Why does Network Agent fail to connect to the Administration Server?



Kaspersky Security Center 9


Why does Network Agent fail to connect to the Administration Server?

Back to "Host Management"
2013 Mar 11 ID: 7493

The following issues may occur if Network Agent cannot establish a connection with then Administration Server:

  • policies cannot be applied to client computers;
  • manual synchronization with client computers cannot be performed;
  • a client computer icon is inactive ("pale") in the Administration Console;
  • the Server connection field displays an incorrect date or time (15-30 minutes difference), while the workstation is actually turned on.

You can try to discover the problem using the utility klnagchk.exe. The utility is designed to analyze connections between Network Agent and Administration Server.

The utility must be run by an account having local administrator permissions from the Network Agent installation folder (by default, C:\Program Files\Kaspersky Lab\NetworkAgent8). It is recommended to save the utility execution results in a log file.

Connection problems can have different origins:

  • Network Agent is not installed on the problem client computer.

  • Network Agent was installed on the problem client computer locally, or an icorrect Administration Server address/port was indicated when installing the Network Agent.

  • The Kaspersky Network Agent service is not running on the problem client computer.

  • The Kaspersky Security Center Administration server service is not running on the Administration Server.

  • There is more than one workstation with the same name in the network, and a wrong one was drag-and-dropped into the administration group. Try to find computers having the same name in the network. Right-click the Administration Server node and select Search. Then enter the name with an asterisk (e.g. COMPUTER*).

  • The problem computer is already connected to another Administration Server in the same Windows network.

  • The problem client computer is shut down.

  • The Administration Server is inaccessible from the problem client computer.

This can be checked using the ping command from the problem client computer.

  • TCP ports 13000 and/or 14000 are closed on the computer with the Administration Server installed.

To check if the ports are open, try using the following utilities:

Start the utility on the <Administration_server_name> host to check if the server actually opens port 13000/14000 (the Administration Server process name is klserver).

  • netstat. Use this utility when fport.exe cannot display the list of open ports (for example, it does not function on Microsoft Windows 2003 Server).

netstat -a 

  • telnet on the problem client computer.

telnet  <Administration_server_name> 13000


telnet <Administration_server_name> 14000

If the telnet command displays an error, it means the ports are closed (possibly, protected by a firewall, etc.).

  • UDP port 15000 is closed on the problem client computer.

  • The problem client host incorrectly detects Administration Server name or IP address, e.g. the server name and IP address do not match.

  • Open the Network tab in the Network Agent policy and configure Administration Server connection settings and Connection profiles (if necessary).
Was this information helpful?
Yes No


Feedback on Technical Support Site

Please let us know what you think about the site design, improvements we could add and any errors we need to eliminate

Send My Website Feedback Send My Website Feedback

Thank you!

Thank you for submitting your feedback.
We will review your feedback shortly.