Solving issues with connecting the Administration Console to the Kaspersky Security Center Administration Server
Show applications and versions that this article concerns
- Kaspersky Security Center 15.1 (version 15.1.0.20748)
- Kaspersky Security Center 14.2 (version 14.2.0.26967)
- Kaspersky Security Center 14 (version 14.0.0.10902)
Issue
When connecting MMC to the Kaspersky Security Center (hereinafter “KSC”) Administration Server, some connection problems may occur. For example: “Failed to establish connection with the remote device (location: 'http://localhost:13291'): connection has failed.”
Solution
To identify the cause of the issue and find a solution, try connecting to the KSC Administration Server via the local Administration Console on a device hosting the KSC Administration Server.
- If the local console successfully connects to the KSC Administration Server, therefore the server operates properly.
To fix the issue, perform network availability diagnostics and follow the instructions for your particular problem. - If the local console cannot establish connection to the Administration Server, see the instructions on troubleshooting.
If the connection problem persists, use these instructions regarding diagnostics of ports and the Administration Server.
Network availability diagnostics
- Identify which port is used for connection:
- Open KSC.
- Proceed to the KSC Administration Server properties.
- Go to Administration Server connection settings → Connection ports.
- Look at the port specified in the SSL port for Administration Console field.
- Check connection to the standard port 13291 or to the custom one used for the Administration Console connection from the previous step using the following command:
Note that “ksc.example.com” is the Fully Qualified Domain Name (“FQDN”) or an IP address of the KSC Administration Server; “13291” is a connection port of the KSC Administration Console.
- Examine the command execution result and follow the guides described in the “Solution” column in the table below.
| Error / Result | Cause | Solution |
|---|---|---|
|
The error “Name resolution of ˂ksc_name˃ failed” occurs; the string “RemoteAddress” is empty. |
The FQDN name could not be converted to an IP address. | Try using an IP address to connect to the KSC Administration Server.
To be able to connect via the FQDN name, fix DNS name resolution issues. |
| “TCP connect to (˂ksc_ip˃ : ˂console_port˃) failed” | The issue is related to network availability. |
Check the traffic filtering settings in network equipment, operating system firewall, and protection solutions for the end nodes. Make sure that allow rules are enabled to establish connection.
|
|
“Ping to ˂ksc_ip˃ failed with status: Timeout” |
No response to an Echo Request from the Administration Server. In some cases, such a behavior is normal and does not indicate network availability problems with the Administration Server. If so, when outputting the command, there will be the “PingSucceeded:True” string which confirms the Echo Response. |
If it’s not possible to temporarily enable ICMP protocol for diagnostics via Echo Requests:
|
| The string “TcpTestSucceeded: True” appears. | The MMC port is accessible from the administrator’s workstation. | Check the connection again via the remote Administration Console. |
Diagnostics of ports and the Administration Server
- If the error of connecting the local console persists, run the command to display the ports that are listened by the KSC Administration Server process:
- Examine the command execution result:
Result 1. The klserver process cannot be found
It means the Administration Server service has stopped, and there is probably a problem with the Administration Server.
To resolve the issue, follow this guide.
Result 2. The command completed successfully but the value 13291 is missing in the “LocalPort” column
If the “LocalPort” column does not contain the value of the standard port used for connecting MMC, therefore it has been changed to a custom value.
To resolve the issue, check each available port one by one:
- Specify the required port in the MMC connection settings, e.g. “localhost:21212”.
- Enter the username and password, and click OK.
- If the custom port for the Administration Console connection is detected, use it for connecting the remote Administration Console from the administrator's workstation.
- If the port cannot be detected:
- Inspect the operating system event log (Kaspersky Event Log).
Examine the Application logs node using the standard Windows tools. - Fix the problematic events if necessary.
- Try to find the solution on the Kaspersky Technical Support website using the error text.
If you cannot resolve the problem, follow steps 2–4 of these instructions.
- Inspect the operating system event log (Kaspersky Event Log).
Result 3. The command completed successfully and the value 13291 is present in the “LocalPort” column
If the list of local listen ports contains the standard port 13291 for connecting the Administration Console, follow the instructions from Result 2 Item 4.
What to do if the issue persists
- Try to fix the issue using this guide.
- Check the credentials specified for connection in MMC.
- Try to exclude the check of connection between the remote MMC on the administrator's workstation and the Administration Server if Deep Packet Inspection (DPI) or decryption technology and traffic analysis technologies (SSL inspection) are used as part of third party protection software.
- If the issue still persists, submit a request to Kaspersky Technical Support via Kaspersky CompanyAccount. In your request:
- Describe the problem: attach a screenshot of the MMC connection error, specify which steps of these instructions you tried to perform, and add a console output of the diagnostic commands from this article.
- Perform synchronous tracing of level 4 for the Administration Server and the Administration Console.
- Attach a GetSystemInfo report with operating system events from the Administration Server and from the administrator’s computer if the remote Administration Console is used.
