Anything for sysadmins!


Kaspersky Admin Kit data backup task

During the setup of a new Kaspersky Administration Kit instance, I ran into a couple of issues. One of which was that the Administration Server data backup task was giving errors. The error was:

Severity: Error
Application: Kaspersky Administration Kit
Version number: 8.0.2090
Task name: Administration Server data backup
Computer: Administration Server <*********>
Group: Managed computers
Time: tuesday 24 august 2010 2:00:53
Description: Backup operation failed, check if SQL Server has access to the destination folder.

Unlike a lot of error messages this one is quite descriptive (Thank you Kaspersky!). Due to this it didn't take me long to figure out where the problem was.

I'm running the Admin Kit with a remote SQL server instead of running it with the SQL Express engine. The Admin Kit task assumes that the database is on the same server, thus local paths are used by default. To solve the problem create a share somewhere and provide access to the service account of the Admin Kit. Restart the backup task (this will take down the Admin Kit service for a couple of minutes) and presto!


Kaspersky Administration Kit service not starting

I've recently reinstalled the Kaspersky Administration Kit but after the installation the console wasn't able to connect. Soon I figured out that this was caused by the service of the admin kit that wasn't running. I tried starting the service manually, but after a refresh the service had stopped again. The event viewer didn't show any problems and there were no mentionable log files that showed what was going on.

As I installed the admin kit on a domain controller, I wasn't able to add the service account to the local administrators group. After adding the service account to the domain administrators group the service started as normal.

I'm still looking into how to make it work without adding it to the domain admins group. If you have any ideas, please let me know in a comment!


Event 10016 – DistributedCom

Although I've seen the DCOM error a lot, the one below needed a different approach than usual.

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 23-8-2010 8:40:12
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
Computer: server.domain.local
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Event Xml:
<Event xmlns="">
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10016</EventID>
<TimeCreated SystemTime="2010-08-23T06:40:12.000000000Z" />
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Security UserID="S-1-5-18" />
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Launch</Data>
<Data Name="param4">{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}</Data>
<Data Name="param5">{B292921D-AF50-400C-9B75-0C57A7F29BA1}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>

The event was triggered after installing and enabling the Kaspersky Administration Kit service. After some research I found a post on the Technet forums which told me what to do.

Seems like this error is related to the Network Access Protection Agent service. If this service isn't started, this error will occur. To stop the error change the startup type to automatic and start the service.

Tagged as: No Comments