Reyou Posted November 5 Posted November 5 Hello, I am the admin for Kaspersky for Business antivirus. I have encountered an issue where, after installing the antivirus agent and running the klmover.exe command to change the console server, the server changes, but the connection does not establish. When I use the "send heartbeat" option in the klcsngtgui.exe program, it doesn’t connect to the server and shows error #1259. Upon checking the agent log, I see a message saying "administration server certificate: not installed," even though I have verified the network connection, and TCP port 13000 is open. Both the console and agent versions are 14.2, and I have also tested with different agent versions like 13 and 13.2, but the agent still doesn’t connect to the console. It’s worth mentioning that this issue only occurs on some devices, mostly Windows 10 and Windows 7 32-bit. However, in other places with the same console, we have devices with similar configurations where the agent connects successfully.
Renan Corassa Posted November 5 Posted November 5 Can the device reach port 13000 of the Administration Server? e.g. telnet? What command is used in klmover? What is the version of Network Agent? 1
Reyou Posted November 5 Author Posted November 5 (edited) 23 minutes ago, Renan Corassa said: Can the device reach port 13000 of the Administration Server? e.g. telnet? What command is used in klmover? What is the version of Network Agent? Yes i have telnet to ksc on 13000 tcp And the klmover command used correctly I said the version is 14.2 Edited November 5 by Reyou
Reyou Posted November 6 Author Posted November 6 6 hours ago, Renan Corassa said: Can you please tell me the command? Klmover.exe -address server-ip 1
Renan Corassa Posted November 8 Posted November 8 (edited) I know it may seem reductive, but try: klmover.exe -address server_IP -ps 13000 Edited November 8 by Renan Corassa
JL - KL DACH Posted November 11 Posted November 11 Hello Reyou, klmover will only work when a connection was possible already. If there are problems connecting recreate the Network Agent Installation package on the new KSC server and deploy it. If it is a problem only on a few clients the fastest solution is to copy "klserver.cer" from KSC Server folder C:\ProgramData\KasperskyLab\adminkit\1093\cert to the following folder on client C:\ProgramData\KasperskyLab\adminkit\1103 Be aware this is just a workaround! I hope I have been able to help you and remain with Best Regards 1
KarDip Posted November 15 Posted November 15 (edited) Hello @Reyou It sounds like a certificate-related issue is preventing the Network Agent from establishing a secure connection with the Administration Server. Here are steps you can take to troubleshoot and potentially resolve this: Verify Server Certificate Installation: If the message indicates "administration server certificate: not installed," it suggests that the certificate required for secure communication may not be correctly installed on the client device. You can try re-importing the certificate from the Administration Server. On the affected client: Export the server’s SSL certificate (usually found in the cert folder on the Administration Server) and then manually import it into the client’s Network Agent configuration. Certificate Synchronization: When switching servers with the klmover tool, the certificate chain sometimes doesn’t synchronize correctly. After using klmover, try to force a certificate re-synchronization: You can do this by going to klcsngtgui.exe on the client device and triggering a “Get policy” to see if it initiates the correct exchange with the server. If it still fails, try re-installing the Network Agent with the certificate imported directly from the Administration Server. Firewall and Port Checks: While you’ve confirmed that TCP port 13000 is open, check if UDP port 15000 is also accessible, as some connections might depend on this. Ensure there are no local firewalls or antivirus components blocking communication, particularly on Windows 7 and 10 devices, as they might have more restrictive network settings. Compare Working and Non-Working Client Configurations: Since other devices connect without issue, compare the Network Agent settings, policies, and certificate configurations on working and non-working devices. Sometimes, specific settings or policies can differ on certain client groups or OS-specific configurations. Try a Full Agent Uninstall/Reinstall: On affected devices, perform a clean uninstallation of the Network Agent, then reinstall it with the correct certificate and policies. If these steps don’t resolve the issue, it could be useful to escalate to Kaspersky Technical support, as error #1259 often relates to certificate mismatches or deeper configuration issues between the server and agent on older or customized operating systems. Thank you Edited November 15 by KarDip spellcheck
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now