You can check the connection and obtain detailed information about the settings of the connection between a client device and Administration Server by using the klnagchk utility. When Network Agent is installed on a device, the klnagchk utility is automatically copied to the Network Agent installation folder.
The klnagchk utility can detect the following potential issues with connecting Network Agent to Administration Server:
Starting utility 'klnagchk'...
...
Attempting to connect to Administration Server...OK
Attempting to connect to Network Agent...OK
Network Agent is running.
For example, if the following result is displayed, you have to reinstall the Network Agent:
Starting utility 'klnagchk'...
...
Attempting to connect to Administration Server...OK
Attempting to connect to Network Agent...Error - Network Agent is not running.
You cannot always rely on information about the status of the Network Agent service from the klnagchk output. For example, if you did not enable the Start application during installation check box when you installed the Network Agent, the klnagchk output will not show any information about the Network Agent service. In this case, you can use the following PowerShell command: Get-Service klnagent
Attempting to connect to Administration Server... line of the command output, an error about connecting to Administration Server is displayed, pay attention to the specified error text and the device connection address in the result line of sending the ICMP (the address displayed after the An attempt to send ICMP packet to the Administration Server line).Connection errors to Administration Server or a connection gateway are usually caused by the following:
If you use a firewall that decrypted the traffic between the Network Agent and Administration Server (SSL/TLS deep inspection), problems with network availability of the Administration Server SSL port may occur. In this case, switch the Administration Server port to 14000 by using the klmover utility as follows:
klmover -address administrationserveraddressorIP -pn 14000 -nossl
After that, check the availability of port 14000 by using the telnet or akconnect tool. If port 14000 is available, then using the SSL/TLS deep inspection may lead to the problems with network availability of port 13000.
Run the following command to check the SSL connection (TLS 1.0):
openssl s_client -connect KSCServername:13000 -tls1 >tls1check.txt
Example of the OpenSSL output when a problem with TLSv1 traffic occurs:
CONNECTED(000001F4)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 137 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1694581538
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Run the following command to check the SSL connection (TLS 1.2):
openssl s_client -connect KSCServername:13000 -tls1_2 >tls1_2check.txt
Example of the OpenSSL output when a problem with TLSv1.2 traffic occurs:
CONNECTED(000001F4)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 227 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1694581395
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
For more information, refer to Troubleshooting the connection problems between the Network Agent for Windows and the Administration Server.
Page top