mfpoulsen

Thanks @MilanBortel I managed to get the Administration Server itself up and running again pretty easily. Just edited C:\ProgramData\KasperskyLab\adminkit\1093\cert\klserver.cer and replaced the expired root with the AAA Certificate Services cross-signed certificate that Sectigo made available. After a reboot, the KSC console opens just fine with todays date. It’s a different story for the clients though. They’re as dead as can be. Brought them back to life by doing these commands on each client: Windows Open a DOS prompt or Start --> Run "%PROGRAMFILES(X86)%\Kaspersky Lab\NetworkAgent\klmover.exe" -address ksc.domain.com/virtualserver -pn 80 -ps 443 Mac Open Terminal sudo /Library/Application\ Support/Kaspersky\ Lab/klnagent/Binaries/klmover -address ksc.domain.com/virtualserver -pn 80 -ps 443 Enter the users password It is a very cruel process to go through though I have to say. If only Sectigo had said something or if only Kaspersky had updated the Network Agent core to use the InCommon certificate chain best practices that’s been around since 2015, it wouldn’t have been a problem (https://its.umich.edu/computing/web-mobile/web-application-hosting/ssl-server-certificates) Now it’s just the perfect storm… Anyway will cut my losses and move on… Nothing else I can do about it now...

I think I’m in trouble, hoping for some help here. I installed KSC12 and installed a Sectigo certificate a good while back ( a year or so). All has been working great up until yesterday where I started getting an error when opening the KSC Console “Invalid Administration Server Certificate File”. After some troubleshooting, I found that when I change the date back to 29 May on the server, the KSC console launches just fine. If I set the date to 30 May or beyond, I get the error. Turns out that effin Sectigo have been issuing certificates using AddTrust External CA Root which coincidently expired 30 May 2020 (https://thesslonline.com/blog/sectigo-addtrust-external-ca-root-expiring-may-30-2020). Why on earth they would issue certificates using that CA for certificates with a validity date beyond 30 May 2020 is a MYSTERY to me to say the least… My actual certificate is valid until 21 April 2021. Biggest problem is that even if I change the date back on the KSC server to 29 May and I can get into the KSC console, all the clients are apparently not connecting to KSC. I have 250 machines installed in worldwide locations and don’t have access to most of them physically. Is there anything I can do to get the clients back on KSC, or is it a total loss?