If Windows Normal Servers are not getting updated:

1. Check if the following services are started on the NS:
   • Remote Registry service
   • RPC service
2. Verify the following:
   1. Ping the NS from IS and vice versa using both IP address and host name.
   2. Access the C$ drive from NS to IS and vice versa. Make sure the following ports are open in the firewall.

      For IS:

      For the NSs:

      • TCP: 135, 139, 443, 3628, 4899, 5168, 5005-5014
      • UDP: 137, 138 , 139, 3000-3009
      • TCP: 135, 139, 443, 3628, 4899, 5168
      • UDP: 137, 138 , 139
   3. Check the TCP/IP configuration on IS.
      1. Make a backup of TmRpc.ini file found in the ..\Program Files\Trend\SProtect directory.
      2. Check if all the listed NS has a value of "2". For example, 10.10.10.10=2.
3. Check if EventMsg2.dll is located in the ..\SProtect folder and ..\winnt\system32 folder of NS.
4. Check the security policy settings in the NS side.
   1. Open the Local Group Policy Editor (gpedit.msc).
   2. Navigate to Computer Configuration > Administrative Templates > System > Remote Procedure Call > Restrict Unauthenticated RPC clients / Enable RPC Endpoint Mapper Client Authentication.
   3. Check and set the above options for this setting to "Not Configured".
5. Make sure the registry values for EnableAuthEpResolution and RestrictRemoteClients under Rpc do not exist, or the value is 0. The registry path is HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc.
6. Verify that the Windows account used on NS has administrator permission.
7. Restart Trend ServerProtect service on NS after RPC configuration is updated.
8. Check if the latest ServerProtect patch has been installed.
9. Verify that a task on IS is deploying the pattern to NS on a regular basis.
   1. Open the management console.
   2. Click the NS or domain and click Task > Existing Task to view the tasks assigned to a server.
   3. Click View to see the contents of a task.

If pattern files are still not deployed, collect and send the following files to Trend Micro Technical Support:

• SPNT.log
  To get this file:
  1. Open the SPNT management console.
  2. Select the NS that is unable to receive the pattern update.
  3. Click Do > Create Debug Info.
  4. Select Enable debug log on the Debug Log Management page.
  5. Select Trace all messages, then select Normal Server.
  6. Select Output to a debug file, then type the path and filename of the log in the Directory field.
  7. Click OK > Apply.
  8. Deploy the pattern file and collect the SPNT.log file.
  9. Disable the debug log.
• Tmudump.txt located under the ..\Program Files\Trend\SProtect\AC_Up-Rb.tmp\AU_Log directory.
• IS Update log
  To get this file:
  1. On the IS, select the NS that is unable to receive the pattern update.
  2. Click View Log on the left side of the console.
  3. Select Update as the log type and specify the date range when the issue occurred.
  4. Click Export and save the Update log to a CSV file.