Troubleshooting the network errors related to remote installation of KSC Network Agent
Show applications and versions that this article concerns
- Kaspersky Security Center 14.2 (version 14.2.0.26967)
- Kaspersky Security Center 14 (version 14.0.0.10902)
- Kaspersky Security Center 13.2 (version 13.2.0.1511)
- Kaspersky Security Center 13.1 (version 13.1.0.8324)
- Kaspersky Security Center 13 (version 13.0.0.11247)
Issue
Network problems may occur and cause errors when trying to run a remote installation task of Network Agent or a third-party software using operating system resources through Administration Server or using operating system resources through distribution points.
- Errors due to incorrect name resolution to IP addresses:
- “Failed to resolve the network addresses of device: ˂device_name˃”
- “Distribution point "˂DP_name˃" has failed to resolve the device network name(s). No more distribution points have been found.”
- “The device may have been disconnected from the network.”
- Errors due to problems with firewall and routing:
- “The device may have been disconnected from the network. Cannot download the installation package through Network Agent because it is not installed on this device.”
- “Shared folder "\\192.0.2.45\admin$" is unavailable for the following accounts: <Current Administration Server service account> (The RPC server is unavailable.)”
- “Device is shut down or invisible for distribution point "˂DP_name˃". No more distribution points have been found.”
Solution
Troubleshooting the errors caused by incorrect name resolution to IP addresses
- Identify the IP address of connection to the Administration Server or a distribution point locally on the problematic device.
- If on the device there are several active network adapters, VPN or mobile network connections, and further checks reveal other IP addresses belonging to this device, use the recommendations on the Microsoft website:
- Configure the order of network interfaces for supported operating systems (OS)
- Configure the order of network interfaces for outdated or out-of-support OS
- VPN split tunnel configuration
- Consider disabling the following group policy: Connection Manager: Minimize the number of simultaneous connections (fMinimizeConnections). For details, see this article on the Microsoft website.
- Check the status of the DNS Client service (Dnscache):
- Open the command prompt on the Administration Server and the distribution point and run the command:
powershell "Get-Service Dnscache"
- Verify that the service status is Running.
If the status is different, adjust the service launch settings in the domain group policies or via the local Services snap-in (services.msc).
- Open the command prompt on the Administration Server and the distribution point and run the command:
- Open the command prompt and run one of the following commands depending on the installation type, through the Administration Server or the distribution point:
Where device_name is the NetBIOS name of the target device.
If the specified IP address does not match the actual IP address of the target device, reset the local DNS server cache in an open command prompt using the command:
- Use the command from step 5 to check the IP address of the target device again.
If the problem persists, check on the Administration Server or on the distribution point:
- Whether the DNS server specified in the network connection settings is correct.
- Whether resource entries with an outdated IP address and the target device name exist on the DNS server and in the file: C:\Windows\System32\drivers\etc\hosts.
Update or delete these entries.
Troubleshooting the errors caused by firewall and routing problems
Errors may occur if the firewall of the target device, the Administration Server, or a hardware involved in connection between the Administration Server and the device blocks the network connection via port 445 on the endpoint device, or if there are problems with the route configuration.
- Check the connection of the Administration Server with the 445 port of the target device using the command:
device_address is the NetBIOS name or an IP address of the target device on which the application is installed.
- Check messages in the command results and use the following recommendations:
- TcpTestSucceeded: True. This result means that the connection to port 445 was successful.
- WARNING: Name resolution of computer failed. Check if the DNS server correctly resolves host names to IP addresses. For details, see these instructions.
- TCP connect to (˂device_address˃ : 445) failed. This result means that connection to port 445 failed.
Check the traffic filtering settings in the network equipment, operating system firewall, and protection solutions for the end nodes. Make sure that allow rules are enabled to establish connection. - Ping to ˂device_address˃ failed with status: Timeout. This result means that the ICMP protocol is blocked on the firewall, the target device is disconnected from the local network, the communication channel is unstable, or the network routing is disrupted.
For details on configuring the Windows Firewall, visit the Microsoft website:
What to do if the issue persists
- See the operating system configuration recommendations in this article.
- If the installation task completes successfully and the message "Remote installation has completed successfully on this device" appears, but Network Agent is not available or doesn’t appear on the device object, see the recommendations in the article.
- Try to exclude checking the connection of the target device to the Administration Server if Deep Packet Inspection (DPI) or decryption technology and traffic analysis technologies (SSL inspection) are used as part of third-party protection software.
- Use additional centralized tools for deploying Network Agent.
- Using Active Directory group policies
- Integration into a reference OS installation image
- Third-party tools for centralized application deployment
If the issue still persists, submit a request to Kaspersky Technical Support via Kaspersky CompanyAccount. In your request:
- Describe the problem: attach screenshots of the installation error, specify which steps from the instructions you have performed, and provide the output of the diagnostic commands from this article.
- Collect the diagnostic information and attach the created files to your request.