ProxySG & Advanced Secure Gateway

 View Only
Back to discussions
Expand all | Collapse all

Problem with Kaspersky updates

  • 1.  Problem with Kaspersky updates

    Posted Dec 09, 2020 01:20 AM
    Hello Guys,
    I have a question regarding a problem, "exist a case on broadcom" but untill now not a solution.

    The problem is as follows, we have many ASG servers  our support license + Kaspersky AV + web risk control were valid untill 30.nov, we renewed our license many weeks before To prevent many problems, we got the new license and in appereance all is normal  "at least on the GUI in all proxies servers"

    The problem is we don´t get kaspersky pattern updates,  last update was on  30.11  "last day with the old license valid",  on the log file i got this

    2020-12-07T09:12:51.417593+00:00 CAS_BCWP99 kaspersky[20115]: ERROR : (20115): initialization failed: KAV_E_LICENSE_EXPIRED_OR_MISSING no valid license found or license expired
    2020-12-07T09:12:51.417797+00:00 CAS_BCWP99 avservice[13960]: ERROR : Module::LaunchAll: live test failed kaspersky
    2020-12-07T09:12:51.417966+00:00 CAS_BCWP99 avservice[13960]: ERROR : KasperskyModule::ProcessPatterns: failed to invoke new module

    I think is clear that somewhere exist a license problem, on my side i tested all possible, clear all the possible space, restart server, download again the license, restart services...

    I sent it for the case syslogs, caslogs, screenshots, troubleshooting files and untill now with any luck.

    maybe someone here have an idea and could help?

    Thanks in Advance

    Regards

    Fermin Rodriguez

    ------------------------------
    Sytems Engineer
    GW
    ------------------------------


  • 2.  RE: Problem with Kaspersky updates

    Broadcom Employee
    Posted Dec 09, 2020 03:32 PM
    Hi Fermin,

    Sorry to hear that you are having issues. From what you are describing, I do think it could be a licensing issue. If it is, as far as what is in your control, if there was a new file inspection license, and the old one is still linked to the ASG, that could be problematic, and you may need to delink it. To see what is linked, you will need to go to the Entitlement Portal. The below link gives steps on how to add an add-on, but the first steps should get you to the screen where you want to be to see what is attached to your ASG. 

    https://community.broadcom.com/mainframesoftware/communities/community-home/digestviewer/viewthread?GroupId=2023&MessageKey=215943ef-e49f-42f6-bea5-12daa7c43aab&CommunityKey=c475a143-13f8-4809-b469-d8541b80ea91&tab=digestviewer

    Ultimately, I would make sure you have a case open with Customer Care (non-technical) and then, if you bought directly from Broadcom, reach out to your Account Director as well to get their assistance in the situation.

    Thanks,
    Original Message


  • 3.  RE: Problem with Kaspersky updates

    Posted Dec 10, 2020 01:06 AM
    Hello Jacob,
    thaks or the answer, unfortunately we have the support on a 3rd party partner, LAst informatio is that the ticket was escaleted to anorher department i don´t know if the right one, it is possible to you to check if the ticket is now with customer care?

    I got this 2 numbers

    support case  32418781  

    New ticket is 32424707

    thanks in advance

    with Best Regards

    Fermin Rodriguez



    ------------------------------
    Sytems Engineer
    GW
    ------------------------------

    Original Message


  • 4.  RE: Problem with Kaspersky updates

    Posted Mar 05, 2021 09:01 AM
    Hi Team,

    Any solution for this issue. we have same issue happend today...

    Thanks,
    Raju
    Original Message


  • 5.  RE: Problem with Kaspersky updates

    Broadcom Employee
    Posted Mar 08, 2021 10:47 AM
    Hello Proxy Admin,

    The solution is :

    1. Make sure that the expired Kaspersky subscription is delinked from this ASG but the valid Kaspersky subscription is linked to this ASG, its  manual process that has to be done by the customer, just as the Mr. Jacob has pointed out here !
    2. Upgrade the ASG to 6.7.3.13 or later OS, as that shown to fix the issue related to the AV signature updates as well.

    I hope this helps.
    Slava
    Original Message


  • 6.  RE: Problem with Kaspersky updates

    Posted Mar 08, 2021 11:36 AM
    Hi Slava,

    Thanks for the solution.

    1) There is no existing subscription is linked to the ASG.
    2) ASG to 6.7.3.13 upgrade will fix this issue ? because in current version sync with backend server is happening showing status as download successful but AV pattern date not getting changed.

    Thanks,
    Raju
    Original Message


  • 7.  RE: Problem with Kaspersky updates

    Broadcom Employee
    Posted Mar 08, 2021 11:52 AM
    Hello Proxy Admin, 

    If there is no existing subscription linked to this ASG, then what you see is expected, no subscription no updates are possible.
    You have to have a Subscription Linked to the ASG under the Add-on section just as Mr. Jacob has pointed out here !.
    If you have issues linking the subscription to the ASG in question following those steps then please open a Customer Care Case.

    Slava
    Original Message


  • 8.  RE: Problem with Kaspersky updates

    Posted Mar 08, 2021 11:58 AM
    Hi slava,

    sorry.

    there is no existing subscription linked to this ASG>> I referred there is no previous old subscription  just as Mr. Jacob has pointed out here !. Current subscription have valid till june 2021. 

    Thanks,
    Raju
    Original Message


  • 9.  RE: Problem with Kaspersky updates

    Broadcom Employee
    Posted Mar 08, 2021 12:14 PM
    Edited by Slava Mar 08, 2021 12:14 PM
    Hello Proxy Admin, 

    Both of the bellow criteria's have to be True , then the issue may be  resolved ! 

    The solution is :

    1. Make sure that the expired Kaspersky subscription is delinked from this ASG but the valid Kaspersky subscription is linked to this ASG, its  manual process that has to be done by the customer, just as the Mr. Jacob has pointed out here !
    2. Upgrade the ASG to 6.7.3.13 or later OS, as that shown to fix the issue related to the AV signature updates as well.

    If both of the above steps are True and the issue is not resolved then you can one this one thing on the on the licensing Portal for the CAS in question, click on the "Generate new Key" and that will rebuild the Licensing file for this CAS perhaps as a result the new subscription will reflect and sync across all of the licensing servers, After the new key was generated, wait for at list 30 min, then go to the CAS GUI under licensing  section and update the license, then do a Forces Update for the AV Pattern update.



    If there are still issues, keep in mind that the 2 steps above have to be true.

    Slava

    Original Message


  • 10.  RE: Problem with Kaspersky updates

    Posted Apr 16, 2021 05:41 AM

    Hello Slava on our case the "solution" was to upgrade to 6.7.4.13  it worked fine till yesterday,

    we are having again the same problem.  any idea?

    thanks and bes regards

    Fermin



    ------------------------------
    Sytems Engineer
    GW
    ------------------------------

    Original Message


  • 11.  RE: Problem with Kaspersky updates

    Broadcom Employee
    Posted Apr 16, 2021 10:22 AM

    Hello Fermin, 

    I am sorry to hear that.
    Also I have a feeling that something is different about it this time, it just unlikely to be exactly the same same issue with exactly the same root cause.
    Did you have a change look at the logs , can you share like you did in the beginning of this post?
    How are the rest of the health check on the proxy side, also what does the service page on the CAS side look like the spot where it has all of the services on the left and on the right it either states Active / Unavailable or expiration date etc .
    What is the Error for the failing AV Signature update, there usually an Error on the bottom , on the page where you can force download an update.
    Screenshots would be ideal

    Slava


    Original Message


  • 12.  RE: Problem with Kaspersky updates

    Posted Apr 19, 2021 02:10 AM
    Hello Slava,
    thanks for the reply, well this time on the logs i got no errors, the update was sucesfull but it was always the pattern update from 1-2 days ago.
    due to "some internal guidelines" i was able to test a couple of things till saturday, i restarted the icap services on the servers and after a couple of force updates i got the updates
    Best Regards

    Fermin

    ------------------------------
    Sytems Engineer
    GW
    ------------------------------

    Original Message


  • 13.  RE: Problem with Kaspersky updates

    Broadcom Employee
    Posted Apr 19, 2021 09:45 AM
    Hello Fermin, 

    Thank you for the details, definitely a different kind of thing this time, i not sure that this is an issue.
    Do you have a couple of ASGs that you are comparing the AV Pattern version against this one ASG , how do you know the AV database pattern/signature is 1-2 days old? I know there is not always an update to the pattern/signature version available as no new threats may have been discovered in a day or 2 or they were just not added to the main database there for the version would show the same for days and so on, would not see that as an issue.

    Slava
    Original Message


  • 14.  RE: Problem with Kaspersky updates

    Posted Apr 20, 2021 08:48 AM

    Hello Slava thanks again,
    yes it was very strange, we have 6 ASg servers,  and 5 with this behaviour last week,  hier an example. we got this  email always, "example is from friday when this issue occured" as you can see the information is from 2 different servers, the email was generated with seconds of difference, 5 servers got an old kaspersky version just one received the right update, as i mentioned before in this case, restarting the icap service and forcing update a couple of times solved the problem.

    the same AV patter version like email was displayed on the each server GUI.

    2021-04-16 09:55:12 (UTC)
    Kaspersky Labs on CAS_BCWP98(192.168.168.8) successfully updated
    AV version: 8.6.1.71
    AV pattern version: 210414.202000.16596232
    AV pattern date: 2021/04/14 20:20:00

    2021-04-16 09:52:58 (UTC)
    Kaspersky Labs on CAS_BCWP99(192.168.168.9) successfully updated
    AV version: 8.6.1.71
    AV pattern version: 210416.074600.16610733
    AV pattern date: 2021/04/16 07:46:00



    ------------------------------
    Sytems Engineer
    GW
    ------------------------------

    Original Message


  • 15.  RE: Problem with Kaspersky updates

    Broadcom Employee
    Posted Apr 21, 2021 11:46 AM
    Hello Fermin, 

    I would apply the solution on all of the ASG and make sure that all of then are running the same Kasp version /pattern , then monitor for a couple of weeks and see if there is any ASG that is staying behind, and if so, i would suggest opening a technical case as a more deep logs analysis will need to be done here.

    Slava
    Original Message