Center !
Mystery4u
QUOTE(Codata @ 26.03.2012 14:31) *
But I cannot reinstall the Network Agent if the computer is not seen by Security Center !


Hi,
Then Install network agent using pull method. (Manually install at client end)
Codata
QUOTE(Mystery4u @ 26.03.2012 11:35) *
Hi,
Then Install network agent using pull method. (Manually install at client end)


Well, the point is that I want to be able to centrally manage my workstations, even when their IP addresses change.
If I have to manually install things on all clients, the whole point of Security Center and central administration is defeated.
Don't you think so ?
There must be a way around this, no ?
Mystery4u
QUOTE(Codata @ 26.03.2012 14:39) *
Well, the point is that I want to be able to centrally manage my workstations, even when their IP addresses change.
If I have to manually install things on all clients, the whole point of Security Center and central administration is defeated.
Don't you think so ?
There must be a way around this, no ?


Hi,
I mean When you change your IP address of your systems. your admin sever show the old IP information for that system. When you delete your systems from groups and unassigned computers and rescan the network it take time to appear in the unassigned computers. If you want to avoid for wait you reinstall the network agent manually on that system or run "klmover -address <Admin server IP address> on command prompt. The klmover file is located at "C:\Program Files\Kaspersky Lab\NetworkAgent\klmover.exe".
Codata
QUOTE(Mystery4u @ 26.03.2012 11:51) *
Hi,
I mean When you change your IP address of your systems. your admin sever show the old IP information for that system. When you delete your systems from groups and unassigned computers and rescan the network it take time to appear in the unassigned computers. If you want to avoid for wait you reinstall the network agent manually on that system or run "klmover -address <Admin server IP address> on command prompt. The klmover file is located at "C:\Program Files\Kaspersky Lab\NetworkAgent\klmover.exe".

OK I understand then.
Do you mean then that the long delay for computers to reappear under "unassigned computers" is normal ?
Mystery4u
QUOTE(Codata @ 26.03.2012 14:54) *
OK I understand then.
Do you mean then that the long delay for computers to reappear under "unassigned computers" is normal ?


Hi,
Yes, I face this many time to appear the system take long time to reappear in the unassigned computers
Codata
QUOTE(Mystery4u @ 26.03.2012 11:55) *
Hi,
Yes, I face this many time to appear the system take long time to reappear in the unassigned computers

OK. Thanks a lot then, I'll try this next time !
Testeur09
Make sure you use sysprep when reinstalling your computers and the network agent isn't a component of you rmaster workstation.
KoRi
If the client computer is in different subnet, the router not necessary forward scan, and the computer wont appear if no agent installed which point to the server. Manual install still work, if you know the client ip address, and run a deploy task to that ip (not name).
Codata
QUOTE(Testeur09 @ 26.03.2012 12:39) *
Make sure you use sysprep when reinstalling your computers and the network agent isn't a component of you rmaster workstation.

We don't use sysprep, we perform normal installation then image our computers. We just restore the image when it is needed.
Codata
QUOTE(KoRi @ 26.03.2012 12:53) *
If the client computer is in different subnet, the router not necessary forward scan, and the computer wont appear if no agent installed which point to the server. Manual install still work, if you know the client ip address, and run a deploy task to that ip (not name).

It is in the same subnet.
Installing via IP address is an option, indeed.
Codata
QUOTE(Codata @ 26.03.2012 15:25) *
It is in the same subnet.
Installing via IP address is an option, indeed.

Just tried our typical "re deployement" via IP adresse : it still does not work ! It looks as if KSC9 even has reverse DNS cache !!!
I try to install to the IP address of my freshly reinstalled workstation, but SC9 translates the IP address to a computer name that is different from what it should be !

I double and triple checked with nslookup and ping / ping -a, and all come to the same conclusion : SC9 really has a problem with DNS caching !!!
KoRi
Maybe i'm wrong, but i cant believe, that kaspersky use own cache. When u run nslookup & ping from the administration server, u saw the right address&name, or the wrong?
Codata
QUOTE(KoRi @ 3.04.2012 08:11) *
Maybe i'm wrong, but i cant believe, that kaspersky use own cache. When u run nslookup & ping from the administration server, u saw the right address&name, or the wrong?

On the administration server, the IP address in KSC9 is not the one I have when I ping the computer name.
And I can't find a way to force KSC9 to update it. That's the whole point of my post actually.

Yes, I find it hard to believe too, but what else ??
Testeur09
QUOTE(Codata @ 26.03.2012 15:22) *
We don't use sysprep, we perform normal installation then image our computers. We just restore the image when it is needed.

Well that implies lot of problems if you are restoring without any sysprep (sadly the Newtwork Agent doesn't like sysprep too).

You DNS entries will be messed up - you have to activate DNS scavenging.

Kaspersky Network Agent will be messed up, and the client in KSC too.

Try to delete the client from the console entirely (once from Managed Computers, a se cond time from Unefined Computers), then redetect it and add it again to the console.

If it still not better you'll have to uninstall the agent and install it again.
seslmis
Are you using clone image to reinstall PC ?
For me, always reinstall once user left my company.
I use both clone image and newly install from recovery cd as well,
do you try to install NA during your process ?
Suppose you are using server name for your KAK server, try to add
server name in your system hosts file.
Hope these help.
Good luck.
Codata
QUOTE(Testeur09 @ 3.04.2012 09:16) *
Well that implies lot of problems if you are restoring without any sysprep (sadly the Newtwork Agent doesn't like sysprep too).
You DNS entries will be messed up - you have to activate DNS scavenging.

Why would my DNS entries be messed up ? The computer gets a new IP address, but DNS updates work fine. As soon as it's back online forward and reverse lookup are fine from any computer on the network.

QUOTE
Try to delete the client from the console entirely (once from Managed Computers, a se cond time from Unefined Computers), then redetect it and add it again to the console.
If it still not better you'll have to uninstall the agent and install it again.

Actually, if I install the agent manually, it works (tried it yesterday).
But usually we deploy the agent together with KES, and that's what does not work.

Removing and redetecting the client does not work either. It is redetected with the same IP address, and detection via IP range does not work at all (I don't know why).

QUOTE(seslmis)
Are you using clone image to reinstall PC ?
For me, always reinstall once user left my company.
I use both clone image and newly install from recovery cd as well,
do you try to install NA during your process ?
Suppose you are using server name for your KAK server, try to add
server name in your system hosts file.

We reinstall with images usually (barebone images, only Windows and updates are included, no other software), but now we deploy Windows 7 so we install from scratch. No recovery or sysprep, just clean normal installations.
As I sais previously, we do not install NA manually, we deploy it from KSC9, which in this case does not work well because of our IP address "cache" problem...
And as I said, if we install NA and specify the server name, it works just fine.

Thanks to all for trying to help, that's very appreciated !
Testeur09
QUOTE
Why would my DNS entries be messed up ? The computer gets a new IP address, but DNS updates work fine. As soon as it's back online forward and reverse lookup are fine from any computer on the network.

Your DNS server will have several entries for your computer, which is making Kaspersky detect ghost computers i think.
KoRi
QUOTE(Codata @ 3.04.2012 07:52) *
On the administration server, the IP address in KSC9 is not the one I have when I ping the computer name.


This is normal, the admin server keep showing the latest contact ip address. Because there is no agent @ computer, it wont contact to the server. If you want to keep this machine object in the administration server, it is possible that another computer appear on the server with the same name+~1 when you install manual the agent to the client.
My advice is: in the console click right on the root of the administration server -> Search.
Find the machine and right click-> Remove. (it just remove from any group)
Right click again -> Remove. (completely removes that workstation object from admin server. maybe that step missing, and thats why adminserver shows object with the old ip).
Wait till workstation appears again in the unassigned computers. If its in same subnet and VLAN, it has to, if administration server ip subnet scanning configured right.
If you don't want to wait, you had to deploy network agent over the (new) ip address. On the adminkit 8 it always worked, deploying over ip never reversed to computer name back, only after installed agent report back.
It is possible to show different computer name for a short time, when the computer use such ip address which was another computer object @admin server, and the server thinks that that computer switched on, but after agent report to adminkit, the name changing to the right. (or force synchronization).

We sometimes put the network agent installation package to the image (with some other little necessary install exe), and when we restore that image, just one click to install all of them (with a well configured batch file)
Codata
QUOTE(Testeur09 @ 3.04.2012 09:51) *
Your DNS server will have several entries for your computer, which is making Kaspersky detect ghost computers i think.

I don't think this could happen.
We have DHCP configured for automatic DNS updates, and whenever a new IP address is attributed to a computer its DNS records are also updated.
I never had problems of ghost records in the DNS server

QUOTE(KoRi @ 3.04.2012 09:59) *
My advice is: in the console click right on the root of the administration server -> Search.
Find the machine and right click-> Remove. (it just remove from any group)
Right click again -> Remove. (completely removes that workstation object from admin server. maybe that step missing, and thats why adminserver shows object with the old ip).

Maybe I was missing this second step indeed ! Will try that now.
Still, the problem with that is that I have to wait for a network rescan. I can trigger it manually, but it still takes some time. That's a shame since I know (and the system knows) the right IP address for this computer...
KoRi
QUOTE(Codata @ 3.04.2012 09:20) *
That's a shame since I know (and the system knows) the right IP address for this computer...

But the server don't know...until rescan the subnet. tongue.gif
Codata
QUOTE(KoRi @ 3.04.2012 10:26) *
But the server don't know...until rescan the subnet. tongue.gif

There is only ONE software on the whole network which doesn't know, and it's KSC9 !!! rolleyes.gif
Testeur09
QUOTE
I don't think this could happen.
We have DHCP configured for automatic DNS updates, and whenever a new IP address is attributed to a computer its DNS records are also updated.
I never had problems of ghost records in the DNS server

I still suggest to check if you have DNS stale records and DNS scavenging on...

QUOTE
Maybe I was missing this second step indeed ! Will try that now.
Still, the problem with that is that I have to wait for a network rescan. I can trigger it manually, but it still takes some time. That's a shame since I know (and the system knows) the right IP address for this computer...

You should try Active Directory scan maybe, IP/DNS discovery isn't that reliable.
Codata
QUOTE(Testeur09 @ 3.04.2012 10:41) *
I still suggest to check if you have DNS stale records and DNS scavenging on...
You should try Active Directory scan maybe, IP/DNS discovery isn't that reliable.

I can confirm that scavenging is on, I just checked.
I always use Active Directory scanning in fact, the other ones just don't work.

After some more tries, I think that manually installing the network agent is the way to go.
IMHO, centralized deployment is not working well in KSC9 (same as in previous versions actually, it never worked well)
Nikola D.
Hello,


I had the same issue when dealing with reinstalled computers. The solution was to, not only delete the computers with obsolete IP addresses from the Managed computers containers and Unassigned computers - IP subnets container, but also delete it from the Unasigned computers - Active Directory container.

Once the problematic hostname is removed from those containers, freshly initiated IP subnets - Discover Computers will have no trouble finding the computers.


Cheers,

Nikola
Kravtsov Vitaly
QUOTE(Nikola D. @ 4.07.2014 15:57) *
Hello,
I had the same issue when dealing with reinstalled computers. The solution was to, not only delete the computers with obsolete IP addresses from the Managed computers containers and Unassigned computers - IP subnets container, but also delete it from the Unasigned computers - Active Directory container.

Once the problematic hostname is removed from those containers, freshly initiated IP subnets - Discover Computers will have no trouble finding the computers.
Cheers,

Nikola

Hello!

Please kindly inform us which version of the products are you using?

Thank You!
SMC Mike
I know this is an old thread, but I found some info that might help people in the future when searching Google for an answer. (This thread always came up near the top of my searches)

My issue involved a workstation that was renamed. The newly named computer did show up as a new computer, but the OLD name kept magically appearing in the "Unassigned Devices" section of Security Center, even though there was no computer with that name anymore! The old name was not listed in our active directory. The old name was not listed anywhere in our DNS server. I would delete it when it showed up, but it kept coming back the next day!

-Delete workstation from the managed group
-right-click on the administration server object in the left pane, and select "search". Search for the workstation. (deleting from the group moves the computer to the "unassigned" objects). When the machine appears in the results window, delete it from there.
-Repeat the search, leaving off the last character of the workstation name, and replacing it with a "*". (this will find any potential duplicate objects, which will have a "~" and a series of numbers appended to the name.
-Repeat the search and delete until there are no results.
-From the admin server's command prompt, type "ipconfig /flushdns", and hit Enter.


The KEY to resolving my issue was flushing the DNS on the server that hosts Security Center. Hope this helps people with the same issue in the future.
Nikolay Arinchev
Hi,

Thank you for that info!
SMC Mike
Well, I was wrong. Two OLD computers that are no longer on the network are showing up as discovered computers again. I've deleted them two days in a row, but they show up the very next day. From what I've found on the net, this is something that can't be fixed in KSC. I guess I'll just let the old computers sit in the "Unassigned devices" section.


QUOTE(SMC Mike @ 30.09.2015 17:16) *
I know this is an old thread, but I found some info that might help people in the future when searching Google for an answer. (This thread always came up near the top of my searches)

My issue involved a workstation that was renamed. The newly named computer did show up as a new computer, but the OLD name kept magically appearing in the "Unassigned Devices" section of Security Center, even though there was no computer with that name anymore! The old name was not listed in our active directory. The old name was not listed anywhere in our DNS server. I would delete it when it showed up, but it kept coming back the next day!

-Delete workstation from the managed group
-right-click on the administration server object in the left pane, and select "search". Search for the workstation. (deleting from the group moves the computer to the "unassigned" objects). When the machine appears in the results window, delete it from there.
-Repeat the search, leaving off the last character of the workstation name, and replacing it with a "*". (this will find any potential duplicate objects, which will have a "~" and a series of numbers appended to the name.
-Repeat the search and delete until there are no results.
-From the admin server's command prompt, type "ipconfig /flushdns", and hit Enter.


The KEY to resolving my issue was flushing the DNS on the server that hosts Security Center. Hope this helps people with the same issue in the future.

Artem Ershov
Hi,

Could you clarify what version of KSC do you use?

BR
SMC Mike
QUOTE(Artem Ershov @ 22.10.2015 09:46) *
Hi,

Could you clarify what version of KSC do you use?

BR


10.2.434
Evgeny Medvedev
QUOTE(SMC Mike @ 22.10.2015 18:14) *
Well, I was wrong. Two OLD computers that are no longer on the network are showing up as discovered computers again. I've deleted them two days in a row, but they show up the very next day. From what I've found on the net, this is something that can't be fixed in KSC. I guess I'll just let the old computers sit in the "Unassigned devices" section.


Hi,

Could you please clarify did you move the machine to Unassigned devices first before deletion?

Thank You!
SMC Mike
QUOTE(Evgeny Medvedev @ 22.10.2015 19:06) *
Hi,

Could you please clarify did you move the machine to Unassigned devices first before deletion?

Thank You!


Yes, I removed the computers from the group they were in, then followed the instructions I listed earlier in this thread. One of the computers hasn't been connected to the network in over two weeks, and the other one that keeps showing up is actually a computers OLD name. That computer is listed in KSC with it's new name and everything is working fine with it. Can't figure out why it would be listing the OLD name since it sees the NEW name also.
Nikolay Arinchev
Hi,

Could you please clarify do you have any records in AD related to that PC with old name?

Thank you!
SMC Mike
QUOTE(Nikolay Arinchev @ 23.10.2015 09:44) *
Hi,

Could you please clarify do you have any records in AD related to that PC with old name?

Thank you!


To make things a little easier, I've decided to just deal with the machine labeled "faclitator-01" for now. The machine named "shop" can stay, because it still exists and we might use it again in the future. faclitator-01 does NOT even exist anymore though.

To answer your question... this morning, I went through every folder in AD and made sure that no rogue entries for that computer remained. I also did a search in AD for fac*, and nothing came up.
Nikolay Arinchev
Please create a request to KL support.

Please tell us the number of that request.

Thank you!
SMC Mike
QUOTE(Nikolay Arinchev @ 23.10.2015 10:55) *
Please create a request to KL support.

Please tell us the number of that request.

Thank you!


INC000005243791
SMC Mike
QUOTE(SMC Mike @ 23.10.2015 13:19) *

INC000005243791


Disregard that number. I created that support request in the wrong section. I'll list the new number as soon as I get it.
SMC Mike
QUOTE(Nikolay Arinchev @ 23.10.2015 10:55) *
Please create a request to KL support.

Please tell us the number of that request.

Thank you!


Here's the new number...

INC000005244299
Artem Ershov
Hi,

Thank you for the information!
SMC Mike
It appears the issue is resolved now. Support was able to fix it by deleting CS Admin Kit.msc located at С:\Users\<user_account>\AppData\Roaming\Microsoft\MMC\

Here's a support link about this file...

http://support.kaspersky.com/7920
Kirill Tsapovsky
QUOTE(SMC Mike @ 28.10.2015 21:00) *
It appears the issue is resolved now. Support was able to fix it by deleting CS Admin Kit.msc located at С:\Users\<user_account>\AppData\Roaming\Microsoft\MMC\

Here's a support link about this file...

http://support.kaspersky.com/7920


Thank you for your feedback!

Please let us know if you have other questions.
Intellytech
QUOTE(Kirill Tsapovsky @ 29.10.2015 00:47) *
Thank you for your feedback!

Please let us know if you have other questions.



Hello.-

I understand this is an all post. I would like to know if this solution apply to KSC version: 10.2.434 ?.

Thanks.
Dmitry Eremeev
QUOTE(Intellytech @ 4.05.2016 22:41) *
Hello.-

I understand this is an all post. I would like to know if this solution apply to KSC version: 10.2.434 ?.

Thanks.


Hello,
yes.
Thank you.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2016 Invision Power Services, Inc.