Jump to content
Update to the Latest Version for Smooth VPN Performance ×
Kaspersky Support Forum

Klfoc Service Failed To Start On Windows Server 2025 Everytime After Reboot

Sang

By Sang
in Kaspersky Security Center

 Share

Recommended Posts

Sang

Sang

Posted
Posted

Hello fellows, we deployed a Kaspersky Security Center Failover Cluster following Kaspersky’s documentation, but we are encountering an issue related to the Klfoc service. The service does not start automatically even though its Startup Type is set to Automatic. We have to start it manually after each server reboot when testing failover.

Reproduction Steps:

Step 1: We turn off KSC-01 Server and failover switches to KSC-02 successfully.

Step 2: After that, we turn on KSC-01, then turn off KSC-02 to test failover again, an error appears during server (KSC-01) startup.

Step 3: We've to manually start the Klfoc service via services.msc, after that, the system returns to normal operation.

I would like to know whether this issue is related to the OS or the Kaspersky service itself.

Environment:

  • Kaspersky Security Center: 15.1.0.22239

  • Network Agent: 15.1.0.22239

  • OS: Windows Server 2025

  • Database: MSSQL 2022 / SQL Server 16.0

  • Klfoc Service Log On: Local System

  • Account running KSC core services: ksc

  • Account running services like Web, Proxy,..: rightless

image.thumb.png.df930ee5185ed15dbbf711ac2715a2ce.pngimage.thumb.png.d6344cc94cfa7a8c0d69d28425523c00.pngimage.thumb.png.d0a8134b49fbc635e8eda24241086249.pngimage.thumb.png.f365adc13c87292aca14b46d8f543862.pngimage.thumb.png.091390b48365d1ae0ca7effa65ecb6e2.png

Tahmeed702

Tahmeed702

Posted
Posted

How do you deployed Failover cluster , can you share any video record or docs 

Sang

Sang

Posted
  • Author
Posted

Sorry, I don’t have any recordings yet. all materials are from Kaspersky’s documentation about Failover Cluster Deployment. I know few folks may feel confused at first, so here is the basic overview from my perspective:

  • We have 6 servers in total in our deployment: 1 Domain Controller (DC) for AD DS and File Share, 2 servers for MSSQL (Always On clustering), and 2 servers for Kaspersky Security Center (KSC).

  • On Active Directory, create an OU named KSC, then create a domain security group named KLAdmins inside that OU. After that, create two users under that OU named ksc and rightless, and add those users to the KLAdmins group.

  • Create file shares on the Domain Controller: one for state (named ksc-state) and another for data (named ksc-data). Grant full control to the KLAdmins group on both the share permissions and NTFS permissions.

  • On the Domain Controller, after the two KSC servers join the domain, move their computer name into the KSC OU and add them to the KLAdmins group (You will need to select section call Object and add Computer into it to find KSC Computer Host Name).

  • On the KSC servers, create a redundancy interface or set up a load balancer (nginx for an instance), depending on your team’s decision. Map ksc-state and ksc-data as network drives. Then open Computer Management, create a local group named KLAdmins, and add domain\ksc and domain\rightless to that group. You also need to add domain\ksc to the local Administrators group on both KSC servers.

  • After completing these preparations, you can install KSC as a Failover Cluster by following the official Kaspersky documentation. Good luck!

 

14 hours ago, Tahmeed702 said:

How do you deployed Failover cluster , can you share any video record or docs 

Sorry, I don’t have any recordings yet. all materials are from Kaspersky’s documentation about Failover Cluster Deployment. I know few folks may feel confused at first, so here is the basic overview from my perspective:

  • We have 6 servers in total in our deployment: 1 Domain Controller (DC) for AD DS and File Share, 2 servers for MSSQL (Always On clustering), and 2 servers for Kaspersky Security Center (KSC).

  • On Active Directory, create an OU named KSC, then create a domain security group named KLAdmins inside that OU. After that, create two users under that OU named ksc and rightless, and add those users to the KLAdmins group.

  • Create file shares on the Domain Controller: one for state (named ksc-state) and another for data (named ksc-data). Grant full control to the KLAdmins group on both the share permissions and NTFS permissions.

  • On the Domain Controller, after the two KSC servers join the domain, move their computer name into the KSC OU and add them to the KLAdmins group (You will need to select section call Object and add Computer into it to find KSC Computer Host Name).

  • On the KSC servers, create a redundancy interface or set up a load balancer (nginx for an instance), depending on your team’s decision. Map ksc-state and ksc-data as network drives. Then open Computer Management, create a local group named KLAdmins, and add domain\ksc and domain\rightless to that group. You also need to add domain\ksc to the local Administrators group on both KSC servers.

  • After completing these preparations, you can install KSC as a Failover Cluster by following the official Kaspersky documentation. Good luck!

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...