Why the Network Agent for Windows fails to connect to the Administration Server
Show applications and versions that this article concerns
- Kaspersky Security Center 14.2 (version 184.108.40.206967)
- Kaspersky Security Center 14 (version 220.127.116.1102)
- Kaspersky Security Center 13.2 (version 18.104.22.1681)
- Kaspersky Security Center 13.1 (version 22.214.171.12424)
- Kaspersky Security Center 13 (version 126.96.36.19947)
The Network Agent and the Administration Server are not connected if:
- Policies are not applied on managed computers.
- You cannot manually synchronize with the managed computer.
- The managed computer icon in the Administration Console is inactive (bleak).
- The value in the Server connection does not show current date and time (when the workstation is connected).
To check the connection between the Network Agent and the Administration Server, use the klnagchk.exe tool:
- Run the tool with the local administrator privileges on the managed computer fom the Network Agent folder: C:\Program Files\Kaspersky Lab\NetworkAgent\klnagchk.exe.
- Choose saving the results in a log file.
Causes of connection issues
- The Network Agent is not installed on the managed computer.
- The Network Agent was installed on the managed computer locally and the address or port of the Administration Server was specified incorrectly.
- Network Agent is not running on the managed computer.
- The Administration Server service is not running on the Administration Server.
- The network includes several workstations with the same name and the wrong workstation was added to the group. Use the search (Find computer in the context menu of the Administration Server) to find computers with similar names: enter the name of the computer and the asterisk *. E.g. COMPUTER*.
- The managed computer is already connected to a different Administration Server in this Windows network.
- The managed computer is not running at the moment.
- The server cannot be accessed from the managed computer.
To check, use the ping command on the managed computer.
- TCP ports 13000, 14000 are closed on the computer with the Administration Server.
- UDP port 15000 is closed on the managed computer.
- The Administration Server name or IP address are displayed incorrectly on the managed computer (the name and the IP address do not match).
- In the Network Agent policy properties, go to the Network tab and configure the connection to the Administration Server and Connection profiles (if used).
Tools for checking open ports
- To check if the Administration Server can open port 13000 or 14000, run the fport.exe tool on the computer with the Administration Server installed (the name of the Administration Server process is klserver).
- If the fport.exe tool has not displayed the list of available ports (the tool is not compatible with app servers; e.g. it does not support Microsoft Windows 2003 Server), run the netstat command:
- Run the telnet command from the computer with the issue:
If the telnet command returns an error, then the ports are closed.