Administration Server warning events

The table below shows the events of Kaspersky Security Center Cloud Console Administration Server that have the Warning importance level.

For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.

Administration Server warning events

Event type display name

Event type ID

Event type

Description

Default storage term

License limit has been exceeded

4098

KLSRV_EV_LICENSE_CHECK_100_110

Once a day Kaspersky Security Center Cloud Console checks whether a license limit is exceeded.

Events of this type occur when Administration Server detects that some licensing limits are exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license constitute 100% to 110% of the total number of units covered by the license.

Even when this event occurs, client devices are protected.

You can respond to the event in the following ways:

  • Look through the managed devices list. Delete devices that are not in use.
  • Provide a license for more devices (add a valid activation code or a key file to Administration Server).

Kaspersky Security Center Cloud Console determines the rules to generate events when a license limit is exceeded.

90 days

Device has remained inactive on the network for a long time

4103

KLSRV_EVENT_HOSTS_NOT_VISIBLE

Events of this type occur when a managed device shows inactivity for some time.

Most often, this happens when a managed device is decommissioned.

You can respond to the event in the following ways:

90 days

Conflict of device names

4102

KLSRV_EVENT_HOSTS_CONFLICT

Events of this type occur when Administration Server considers two or more managed devices as a single device.

Most often this happens when a cloned hard drive was used for software deployment on managed devices and without switching the Network Agent to the dedicated disk cloning mode on a reference device.

To avoid this issue, switch Network Agent to the disk cloning mode on a reference device before cloning the hard drive of this device.

90 days

Device status is Warning

4114

KLSRV_HOST_STATUS_WARNING

Events of this type occur when a managed device is assigned the Warning status. You can configure the conditions under which the device status is changed to Warning.

90 days

Limit of installations will soon be reached for one of the licensed applications groups

4127

KLSRV_INVLICPROD_FILLED

Events of this type occur when the number of installations for third-party applications included in a licensed applications group reaches 90% of the maximum allowed value specified in the license key properties.

You can respond to the event in the following ways:

  • If the third-party application is not in use on some of the managed devices, delete the application from these devices.
  • If you expect that the number of installations for the third-party application will exceed the allowed maximum in the near future, consider obtaining a third-party license for a greater number of devices in advance.

You can manage license keys of third-party applications using the functionality of licensed applications groups.

90 days

Certificate has been requested

4133

KLSRV_CERTIFICATE_REQUESTED

Events of this type occur when a certificate for Mobile Device Management fails to be automatically reissued.

Following might be the causes and appropriate responses to the event:

  • Automatic reissue was initiated for a certificate for which the Certificate has been requested option is disabled. This might be due to an error that occurred during creation of the certificate. Manual reissue of the certificate might be required.
  • If you use an integration with a public key infrastructure, the cause might be a missing SAM-Account-Name attribute of the account used for integration with PKI and for issuance of the certificate. Review the account properties.

90 days

Certificate has been removed

4134

KLSRV_CERTIFICATE_REMOVED

Events of this type occur when an administrator removes any type of certificate (General, Mail, VPN) for Mobile Device Management.

After removing a certificate, mobile devices connected via this certificate will fail to connect to Administration Server.

This event might be helpful when investigating malfunctions associated with the management of mobile devices.

90 days

APNs certificate has expired

4135

KLSRV_APN_CERTIFICATE_EXPIRED

Events of this type occur when an APNs certificate expires.

You need to manually renew the APNs certificate and install it on an iOS MDM Server.

90 days

APNs certificate expires soon

4136

KLSRV_APN_CERTIFICATE_EXPIRES_SOON

Events of this type occur when there are fewer than 14 days left before the APNs certificate expires.

When the APNs certificate expires, you need to manually renew the APNs certificate and install it on an iOS MDM Server.

We recommend that you schedule the APNs certificate renewal in advance of the expiration date.

90 days

Failed to send the FCM message to the mobile device

4138

KLSRV_GCM_DEVICE_ERROR

Events of this type occur when Mobile Device Management is configured to use Google Firebase Cloud Messaging (FCM) for connecting to managed mobile devices with an Android operating system and FCM Server fails to handle some of the requests received from Administration Server. It means that some of the managed mobile devices will not receive a push notification.

Read the HTTP code in the details of the event description and respond accordingly. For more information on the HTTP codes received from FCM Server and related errors, please refer to the Google Firebase service documentation (see chapter "Downstream message error response codes").

90 days

HTTP error sending the FCM message to the FCM server

4139

KLSRV_GCM_HTTP_ERROR

Events of this type occur when Mobile Device Management is configured to use Google Firebase Cloud Messaging (FCM) for connecting managed mobile devices with the Android operating system and FCM Server reverts to the Administration Server a request with a HTTP code other than 200 (OK).

Following might be the causes and appropriate responses to the event:

  • Problems on the FCM server side. Read the HTTP code in the details of the event description and respond accordingly. For more information on the HTTP codes received from FCM Server and related errors, please refer to the Google Firebase service documentation (see chapter "Downstream message error response codes").
  • Problems on the proxy server side (if you use proxy server). Read the HTTP code in the details of the event and respond accordingly.

90 days

Failed to send the FCM message to the FCM server

4140

KLSRV_GCM_GENERAL_ERROR

Events of this type occur due to unexpected errors on the Administration Server side when working with the Google Firebase Cloud Messaging HTTP protocol.

Read the details in the event description and respond accordingly.

If you cannot find the solution to an issue on your own, we recommend that you contact Kaspersky Technical Support.

90 days

Connection to the secondary Administration Server has been interrupted

4116

KLSRV_EV_SLAVE_SRV_DISCONNECTED

Events of this type occur when a connection to the secondary Administration Server is interrupted.

Read the operating system log on the device where the secondary Administration Server is installed and respond accordingly.

90 days

Connection to the primary Administration Server has been interrupted

4118

KLSRV_EV_MASTER_SRV_DISCONNECTED

Events of this type occur when a connection to the primary Administration Server is interrupted.

Read the operating system log on the device where the primary Administration Server is installed and respond accordingly.

90 days

Audit: Test connection to SIEM server failed

5120

KLAUD_EV_SIEM_TEST_FAILED

Events of this type occur when an automatic connection test to the SIEM server failed.

90 days

See also:

Administration Server events

About events in Kaspersky Security Center Cloud Console

Administration Server critical events

Administration Server functional failure events

Administration Server informational events

Page top