Kaspersky Security Center 14: Error synchronizing mobiles to the administration server

[SupportNova]

Hello team,
During our deployment of Kaspersky Endpoint Security for Business - Advanced at a customer's site, we encountered a problem and this problem is that when we install the Kaspersky security for Android agent, the agent can't synchronize with the administration server and we don't see it in the console even though the agent was generated from the console.
Can you help me to solve this problem? 
Sincerely.

[ElvinE5]

Good day

1. check again the settings of the package that you typed on KSC

Спойлер

also check if it hits non-assigned devices after installing the agent

 

2. On the problematic device, check the availability of the KSC server and the ability to connect to port 13000 ... it should turn out something like this. Check if your gray screens are blocking the connection.

Спойлер

 

3. run the utility on the problem device - C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klcsngtgui.exe  - with administrator rights

Спойлер

klnagcheck - check if there are any connection errors ... look at the output of the command

Спойлер

 

[SupportNova]

Ok thanks for your answer,
In my case it's the mobile that can't synchronize and I'm asked to regenerate the certificate.
So how to regenerate a certificate so that the mobile can synchronize and recover the policies without reinstalling the console?

[ElvinE5]

I'm sorry, this is my mistake, I somehow did not see that we were talking about android ...

ok let's try again ?

I will assume that you have a new installation KSC and you have not yet done any settings for working with mobile devices

 

1. Turn on the display of menu items for working with mobile devices, don't forget to restart the console after enabling

Спойлер

 

2. On the mobile devices tab, enable support for mobile devices, download the necessary distributions and management plugins, create and configure a certificate for connecting mobile devices (will be created during the execution of the wizard). You can manage the certificate settings using the last link in the screenshot

Спойлер

 

3. as a result of the wizard, the service for mobile devices will be enabled, the necessary ports will be opened

Спойлер

and also created a certificate for mobile devices (you can reissue it right there)

Спойлер

 

4. if you are using a standalone package to install on your devices, check the address and ports for connecting to your server in the package properties. your connected devices will be grouped by default KSM10 (device discovery tab)

Спойлер

 

now about connecting devices

first of all, check that the necessary ports are open and listened to by your server, you can use the command as in my first post by connecting the laptop to the local WiFi network (for example) and executing the command

tnc <IP or DNS> -port 13292

accordingly, you need to ensure that all the necessary routes are already in your network and your firewalls allow access on the necessary ports between the client and the server

after connecting, your devices (for sure) will initially go to "unassigned" devices, you will need to create a separate group for them in "managed" devices and move devices there (you can use auto-move rules), also do not forget to create the necessary policies and necessary tasks.

Also, if your clients connect via mobile internet on their devices, you must also ensure that your external firewall forwards all necessary packets on port 13292 (and 17100 for activation) to your KSC

also you can get the app package for your device directly from the store for your android device (look for a client specifically for business, black icon, not green), and configure the connection to the server already at the time of installation and launch of the connection wizard.

Спойлер

 

 

 

[SupportNova]

Ok thanks for your promptness, I will try and get back to you.

[SupportNova]

Hello, I tried but the phone still can't synchronize 

[SupportNova]

During the deployment we noticed that when we install on the phones, they can't synchronize with the administration server in order to download the defined policies and we don't see them in the console either, even though the setup is blocked from the console.
I need your assistance.
Sincerely.

[DonKid]

Please, open a ticket here.

[ElvinE5]

Good day

I'm sorry, I've been busy with students.

please tell me, is this particular device that on your screen is trying to connect from the internal network via Wi-Fi, or through a mobile operator.

Спойлер

any way

1. If we are connecting through an internal Wi-Fi - make sure that the device (namely, mobile) can resolve the server name specified in your settings, whether your DNS is working correctly. for the duration of the experiment, you can set the server by IP address

2. if you are using a mobile operator, make sure that the serar name you specified is also available from outside and points to your external router, and it has all the necessary rules for port forwarding from outside to the internal server and port 13292.

if the connection is successful, all your devices will be transferred from this list

Спойлер

the "entities" themselves will by default go to the "unassigned" devices and you will need to move them to one of the groups of "managed" devices

they can also be found from the "device discovery" tab, the "KSM10" domain group will be created (same as Workgroup)

Спойлер

 

if nothing really helps, as you were advised above, you can contact technical support directly.

 

[SupportNova]

The wifi to which the device is connected is in the internal network and in the same subnet as the KSC server.

thank you for your answer however the client has no domain, no firewall. it has only the ISP connection but with all the port openings and others it does not synchronize.

 

[SupportNova]

tell me, is it possible to install KESMob on phones if the client does not have Active Directory AD?

[ElvinE5]

В 10.03.2023 в 19:47, SupportNova сказал:

tell me, is it possible to install KESMob on phones if the client does not have Active Directory AD?

yes

[Delton]

I have the same issue with mobile devices. I've checked all the settings and everything looks right, but it won't sync. I managed to solve it by removing Kaspersky from the device and installing it again. One message that might be relevant is 'Cannot find the device on the Administration Server.' when I try to sync through the Admin Center.

[SupportNova]

In this case do you manage to see the mobiles through the administration console?
I have deleted several times to reinstall but it's the same.