Kumar_K

The problem was caused by the database compatibility setting. The support team assisted me. Changed the compatibility from 2008 to 2019 and that solved the problem.

Thanks for the response @DonKid The support helped me to solve the issue. Problem resolved.

Hi @MilanBortel Thanks for your response. Just completed the backup restoration in the new server. The restoration process went well but post restoration, I was not able to connect to the administration server through console. I noticed the following error messages in the event log. Any idea on how to solve this? Service 'kladminserver' has been stopped due to an error. #1950 (102) Generic db error: "102 'Incorrect syntax near '('.{42000};' LastStatement='EXEC grp_sync_subgroups'" Stop due to error. #1950 (102) Generic db error: "102 'Incorrect syntax near '('.{42000};' LastStatement='EXEC grp_sync_subgroups'"

Hi Support, We followed Kaspersky KB listed below to migrate Kaspersky Administration Server to a new Server. https://support.kaspersky.com/13920#block3 https://support.kaspersky.com/KSC/13/en-US/3675.htm Source Server Configuration: OS: 2012 R2 (with latest CU) DB: SQL Server 2014 (SQL Server 2014 RTM) Kaspersky Version: 13.2 DB Coliation: SQL_Latin_1_General_CP1_CI_AS Destination Server: OS: 2019 (with latest CU) DB: SQL Server 2019 (SQL Server 2019 CU14) Kaspersky Version: 13.2 DB Coliation: SQL_Latin_1_General_CP1_CI_AS Hostname and IP Address: The destination server has the same hostname and IP address as the source server. The whole backup restoration process in the new server went well. Rebooted the server post restoration and unable to connect to the Administration console. Noticed the following error message in the Windows event log: Service 'kladminserver' has been stopped due to an error. #1950 (102) Generic db error: "102 'Incorrect syntax near '('.{42000};' LastStatement='EXEC grp_sync_subgroups'" Stop due to error. #1950 (102) Generic db error: "102 'Incorrect syntax near '('.{42000};' LastStatement='EXEC grp_sync_subgroups'" Your suggestions or feedbacks are welcomed.

Hi @MilanBortel Thanks for the quick response. Just to make sure that I understand the process correctly, you mean the new KSC server must have the SSL certificate and master keys for FDE and FLE of the old server (through backup restoration) before I can test the encryption key export and re-import procedure?

Hi @MilanBortel Thanks for the detailed description. Yes, I can request our helpdesk to keep track of such requests from the users. For such scenarios I could just simply decrypt and re-encrypt those computers in the new server. The full disk encryption should be find. But my fear is is about the encrypted USB drives. We have enabled USB drive encryption in portable mode. We have no control over the number of USB devices the users own. The USB drives can also be their personal device. If a user encrypt a new USB drive during the transition (it should be that long, 2-4 hours at max) there is a chance to loose that particular key right? I tried to discover the KSC reporting but there is no option to generate a report on when a USB key was encrypted. I noticed that, there is an option in the KSC server’s properties to export and re-import Encryption keys in a new administration server but I don’t its doing anything at all. I tried to re-import the keys in a staging KSC server (clean instance) but I can’t see any information about encrypted drives post import process.

Hi @MilanBortel Thanks for your response. During the transition phase (the gap between backup restoration and switching admin server) if there is a change in the encryption key, will the client updates the new server when it connects to the new server? The change in the recovery key happens when a user forget the Bitlocker PIN.

Dear All, I am working for a MSP. We are managing several Kaspersky Security Center systems for our clients. We in the process of standardizing the KSC implementation (version, configuration and SOPs). Most enviroment requires an upgrade. Managed to upgrade some of the systems to the brand new KSC 13.2 successfully. Next week, I am planning to upgrade an enviroment from KSC 12 to KSC 13.2. Right now, the KSC 12 is installed in a domain controller together with local MS SQL instance where there KAV DB resides. To clean-up the mess, I prefer to decommission the domain controller by installing a new domain controller. For the KSC, I prefer to install KSC 13.2 in a brand new VM. Once the server is ready, I will be using the “Switch administration server” group task to move the existing clients from the old KSC server to the new KSC server. In a normal situation, I believe the migration plan should works well. However, I have one blocking point for which I would like seek clarification from the Kaspersky community. 100% of PCs that are managed by the KSC 12 server are encrypted through Kaspersky. 70% of the PCs are encrypted with Bitlocker and the rest are encrypted with Kaspersky’s native encryption tool. From the documentation, I understand that Kaspersky allows exporting and importing of encryption keys from 1 administration server to the other. I would like to understand if exporting and importing the encryption keys from the current server to the new server would allow me to decrypt the computers and the external USB drives from the new server. The support team uses the “grant access in offline mode” function to provide assistance for the users whenever the users forget their PIN/Password. Your feedback and comments are most welcome. Thanks for sharing your thoughts and comments.

Dear All, We have upgraded our Kaspersky Security Center Server to version 13.2. 80% of all our Kaspersky network agents (in PCs and Servers) are now all upgraded to 13.2. For the Kaspersky Endpoint Security application, we managed to upgrade some of the PCs (in LAN) through the use of group task. For remote workers PCs (VPN) however we prefer to push it as an update through Kaspersky Update Management. This is because, we don’t want to distribute the large update binary through VPN connection. As now of only KESW 11.6 is available in Software Updates section of the Kaspersky Administration Console. Any idea on when Kaspersky will distribute KESW 11.7 as an update? I am working for a MSP and I observed this in 2 of my client’s environments.