Administration Server warning events

The table below shows the events of Kaspersky Security Center Administration Server that have the Warning importance level.

For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.

Administration Server warning events

Event type display name

Event type ID

Event type

Description

Default storage term

A frequent event has been detected

 

KLSRV_EVENT_SPAM_EVENTS_DETECTED

Events of this type occur when Administration Server detects a frequent event on a managed device. Refer to the following section for details: Blocking frequent events.

90 days

License limit has been exceeded

4098

KLSRV_EV_LICENSE_CHECK_100_110

Once a day Kaspersky Security Center checks whether a license limit is exceeded.

Events of this type occur when Administration Server detects that some licensing limits are exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license constitute 100% to 110% of the total number of units covered by the license.

Even when this event occurs, client devices are protected.

You can respond to the event in the following ways:

  • Look through the managed devices list. Delete devices that are not in use.
  • Provide a license for more devices (add a valid activation code or a key file to Administration Server).

Kaspersky Security Center determines the rules to generate events when a license limit is exceeded.

90 days

Device has remained inactive on the network for a long time

4103

KLSRV_EVENT_HOSTS_NOT_VISIBLE

Events of this type occur when a managed device shows inactivity for some time.

Most often, this happens when a managed device is decommissioned.

You can respond to the event in the following ways:

90 days

Conflict of device names

4102

KLSRV_EVENT_HOSTS_CONFLICT

Events of this type occur when Administration Server considers two or more managed devices as a single device.

Most often this happens when a cloned hard drive was used for software deployment on managed devices and without switching the Network Agent to the dedicated disk cloning mode on a reference device.

To avoid this issue, switch Network Agent to the disk cloning mode on a reference device before cloning the hard drive of this device.

90 days

Device status is Warning

4114

KLSRV_HOST_STATUS_WARNING

Events of this type occur when a managed device is assigned the Warning status. You can configure the conditions under which the device status is changed to Warning.

90 days

Limit of installations will soon be exceeded for one of the licensed applications groups

4127

KLSRV_INVLICPROD_FILLED

Events of this type occur when the number of installations for third-party applications included in a licensed applications group reaches 90% of the maximum allowed value specified in the license key properties.

You can respond to the event in the following ways:

  • If the third-party application is not in use on some of the managed devices, delete the application from these devices.
  • If you expect that the number of installations for the third-party application will exceed the allowed maximum in the near future, consider obtaining a third-party license for a greater number of devices in advance.

You can manage license keys of third-party applications using the functionality of licensed applications groups.

90 days

Certificate has been requested

4133

KLSRV_CERTIFICATE_REQUESTED

Events of this type occur when a certificate for Mobile Device Management fails to be automatically reissued.

Following might be the causes and appropriate responses to the event:

  • Automatic reissue was initiated for a certificate for which the Reissue certificate automatically if possible option is disabled. This might be due to an error that occurred during creation of the certificate. Manual reissue of the certificate might be required.
  • If you use an integration with a public key infrastructure, the cause might be a missing SAM-Account-Name attribute of the account used for integration with PKI and for issuance of the certificate. Review the account properties.

90 days

Certificate has been removed

4134

KLSRV_CERTIFICATE_REMOVED

Events of this type occur when an administrator removes any type of certificate (General, Mail, VPN) for Mobile Device Management.

After removing a certificate, mobile devices connected via this certificate will fail to connect to Administration Server.

This event might be helpful when investigating malfunctions associated with the management of mobile devices.

90 days

APNs certificate has expired

4135

KLSRV_APN_CERTIFICATE_EXPIRED

Events of this type occur when an APNs certificate expires.

You need to manually renew the APNs certificate and install it on an iOS MDM Server.

Not stored

APNs certificate expires soon

4136

KLSRV_APN_CERTIFICATE_EXPIRES_SOON

Events of this type occur when there are fewer than 14 days left before the APNs certificate expires.

When the APNs certificate expires, you need to manually renew the APNs certificate and install it on an iOS MDM Server.

We recommend that you schedule the APNs certificate renewal in advance of the expiration date.

Not stored

Failed to send the FCM message to the mobile device

4138

KLSRV_GCM_DEVICE_ERROR

Events of this type occur when Mobile Device Management is configured to use Firebase Cloud Messaging (FCM) for connecting to managed mobile devices with an Android operating system and FCM Server fails to handle some of the requests received from Administration Server. It means that some of the managed mobile devices will not receive a push notification.

Read the HTTP code in the details of the event description and respond accordingly. For more information on the HTTP codes received from FCM Server and related errors, please refer to the Firebase service documentation (see chapter "Downstream message error response codes").

90 days

HTTP error sending the FCM message to the FCM server

4139

KLSRV_GCM_HTTP_ERROR

Events of this type occur when Mobile Device Management is configured to use Firebase Cloud Messaging (FCM) for connecting managed mobile devices with the Android operating system and FCM Server reverts to the Administration Server a request with a HTTP code other than 200 (OK).

Following might be the causes and appropriate responses to the event:

  • Problems on the FCM server side. Read the HTTP code in the details of the event description and respond accordingly. For more information on the HTTP codes received from FCM Server and related errors, please refer to the Firebase service documentation (see chapter "Downstream message error response codes").
  • Problems on the proxy server side (if you use proxy server). Read the HTTP code in the details of the event description and respond accordingly.

90 days

Failed to send the FCM message to the FCM server

4140

KLSRV_GCM_GENERAL_ERROR

Events of this type occur due to unexpected errors on the Administration Server side when working with the Firebase Cloud Messaging HTTP protocol.

Read the details in the event description and respond accordingly.

If you cannot find the solution to an issue on your own, we recommend that you contact Kaspersky Technical Support.

90 days

Little free space on the hard drive

4105

KLSRV_NO_SPACE_ON_VOLUMES

Events of this type occur when the hard drive of the device on which Administration Server is installed almost runs out of free space.

Free up disk space on the device.

90 days

Little free space in the Administration Server database

4106

KLSRV_NO_SPACE_IN_DATABASE

Events of this type occur if space in the Administration Server database is too limited. If you do not remedy the situation, soon the Administration Server database will reach its capacity and Administration Server will not function.

Following are the causes of this event, depending on the DBMS that you use, and the appropriate responses to the event.

You use the SQL Server Express Edition DBMS:

  • In the SQL Server Express documentation, review the database size limit for the version you use. Probably your Administration Server database is about to reach the database size limit.
  • Limit the number of events to store in the Administration Server database.
  • In the Administration Server database there are too many events sent by the Application Control component. You can change the settings of the Kaspersky Endpoint Security for Windows policy relating to Application Control event storage in the Administration Server database.

You use a DBMS other than SQL Server Express Edition:

Review the information on DBMS selection.

90 days

Connection to the secondary Administration Server has been interrupted

4116

KLSRV_EV_SLAVE_SRV_DISCONNECTED

Events of this type occur when a connection to the secondary Administration Server is interrupted.

Read the Kaspersky Event Log on the device where the secondary Administration Server is installed and respond accordingly.

90 days

Connection to the primary Administration Server has been interrupted

4118

KLSRV_EV_MASTER_SRV_DISCONNECTED

Events of this type occur when a connection to the primary Administration Server is interrupted.

Read the Kaspersky Event Log on the device where the primary Administration Server is installed and respond accordingly.

90 days

New updates for Kaspersky application modules have been registered

4141

KLSRV_SEAMLESS_UPDATE_REGISTERED

Events of this type occur when Administration Server registers new updates for the Kaspersky software installed on managed devices that require approval to be installed.

Approve or decline the updates by using Administration Console or using Kaspersky Security Center Web Console.

90 days

The limit on the number of events in the database is exceeded, deletion of events has started

4145

KLSRV_EVP_DB_TRUNCATING

Events of this type occur when deletion of old events from the Administration Server database has started after the Administration Server database capacity is reached.

You can respond to the event in the following ways:

Not stored

The limit on the number of events in the database is exceeded, the events have been deleted

4146

KLSRV_EVP_DB_TRUNCATED

Events of this type occur when old events have been deleted from the Administration Server database after the Administration Server database capacity is reached.

You can respond to the event in the following ways:

Not stored

See also:

Administration Server critical events

Administration Server functional failure events

Administration Server informational events

About events in Kaspersky Security Center

Page top