Kaspersky
Question

KSC 11 Download updates Failed to establish the HTTPS connection: TLS error (54). '/'

  • 4 July 2019
  • 7 replies
  • 319 views

Hello everyone,

KSC version 11.0.0.1131 (with autopatch A)
KSWS version 10.1.2.996
KES version 11.1.0.15919

I have a problem to download updates since yesterday (morning? last update is from 03.07.2019 - 05:58 (Zurich time)).


Failed to establish the HTTPS connection: TLS error (54). '/'

When I check the URL I can see that the trusted root certificate seems to be untrusted.



(you cannot trust this root certificate authority...)

I tried also to directly update a KES from Kaspersky servers, same error :



Is there something in your infrastucture causing that? Any knows problem?

Thanks.
Sylvain

7 replies

Further tests brought me the following data :
KSWS manual update through Kaspersky Servers (not ksc) are succeeding.
KES 11 manual update through Kaspersky Servers (not ksc) are partially succeeding (although it reports the secure connection error and task failure, database date is correct)
KES 10 update through Kaspersky Servers (not ksc) are succeeding.

The problem could come from a particular module or url.

Sylvain
Hello,

Maybe it's this problem?

https://forum.kaspersky.com/index.php?/topic/409907-ksc-11-can-not-update-antivirus-db-with-traffic-security-on
Hello Oleg,

Thanks for your answer.
Traffic security module is not running on the KSC server.

And if I check "https://s11.upd.kaspersky.com" on a lab without running with an antivirus or behind a NGFW, I have the root cert error, untrusted authority.
Still not working.
We trusted the root cert for the domain, no luck. It looks like the KSC has his own trusted cert repository?

We have a workaround but it would be great to fix that. Can you look if something happened on you side (about the kaspersky authority : "Kaspersky Lab Public Services Root Certification Authority") ?
It's kind of strange as I have 3 KSC with the same problem (different infrastructure, different domain) and 1 KSC without problem (which is a off domain server providing Kaspersky service to remote computers).

Thanks.
Sylvain
Hello guys,

After running a few days on our workaround (choosing our public KSC as master and update server), I switched back the download to Kaspersky Servers source and it seems to work now.

Did you changed something or did the workaround made things go right?

Sylvain
Hello,
I assume this topic relates to the following description about https and certificate usage with KSC 11:

https://support.kaspersky.com/15069

Following document is also helpful as it describe servers to use and how to switch to http instead

https://support.kaspersky.com/15052 KSC
https://support.kaspersky.com/15038 KES

Regards
Joel
Userlevel 2
Badge
hello @bsylvain

please see the link below -

Network parameters in Kaspersky Security Center 11 for interacting with external services

You can download updates via HTTP. Above link below side there is solutions for that,
klscflag.exe tool and the command line:
klscflag.exe -fset -pv klserver -s Updater -n DisableKLHttps -t d -v 1

Use Http instead of Https !!

Another problem may occurred: check the dns, if its work correctly.

have a good day.

@Deadlock4400

Reply / Ответить