Views:

To resolve any of the issues listed, do one of the following options:

Troubleshooting the Security Server should be done if all or majority of the Security Agents are not appearing. On the other hand, troubleshooting the Security Agent should be done when a client or some clients are not appearing, but majority of the clients are appearing online. This is to avoid unnecessary actions on the Security Server and prevent further damage on the WFBS client.

Security Server

EXPAND ALL

Check the number of seats for your license

Log in to the WFBS console.
Go to Live Status > Scroll down the page until you see the License Status widget.

^{Click the image to enlarge.}
Make sure that you have not exceeded the seats for your license. Otherwise, the extra clients will not appear in the management console.

You can contact your reseller or the Trend Micro Sales department to purchase additional seats.

Verify connection from server to agent

Identify the agent IP and listening port:
1. Navigate to Devices > Select affected group > locate the endpoint.
2. You can identify the IP Address for the endpoint, and the listening port configured.
  
  ^{Click the image to enlarge.}
  
  For accurate results, the IP address should be verified on the agent side as communication issues could prevent the IP Address from updating on the console correctly when it changes at the endpoint.
3. On the Security Server, open your browser.
4. In the address bar, enter the following address replacing the IP and port where indicated:
  http://<endpoint IP>:<agentport>/?CAVIT
  
  CAVIT must be capitalized.
5. Hit Enter. Either of the following will happen:
  - If the connection is successful, a page with a string of text starting with !CRYPT! will appear.
    
    ^{Click the image to enlarge.}
  - If the connection fails, an error or blank page appears

Check if the agent has sufficient privileges to communicate with the server

From the Security Server, and open Command Prompt.
Change path to the PCCSRV directory "..\Trend Micro\Security Server\PCCSRV"
Run the following commands, one by one:
- svrsvcsetup.exe -setvirdir
- svrsvcsetup.exe -setprivilege
- svrsvcsetup.exe -enablessl
Restart the Trend Micro Security Agent Listener service on one of the clients that is disconnected or offline.
Open the WFBS console, and go to Devices.
Refresh the page after 30 seconds and verify if the agent is still disconnected or appears offline.

The database might be corrupted

On the Security Server, stop the Trend Micro Security Server Master Service.
Go to the ..\PCCSRV\HTTPDB folder then make a backup copy of the HTTPDB folder (Example: HTTPDB_backup), and then delete all the contents of the original HTTPDB folder
Start the Trend Micro Security Server Master Service.

The above steps will re-create the database. It will remove all the configurations and the agents reporting on the console. However, when the machine is rebooted, get update from the server or when the Trend Micro Agent Listener is restarted, the database will automatically be repopulated.
Restart the Trend Micro Agent Listener service on the offline/disconnected, or restart the computer.
Open the management console to verify if the client/agent now appears correctly.

Security Agent

EXPAND ALL

Verify connection from agent to server

Identify the Server IP/FQDN and listening ports.
- IP can be obtained via ipconfig while FQDN can be gotten from the web console address.
  
  ^{Click the image to enlarge.}
- Ports can be identified by going to the following:
  - IIS: IIS Manager > Sites > OfficeScan > Bindings...
    
    ^{Click the image to enlarge.}
    
    8059 and 4343 is the default HTTPS port on both Apache and IIS web servers.
  - Apache: Go to ..\Trend Micro\Security Server\PCCSRV\Apache2\Conf\httpd.conf > Look for Listen and ServerName entries
    
    Port must have the same value as Master_DomainPort (entry can be found on ..\PCCSRV\ofcscan.ini).
Open a web browser on the testing endpoint.
In the address bar, enter the following address replacing the IP and port where indicated:
https://<servername/IP address>:<https port>/SMB/cgi/cgionstart.exe

A warning about the page will appear. This is expected as the server uses a self-signed certificate. Proceed past the warning and a page

If the next screen shows "-2", this means the client can communicate with the server. Otherwise, there is a problem with the connection.

Verify if Windows Firewall allows Trend Micro agent port

Open a command prompt on the machine to verify.
Run the following command to verify the port state with the Windows Firewall:
Netsh firewall show state
Below is a sample screenshot:

^{Click the image to enlarge.}

Use clndiag tool

For reference, refer to Checking the client and server communication using clndiag tool.

If errors are identified when using thr clndiag tool:

For Ping error: Follow the steps under the Verify connection from server to agent section, and vice versa.
For Telnet error: Follow the procedure under the Check if the agent registry is correct and Verify Windows Firewall allows TM agent port sections.
For CGI error: Provide Case Diagnostic Tool (CDT) log generated on the WFBS server and the Security agent then contact Trend Micro Technical Support.

Check if the agent registry is correct

Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.

On the Security Server, open the ..\PCCSRV\ofcscan.ini file.
Look for the following entries, and take note of their values:
Open the Registry Editor in the offline/disconnected agent and go to the following registry hive:
- For 32-bit machine: HKEY_LOCAL_MACHINE\Software\Trend Micro\PC-CillinNTCorp\CurrentVersion
- For 64-bit machine: HKEY_LOCAL_MACHINE\Software\WOW6432Node\Trend Micro\PC-CillinNTCorp\CurrentVersion
The values of the following registry keys should be the same as the values from Step 2:
- Server - must have the same value as Master_DomainName
- ServerPort - must have the same value as Master_DomainPort
- LocalServerPort - must have the same value as Client_LocalServer_Port
If the values are not the same, use the Client Mover Tool (IPXfer.exe) to restore the communication between the WFBS server and Security Agent. Follow the procedure in this KB article: Migrating clients of Worry-Free Business Security (WFBS) to another server.

Use the following workaround if the client is offline after migrating to a new WFBS server or if the client can be updated but doed not appear in the web console after a fresh install:

This procedure is only applicable if you cannot use IpXfer to move the client to the new server.

Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.

Go to the offline client machine and unload the agent.
Open Registry Editor.
Go to the following registry key:
- For 64-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion
- For 32-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion
Modify the value of Domain and DomainID, which are referencing to the Group in the WFBS console. By default, the values are:
- For Servers group:
  "Domain"="Servers (default)"
  "DomainID"="10000000-0000-0000-0000-000000000000"
- For Desktops group:
  "Domain"="Desktops (default)"
  "DomainID"="20000000-0000-0000-0000-000000000000"
  - ServerPort=dword:00001f7b (default port in hexadecimal)
  - Server="Name of the server"
  - Domain="Desktops (default)"
  - LocalServerPort=listening port (hexadecimal)
  - DomainID="20000000-0000-0000-0000-000000000000"
  For other languages, you must change the Domain value according to what is displayed in the console for the default groups. The DomainID should stay the same.
Reload the agent.

If the issue still occurs, contact Trend Micro Technical Support, and provide the Case Diagnostic Tool (CDT) log generated on the WFBS server and the Security agent.

Keywords: client offline,appears offline,no icon,gray icon,system tray,client update,client console,client disconnected,no client,cannot see client,cannot find client,unable to see client,unable to find client,cant see any devices after upgrade,no clients after upg

Troubleshooting the Security Agent (SA) that appears offline/disconnected or is missing in Worry-Free Business Security (WFBS)

Product / Version includes:

Worry-Free Business Security Advanced10.0 , Worry-Free Business Security Standard10.0

Last updated: 2024/01/04

Solution ID: KA-0001991

Category: Troubleshoot

Summary

Know the troubleshooting steps when you encounter the following issues with the CSA/SA of WFBS:

Agent appears as offline in the WFBS management console
Agent's status in the System Tray shows the disconnected icon
Clients incorrectly appear as "Offline" on the console or do not appear at all
Clients do not show the correct pattern file or scan engine on the console
Clients do not report/appear to the new Security Server
Security Agents are not showing in the WFBS console
Clients deployment problem from the console
Reconnecting offline clients after migrating to a new WFBS server

To resolve any of the issues listed, do one of the following options:

Security Server

EXPAND ALL

Check the number of seats for your license

Log in to the WFBS console.
Go to Live Status > Scroll down the page until you see the License Status widget.

^{Click the image to enlarge.}
Make sure that you have not exceeded the seats for your license. Otherwise, the extra clients will not appear in the management console.

You can contact your reseller or the Trend Micro Sales department to purchase additional seats.

Verify connection from server to agent

Identify the agent IP and listening port:
1. Navigate to Devices > Select affected group > locate the endpoint.
2. You can identify the IP Address for the endpoint, and the listening port configured.
  
  ^{Click the image to enlarge.}
  
  For accurate results, the IP address should be verified on the agent side as communication issues could prevent the IP Address from updating on the console correctly when it changes at the endpoint.
3. On the Security Server, open your browser.
4. In the address bar, enter the following address replacing the IP and port where indicated:
  http://<endpoint IP>:<agentport>/?CAVIT
  
  CAVIT must be capitalized.
5. Hit Enter. Either of the following will happen:
  - If the connection is successful, a page with a string of text starting with !CRYPT! will appear.
    
    ^{Click the image to enlarge.}
  - If the connection fails, an error or blank page appears

Check if the agent has sufficient privileges to communicate with the server

From the Security Server, and open Command Prompt.
Change path to the PCCSRV directory "..\Trend Micro\Security Server\PCCSRV"
Run the following commands, one by one:
- svrsvcsetup.exe -setvirdir
- svrsvcsetup.exe -setprivilege
- svrsvcsetup.exe -enablessl
Restart the Trend Micro Security Agent Listener service on one of the clients that is disconnected or offline.
Open the WFBS console, and go to Devices.
Refresh the page after 30 seconds and verify if the agent is still disconnected or appears offline.

The database might be corrupted

On the Security Server, stop the Trend Micro Security Server Master Service.
Go to the ..\PCCSRV\HTTPDB folder then make a backup copy of the HTTPDB folder (Example: HTTPDB_backup), and then delete all the contents of the original HTTPDB folder
Start the Trend Micro Security Server Master Service.

The above steps will re-create the database. It will remove all the configurations and the agents reporting on the console. However, when the machine is rebooted, get update from the server or when the Trend Micro Agent Listener is restarted, the database will automatically be repopulated.
Restart the Trend Micro Agent Listener service on the offline/disconnected, or restart the computer.
Open the management console to verify if the client/agent now appears correctly.

Security Agent

EXPAND ALL

Verify connection from agent to server

Identify the Server IP/FQDN and listening ports.
- IP can be obtained via ipconfig while FQDN can be gotten from the web console address.
  
  ^{Click the image to enlarge.}
- Ports can be identified by going to the following:
  - IIS: IIS Manager > Sites > OfficeScan > Bindings...
    
    ^{Click the image to enlarge.}
    
    8059 and 4343 is the default HTTPS port on both Apache and IIS web servers.
  - Apache: Go to ..\Trend Micro\Security Server\PCCSRV\Apache2\Conf\httpd.conf > Look for Listen and ServerName entries
    
    Port must have the same value as Master_DomainPort (entry can be found on ..\PCCSRV\ofcscan.ini).
Open a web browser on the testing endpoint.
In the address bar, enter the following address replacing the IP and port where indicated:
https://<servername/IP address>:<https port>/SMB/cgi/cgionstart.exe

A warning about the page will appear. This is expected as the server uses a self-signed certificate. Proceed past the warning and a page

If the next screen shows "-2", this means the client can communicate with the server. Otherwise, there is a problem with the connection.

Verify if Windows Firewall allows Trend Micro agent port

Open a command prompt on the machine to verify.
Run the following command to verify the port state with the Windows Firewall:
Netsh firewall show state
Below is a sample screenshot:

^{Click the image to enlarge.}

Use clndiag tool

For reference, refer to Checking the client and server communication using clndiag tool.

If errors are identified when using thr clndiag tool:

For Ping error: Follow the steps under the Verify connection from server to agent section, and vice versa.
For Telnet error: Follow the procedure under the Check if the agent registry is correct and Verify Windows Firewall allows TM agent port sections.
For CGI error: Provide Case Diagnostic Tool (CDT) log generated on the WFBS server and the Security agent then contact Trend Micro Technical Support.

Check if the agent registry is correct

Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.

On the Security Server, open the ..\PCCSRV\ofcscan.ini file.
Look for the following entries, and take note of their values:
Open the Registry Editor in the offline/disconnected agent and go to the following registry hive:
- For 32-bit machine: HKEY_LOCAL_MACHINE\Software\Trend Micro\PC-CillinNTCorp\CurrentVersion
- For 64-bit machine: HKEY_LOCAL_MACHINE\Software\WOW6432Node\Trend Micro\PC-CillinNTCorp\CurrentVersion
The values of the following registry keys should be the same as the values from Step 2:
- Server - must have the same value as Master_DomainName
- ServerPort - must have the same value as Master_DomainPort
- LocalServerPort - must have the same value as Client_LocalServer_Port
If the values are not the same, use the Client Mover Tool (IPXfer.exe) to restore the communication between the WFBS server and Security Agent. Follow the procedure in this KB article: Migrating clients of Worry-Free Business Security (WFBS) to another server.

Use the following workaround if the client is offline after migrating to a new WFBS server or if the client can be updated but doed not appear in the web console after a fresh install:

This procedure is only applicable if you cannot use IpXfer to move the client to the new server.

Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.

Go to the offline client machine and unload the agent.
Open Registry Editor.
Go to the following registry key:
- For 64-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion
- For 32-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion
Modify the value of Domain and DomainID, which are referencing to the Group in the WFBS console. By default, the values are:
- For Servers group:
  "Domain"="Servers (default)"
  "DomainID"="10000000-0000-0000-0000-000000000000"
- For Desktops group:
  "Domain"="Desktops (default)"
  "DomainID"="20000000-0000-0000-0000-000000000000"
  - ServerPort=dword:00001f7b (default port in hexadecimal)
  - Server="Name of the server"
  - Domain="Desktops (default)"
  - LocalServerPort=listening port (hexadecimal)
  - DomainID="20000000-0000-0000-0000-000000000000"
  For other languages, you must change the Domain value according to what is displayed in the console for the default groups. The DomainID should stay the same.
Reload the agent.

If the issue still occurs, contact Trend Micro Technical Support, and provide the Case Diagnostic Tool (CDT) log generated on the WFBS server and the Security agent.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Troubleshooting the Security Agent (SA) that appears offline/disconnected or is missing in Worry-Free Business Security (WFBS)

Security Server

Check the number of seats for your license

Verify connection from server to agent

Check if the agent has sufficient privileges to communicate with the server

The database might be corrupted

Security Agent

Verify connection from agent to server

Verify if Windows Firewall allows Trend Micro agent port

Use clndiag tool

Check if the agent registry is correct

Troubleshooting the Security Agent (SA) that appears offline/disconnected or is missing in Worry-Free Business Security (WFBS)

Product / Version includes:

Summary

Security Server

Check the number of seats for your license

Verify connection from server to agent

Check if the agent has sufficient privileges to communicate with the server

The database might be corrupted

Security Agent

Verify connection from agent to server

Verify if Windows Firewall allows Trend Micro agent port

Use clndiag tool

Check if the agent registry is correct