How to restore a backup copy of the Integration Server database and parameters in Kaspersky Security for Virtualization 5.x Light Agent
This article concerns:
- Kaspersky Security for Virtualization 5.2 Light Agent
- Kaspersky Security for Virtualization 5.1 Light Agent
If the Integration Server (VIIS) works incorrectly after upgrading Kaspersky Security for Virtualization to version 5.2 Light Agent, you can switch to the previous version.
You can restore a backup copy of the VIIS database and parameters manually or using a script.
Administrator permissions are required to perform the instructions below.
Before restoring:
- If the management components of Kaspersky Security for Virtualization 5.2 Light Agent are installed on the computer, uninstall them.
- If the Integration Server for Kaspersky Security for Virtualization 5.1 Light Agent was uninstalled when upgrading the application to version 5.2, reinstall it.
How to restore using the script
By using the script, you agree to the License Agreement. The text of the License Agreement can be found in the license.txt file in the archive with the script.
- Download the recover_viis_config_from_backup.zip archive and extract the files from it.
- Open the PowerShell command line with administrator’s rights.
- Run the command:
recover_viis_config_from_backup.ps1 <path to the folder with backup copies>
<path to the folder with backup copies> is a path to the folder where the VIIS certificate and the backup copy of the database and parameters are stored. The default path is C:\ProgramData\Kaspersky Lab\VIISLA_Backup\VIISData(1).
- Start the VIIS console and specify the port to connect to the Integration Server. Port 7271 is used by default.
- Depending on the application you are using, specify the following parameters:
- If you are using Kaspersky Security for Virtualization 6.x Agentless, specify a new port number to connect VMware NSX Manager and SVM to VIIS. To learn more about changing parameters in Kaspersky Security, see Online Help.
- If you are using Kaspersky Security for Virtualization 5.x Light Agent, specify the parameters to connect to the virtual infrastructure using the SVM Management Wizard.
The backup copy of the database and VIIS parameters will be restored.
How to restore manually
Before restoring VIIS, find out and save the VIISPort number and the VIISCertHash certificate:
- Open the folder with backup copies. The default path:
C:\ProgramData\Kaspersky Lab\VIISLA_Backup\VIISData(1). - In the viislaservice.exe.config configuration file, find the following text and save the port number:
<add key="address" value="https://localhost:<VIISPort>"/>
- Run the command and save the certificate blueprint:
echo. > NUL | certutil.exe ViisCertificate.pfx | findstr /c:"Cert Hash(sha1)" | for /f "tokens=3-22" %f in ('more') do @echo %f%g%h%i%j%k%l%m%n%o%p%q%r%s%t%u%v%w%x%y
To restore the backup copy manually, do the following:
- If VIIS is running, stop it:
net stop viis
- Empty the %ProgramData%\Kaspersky Lab\VIIS folder. To do so, grant the current administrator account the rights of the owner of the %ProgramData%\Kaspersky Lab\VIIS folder and its contents.
- Copy the database from the folder with the backup db to the %ProgramData%\Kaspersky Lab\VIIS\db folder.
- Grant the NT SERVICE\VIIS user full access to the %ProgramData%\Kaspersky Lab\VIIS folder and its contents.
- Copy the following VIIS configuration files from the backup folder to
%Program Files(x86)%\Kaspersky Lab\Kaspersky VIIS\:- viislaservice.exe.config
- NLog.config
- To install the ViisCertificate.pfx certificate, find it in the backup folder and double-click on it. In the Certificate Import Wizard, select the following parameters: StoreLocation: LocalMachine, Certificate store: Personal. You do not need to enter a password.
The certificate will be removed from the specified storage if the application is uninstalled.
- Bind the VIIS port to the certificate:
- Retrieve the current port number:
netsh http show sslcert ipport=0.0.0.0:<VIISPort>
- If the certificate is bound to the specified port, unbind it:
netsh http delete sslcert ipport=0.0.0.0:<VIISPort>
- Delete ACL:
netsh http delete urlacl url=https://*:<VIISPort>/
- Add a new binding:
netsh http add sslcert ipport=0.0.0.0:<VIISPort> certhash=<ViisCertHash> appid={c1e1e87f-1818-4ac3-897b-a8e10f790659}
- Add ACL:
netsh http add urlacl url=https://*:<VIISPort>/ user="NT AUTHORITY\NETWORK SERVICE" listen=yes delegate=no sddl=D:(A;;GX;;;NS)
- Open the registry editor and find the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\VIIS\Server\1.0.0.0\SSL1 branch.
- Set the VIIS port number for the Port parameter.
- Retrieve the current port number:
- Edit the links for launching VIIS Console from the Kaspersky Security Center Administration Console. To do this, replace the name VIISLA with VIIS in the URL field of all parameters in the following registry branches:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\TaskpadLinks\Deployment
\ViisConsoleLA
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\TaskpadLinks\Deployment
\ViisConsoleLA51
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\TaskpadLinks\Deployment
\ViisConsoleLA511
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\TaskpadLinks\Deployment
\ViisConsoleLA512
- Launch VIIS:
net start viis
- Start the VIIS console and specify the port to connect to the Integration Server.
- Depending on the application you are using, specify the following parameters:
- If you are using Kaspersky Security for Virtualization 6.x Agentless, specify a new port number to connect VMware NSX Manager and SVM to VIIS. To learn more about changing parameters in Kaspersky Security, see Online Help.
- If you are using Kaspersky Security for Virtualization 5.x Light Agent, specify the parameters to connect to the virtual infrastructure using the SVM Management Wizard.
The backup copy of the database and VIIS parameters will be restored.