Support

Support for business applications

Kaspersky Security Center 14

Kaspersky Security Center 14

Other routine work

Managing client devices

Checking the connection between a client device and the Administration Server

Manually checking the connection between a client device and the Administration Server. Klnagchk utility

Kaspersky Security Center
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

Manually checking the connection between a client device and the Administration Server. Klnagchk utility

22 April 2024

ID 3912

Get as PDF

You can check the connection, and obtain detailed information about the settings of the connection, between a client device and Administration Server by using the klnagchk utility. The klnagchk utility is located in the Network Agent installation folder.

When started from the command line, the klnagchk utility can perform the following actions (depending on the keys in use):

  • Displays on the screen or logs the values of the settings used for connecting Network Agent installed on the device to Administration Server.
  • Records into an event log file Network Agent statistics (since its last startup) and utility operation results, or displays the information on the screen.
  • Attempts to establish a connection between Network Agent and Administration Server.

    If the connection attempt fails, the utility sends an ICMP packet to check the status of the device on which Administration Server is installed.

To check the connection between a client device and Administration Server by using the klnagchk utility,

On the device with Network Agent installed, start the klnagchk utility from the command line under a local administrator account.

Utility command line syntax:

klnagchk [-logfile <file name>] [-sp] [-savecert <path to certificate file>] [-restart][-sendhb]

Descriptions of the keys:

  • -logfile <file name>—Records in a log file with the values of the connection settings between Network Agent and Administration Server, and the utility operation results.

    By default, information is saved in the standard output stream (stdout). If the key is not in use, settings, results, and error messages are displayed on the screen.

  • -sp—Shows the password for the user's authentication on the proxy server.

    The key is in use if connection to the Administration Server is established through a proxy server.

  • -savecert <file name>—Saves the certificate used to access the Administration Server, in a specified file.
  • -restart—Starts Network Agent after the utility has completed.
  • -sendhb—Starts the synchronization of Network Agent with Administration Server.

After startup, the klnagchk utility accesses the configuration files of Network Agent and displays the connection parameters. These parameters are specified during the Network Agent installation and in the Network Agent policy settings:

  • Current device— Windows network name of the client device.
  • Network Agent version—Full number of the Network Agent version (with patches) installed on the device.
  • Administration Server address—Address of Administration Server.
  • Use SSL—Parameter that indicates whether a secure connection is used when connecting to the Administration Server.

    Possible values:

    • 0—Secure connection is not used
    • 1—Secure connection is used
  • Compress traffic—Parameter that indicates whether the traffic between the client device and Administration Server is compressed.
  • Numbers of the Administration Server SSL ports—Numbers of valid ports for communication with Administration Server when using a secure connection.
  • Numbers of the Administration Server ports—Numbers of valid ports for communication with the Administration Server when using an ordinary connection.
  • Use proxy server—Parameter that indicates whether a proxy server is used.

    Possible values:

    • 0—Proxy server is not used
    • 1—Proxy server is used
  • Address—Address and port of the proxy server separated by a colon. This parameter is displayed only if a proxy server is used.
  • User name—User name for accessing the proxy server. This parameter is displayed only if a proxy server is used.
  • Password—Password for accessing the proxy server. This parameter is displayed only if a proxy server is used. You can see the proxy server password, if the sp key is used in the command.
  • Administration Server certificate—Parameter that indicates whether the client device has an Administration Server certificate. A certificate may not exist, for example, if Network Agent has never successfully connected to Administration Server.

    Possible values:

    • not installed—Client device does not have an Administration Server certificate
    • available—Client device has an Administration Server certificate
  • Open UDP port—Parameter that indicates whether Network Agent uses the UDP port to receive synchronization requests from Administration Server.

    Possible values:

    • 0—UDP port is closed for receiving synchronization requests from Administration Server
    • 1—UDP port is opened for receiving synchronization requests from Administration Server
  • Numbers of UDP ports—Numbers of UDP ports that can be used by Network Agent.
  • Location name—Network location of the device.
  • State of network location—Parameter that indicates whether the client device can be switched from one Administration Server connection profile to another. Possible values are Enabled or Disabled.
  • Profile to use—Connection profile for Administration Server.
  • Condition—IP address and subnet mask of the network to which the client device is connected.
  • Synchronization interval (min)—Standard interval between synchronizations.
  • Connection timeout (in seconds)—Connection timeout.
  • Send / receive timeout (in seconds)—Connection timeout of read-write operations.
  • Device ID—Device identifier in the network. The Device ID is unique among the client devices managed by a particular Administration Server.
  • Locations of connection gateways—Parameters for connecting the client device to Administration Server through the connection gateway.
  • Location of distribution points—Parameters for connecting the client device to Administration Server through the distribution point.
  • Connection with server—Parameter that indicates whether the connection gateway has a continuous connection to Administration Server. The parameter shows only if the client device acts as a connection gateway. Possible values are active or inactive.
  • Connection with server through connection gateway—Parameter that indicates whether the connection to Administration Server through a connection gateway is established correctly. The parameter shows only if the client device acts as a connection gateway. Possible values are active or inactive.

Also, the klnagchk utility output can contain one of the following lines:

  • Administration Server is installed on this device—The klnagchk utility is run on the Administration Server device.
  • This device has been assigned a connection gateway but is not yet registered on Administration Server—The klnagchk utility is run on the device on which Network Agent is installed, in the connection gateway mode. The configured connection gateway is waiting for a connection from Administration Server, but Administration Server does not list the device among managed devices. You need to ensure Administration Server initiates a connection to the connection gateway.
  • This device is a connection gateway—The klnagchk utility is run on the device that acts as a connection gateway.
  • Acts as a distribution point—The klnagchk utility is run on the device that acts as a distribution point.

The klnagchk utility checks the status of the Network Agent service. If the service is not running, the utility stops. If the service is running, the utility displays the following connection statistics:

  • Total number of synchronization requests—Number of attempts to connect the client device to Administration Server.
  • The number of successful synchronization request—Number of successful attempts to connect the client device to Administration Server.
  • Total number of synchronizations—Number of attempts to synchronize the client device settings with the Administration Server settings.
  • The number of successful synchronizations—Number of successful attempts to synchronize the client device settings with Administration Server.
  • Date/time of the last request for synchronization—Date and time of the last connection.

You need to use the Total number of synchronization requests and The number of successful synchronization request parameters when analyzing the connection between Administration Server and Network Agent. The client device settings synchronize with the Administration Server settings only if the Administration Server settings were changed (for example, if new tasks were added or policy settings were modified). Otherwise, the Total number of synchronizations and The number of successful synchronizations parameter values remain unchanged.

Kaspersky Security Center: Optimization of daily routine tasks
A powerful administration console, with an additional flexible web-based interface that’s available wherever you are. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.