- Definition of Server address and connection settings
- Verification of the Administration server authenticity
- Verification of user account permissions
Definition of Server address and connection settings
This stage establishes the connection with the Administration server.
Possible errors at this stage:
- Incorrect DNS name, NETBIOS name or IP address in the Server Address field. Incorrect DNS service configuration in the network.
- Kaspersky Lab Administration Server service is not started (the server is down, service start error);
- SQL Server service (database unit name) is not started (the server is down, service start error);
- TCP 14000 port closed on the Administration server when connecting with the Use SSL connection option disabled;
- TCP 13000 port closed on the Administration server when connecting with the Use SSL connection option enabled;
- The Administration server is using non-standard ports for Console connection. In this case, you should enter <server_name:port> in the Server Address field;
- The Administration server connects via a proxy server, yet there are no authorization credentials specified. Click the button Advanced to specify the required data.
Verification of the Administration server authenticity
If the Use SSL connection option has been enabled on the previous stage, you should then select the Administration server authentication settings used by the Console. The authentication check is based on the certificate that has been created during the Administration server installation. You should select Connect to Administration server at the first connection attempt and receive that certificat
If this window appears again, you should indicate the certificate path via the button Select. The klserver.cer certificate file can be found in the Cert subfolder inside the Kaspersky Administration Kit installation folder.
Verification of user account permissions
Once the Administration server has been authenticated, user account permissions to access the Administration server database are verified. If the user account running the Administration console lacks the permissions required for connecting to the Administration server, a User registration box will open.
By default, the following accounts have the permissions for connecting to the Administration server:
- Domain Administrators group, if the Administration server is installed in a domain (full access);
- Local Administrators group on the host with the Administration server installed (full access);
- Domain group KLAdmins, if the Administration server is installed on a domain controller (full access);
- Domain group KLOperators, if the Administration server is installed on a domain controller (reading);
- Local group KLAdmins, if the Administration server is installed on an ordinary host in a domain/workgroup (full access);
- Local group KLOperators, if the Administration server is installed on an ordinary host in a domain/workgroup (reading);
- Users and groups listed on the Security tab in the Administration server properties (access as configured).
Lên trên
0 nhận xét:
Đăng nhận xét