Jump to content
Kaspersky Support Forum

Klfoc Service Failed To Start On Windows Server 2025 Everytime After Reboot

Sang

By Sang
in Kaspersky Security Center

 Share

Recommended Posts

Sang

Sang

Posted
Posted

Hello fellows, we deployed a Kaspersky Security Center Failover Cluster following Kaspersky’s documentation, but we are encountering an issue related to the Klfoc service. The service does not start automatically even though its Startup Type is set to Automatic. We have to start it manually after each server reboot when testing failover.

Reproduction Steps:

Step 1: We turn off KSC-01 Server and failover switches to KSC-02 successfully.

Step 2: After that, we turn on KSC-01, then turn off KSC-02 to test failover again, an error appears during server (KSC-01) startup.

Step 3: We've to manually start the Klfoc service via services.msc, after that, the system returns to normal operation.

I would like to know whether this issue is related to the OS or the Kaspersky service itself.

Environment:

  • Kaspersky Security Center: 15.1.0.22239

  • Network Agent: 15.1.0.22239

  • OS: Windows Server 2025

  • Database: MSSQL 2022 / SQL Server 16.0

  • Klfoc Service Log On: Local System

  • Account running KSC core services: ksc

  • Account running services like Web, Proxy,..: rightless

image.thumb.png.df930ee5185ed15dbbf711ac2715a2ce.pngimage.thumb.png.d6344cc94cfa7a8c0d69d28425523c00.pngimage.thumb.png.d0a8134b49fbc635e8eda24241086249.pngimage.thumb.png.f365adc13c87292aca14b46d8f543862.pngimage.thumb.png.091390b48365d1ae0ca7effa65ecb6e2.png

Tahmeed702

Tahmeed702

Posted
Posted

How do you deployed Failover cluster , can you share any video record or docs 

Sang

Sang

Posted
  • Author
Posted

Sorry, I don’t have any recordings yet. all materials are from Kaspersky’s documentation about Failover Cluster Deployment. I know few folks may feel confused at first, so here is the basic overview from my perspective:

  • We have 6 servers in total in our deployment: 1 Domain Controller (DC) for AD DS and File Share, 2 servers for MSSQL (Always On clustering), and 2 servers for Kaspersky Security Center (KSC).

  • On Active Directory, create an OU named KSC, then create a domain security group named KLAdmins inside that OU. After that, create two users under that OU named ksc and rightless, and add those users to the KLAdmins group.

  • Create file shares on the Domain Controller: one for state (named ksc-state) and another for data (named ksc-data). Grant full control to the KLAdmins group on both the share permissions and NTFS permissions.

  • On the Domain Controller, after the two KSC servers join the domain, move their computer name into the KSC OU and add them to the KLAdmins group (You will need to select section call Object and add Computer into it to find KSC Computer Host Name).

  • On the KSC servers, create a redundancy interface or set up a load balancer (nginx for an instance), depending on your team’s decision. Map ksc-state and ksc-data as network drives. Then open Computer Management, create a local group named KLAdmins, and add domain\ksc and domain\rightless to that group. You also need to add domain\ksc to the local Administrators group on both KSC servers.

  • After completing these preparations, you can install KSC as a Failover Cluster by following the official Kaspersky documentation. Good luck!

 

14 hours ago, Tahmeed702 said:

How do you deployed Failover cluster , can you share any video record or docs 

Sorry, I don’t have any recordings yet. all materials are from Kaspersky’s documentation about Failover Cluster Deployment. I know few folks may feel confused at first, so here is the basic overview from my perspective:

  • We have 6 servers in total in our deployment: 1 Domain Controller (DC) for AD DS and File Share, 2 servers for MSSQL (Always On clustering), and 2 servers for Kaspersky Security Center (KSC).

  • On Active Directory, create an OU named KSC, then create a domain security group named KLAdmins inside that OU. After that, create two users under that OU named ksc and rightless, and add those users to the KLAdmins group.

  • Create file shares on the Domain Controller: one for state (named ksc-state) and another for data (named ksc-data). Grant full control to the KLAdmins group on both the share permissions and NTFS permissions.

  • On the Domain Controller, after the two KSC servers join the domain, move their computer name into the KSC OU and add them to the KLAdmins group (You will need to select section call Object and add Computer into it to find KSC Computer Host Name).

  • On the KSC servers, create a redundancy interface or set up a load balancer (nginx for an instance), depending on your team’s decision. Map ksc-state and ksc-data as network drives. Then open Computer Management, create a local group named KLAdmins, and add domain\ksc and domain\rightless to that group. You also need to add domain\ksc to the local Administrators group on both KSC servers.

  • After completing these preparations, you can install KSC as a Failover Cluster by following the official Kaspersky documentation. Good luck!

  • 2 weeks later...
JL - KL DACH

JL - KL DACH

Posted
Posted

Hello Sang,

the service klfoc do not start because it seems the network is no really ready when failover to it.

Please open services.msc and go to the service properties and select Restore tab and set the service to wait, perhaps 2 Minutes, and retry to start the service until it is started. As per Screenshot there were a few minutes between failed and new start. Seems to be a timing issue. So maybe this workaround can prevent the problem.

Best Regards

 

  • Like 1
Sang

Sang

Posted
  • Author
Posted
15 hours ago, JL - KL DACH said:

Hello Sang,

the service klfoc do not start because it seems the network is no really ready when failover to it.

Please open services.msc and go to the service properties and select Restore tab and set the service to wait, perhaps 2 Minutes, and retry to start the service until it is started. As per Screenshot there were a few minutes between failed and new start. Seems to be a timing issue. So maybe this workaround can prevent the problem.

Best Regards

 

Hi JL – KL DACH, thanks for your reply. However, after adding the “Restart service after” setting as shown in the image below, the service still fails to start automatically.

P/S: Following your suggestion, we also tried to add the DelayAutostarted key to the registry hive (after we followed your suggestion but still failed), but the service still does not enter the auto-start state and does not run automatically. Another noteworthy point is that when we run this service under a different account (in our case, it was domain account - 'ksc'), the service starts successfully, but it does not function properly due to insufficient privileges compared to the Local System account.image.thumb.png.235c06691e647d010b19f83e5e7affcc.png

image.png

image.png

image.png

JL - KL DACH

JL - KL DACH

Posted
Posted
Am 11.2.2026 um 05:54 schrieb Sang:

domain account - 'ksc'), the service starts successfully, but it does not function properly due to insufficient privileges compared to the Local System account.

Hello,

what does it exactly mean? What is not funktion properly with the domain account? Does it have Logon as a server permission?

If this needs more deeper troubleshooting and exchanging private and personal details I recommend to open a ticket with technical support.

Best Regards

Sang

Sang

Posted
  • Author
Posted
On 2/17/2026 at 4:28 PM, JL - KL DACH said:

Hello,

what does it exactly mean? What is not funktion properly with the domain account? Does it have Logon as a server permission?

If this needs more deeper troubleshooting and exchanging private and personal details I recommend to open a ticket with technical support.

Best Regards

Hello,

Account 'ksc' had Logon as a service account along with 'rightless' and also kaspersky related services.

Also, thank you, my team will submit a ticket with technical support soon.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...