Administration Server warning events
The table below shows the events of Kaspersky Security Center Cloud Console Administration Server that have the Warning importance level.
For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.
Administration Server warning events
Event type display name | Event type ID | Event type | Description | Default storage term |
---|---|---|---|---|
License limit has been exceeded | 4098 | KLSRV_EV_LICENSE_CHECK_100_110 | Once a day Kaspersky Security Center Cloud Console checks whether a license limit is exceeded. Events of this type occur when Administration Server detects that some licensing limits are exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license constitute 100% to 110% of the total number of units covered by the license. Even when this event occurs, client devices are protected. You can respond to the event in the following ways:
Kaspersky Security Center Cloud Console determines the rules to generate events when a license limit is exceeded. | 90 days |
Device has remained inactive on the network for a long time | 4103 | KLSRV_EVENT_HOSTS_NOT_VISIBLE | Events of this type occur when a managed device shows inactivity for some time. Most often, this happens when a managed device is decommissioned. You can respond to the event in the following ways:
| 90 days |
Conflict of device names | 4102 | KLSRV_EVENT_HOSTS_CONFLICT | Events of this type occur when Administration Server considers two or more managed devices as a single device. Most often this happens when a cloned hard drive was used for software deployment on managed devices and without switching the Network Agent to the dedicated disk cloning mode on a reference device. To avoid this issue, switch Network Agent to the disk cloning mode on a reference device before cloning the hard drive of this device. | 90 days |
Device status is Warning | 4114 | KLSRV_HOST_STATUS_WARNING | Events of this type occur when a managed device is assigned the Warning status. You can configure the conditions under which the device status is changed to Warning. | 90 days |
Limit of installations will soon be reached for one of the licensed applications groups | 4127 | KLSRV_INVLICPROD_FILLED | Events of this type occur when the number of installations for third-party applications included in a licensed applications group reaches 90% of the maximum allowed value specified in the license key properties. You can respond to the event in the following ways:
You can manage license keys of third-party applications using the functionality of licensed applications groups. | 90 days |
Certificate has been requested | 4133 | KLSRV_CERTIFICATE_REQUESTED | Events of this type occur when a certificate for Mobile Device Management fails to be automatically reissued. Following might be the causes and appropriate responses to the event:
| 90 days |
Certificate has been removed | 4134 | KLSRV_CERTIFICATE_REMOVED | Events of this type occur when an administrator removes any type of certificate (General, Mail, VPN) for Mobile Device Management. After removing a certificate, mobile devices connected via this certificate will fail to connect to Administration Server. This event might be helpful when investigating malfunctions associated with the management of mobile devices. | 90 days |
APNs certificate has expired | 4135 | KLSRV_APN_CERTIFICATE_EXPIRED | Events of this type occur when an APNs certificate expires. You need to manually renew the APNs certificate and install it on an iOS MDM Server. | 90 days |
APNs certificate expires soon | 4136 | KLSRV_APN_CERTIFICATE_EXPIRES_SOON | Events of this type occur when there are fewer than 14 days left before the APNs certificate expires. When the APNs certificate expires, you need to manually renew the APNs certificate and install it on an iOS MDM Server. We recommend that you schedule the APNs certificate renewal in advance of the expiration date. | 90 days |
Failed to send the FCM message to the mobile device | 4138 | KLSRV_GCM_DEVICE_ERROR | Events of this type occur when Mobile Device Management is configured to use Google Firebase Cloud Messaging (FCM) for connecting to managed mobile devices with an Android operating system and FCM Server fails to handle some of the requests received from Administration Server. It means that some of the managed mobile devices will not receive a push notification. Read the HTTP code in the details of the event description and respond accordingly. For more information on the HTTP codes received from FCM Server and related errors, please refer to the Google Firebase service documentation (see chapter "Downstream message error response codes"). | 90 days |
HTTP error sending the FCM message to the FCM server | 4139 | KLSRV_GCM_HTTP_ERROR | Events of this type occur when Mobile Device Management is configured to use Google Firebase Cloud Messaging (FCM) for connecting managed mobile devices with the Android operating system and FCM Server reverts to the Administration Server a request with a HTTP code other than 200 (OK). Following might be the causes and appropriate responses to the event:
| 90 days |
Failed to send the FCM message to the FCM server | 4140 | KLSRV_GCM_GENERAL_ERROR | Events of this type occur due to unexpected errors on the Administration Server side when working with the Google Firebase Cloud Messaging HTTP protocol. Read the details in the event description and respond accordingly. If you cannot find the solution to an issue on your own, we recommend that you contact Kaspersky Technical Support. | 90 days |
Connection to the secondary Administration Server has been interrupted | 4116 | KLSRV_EV_SLAVE_SRV_DISCONNECTED | Events of this type occur when a connection to the secondary Administration Server is interrupted. Read the operating system log on the device where the secondary Administration Server is installed and respond accordingly. | 90 days |
Connection to the primary Administration Server has been interrupted | 4118 | KLSRV_EV_MASTER_SRV_DISCONNECTED | Events of this type occur when a connection to the primary Administration Server is interrupted. Read the operating system log on the device where the primary Administration Server is installed and respond accordingly. | 90 days |
Audit: Test connection to SIEM server failed | 5120 | KLAUD_EV_SIEM_TEST_FAILED | Events of this type occur when an automatic connection test to the SIEM server failed. | 90 days |