Views:

Event ID: 2085

Event: Security Configuration Error

Description: Error compiling configuration:

6079: error: dynamic port FTPClient:dport is referenced but not defined (apptype not applied)

Possible Root Cause:

It is possible that there is a rule assigned to the machine that requires other dependency rules or components in order to work properly. These dependency rules could be missing in the current Security Profile assigned to the machine.

Sometimes, the recommendation scan recommends a DPI rule that is dependent on other rules, but the recommendation scan did not include the dependent rule.

This will result to an update error because the rule being recommended cannot be applied correctly. For example, sample of dependent rule is "DPI rule: 1000128 - HTTP Protocol Decoding").

Recommended Solution:

Determine if this error is occurring on one or multiple machines.
Clear all the recommendations on the target machine.
Assign a security profile with 0 DPI rule to this machine and check if the update completed successfully.
Manually enable a few DPI rules in the security profile and check if the machine is able to complete the update successfully.
Perform a recommendation scan and apply the rules to the target machine.

Further Troubleshooting:

If the issue remains the same, export the Security Profile used by the machine experiencing the update error and send to Trend Micro Technical Support for analysis.

Event ID: 1001

Event: Engine Command Failed

Description: Engine command code SET_CONFIG failed with error: 00000057 (the parameter is incorrect).

Possible Root Cause:

If the TBIMDSA filter driver is not installed properly, the agent will not be able to apply the configuration settings properly.

Recommended Solution:

Make sure that the driver is running and is not in an upgrade pending state.

Check if the Deep Security Agent driver (TBIMDSA.SYS) has been updated to the latest version.
Verify the file under C:\Windows\System32\Drivers\TBIMDSA.SYS. The file should be using the latest version, or the version that comes with the installation. Otherwise, reboot the machine and check if the file has been updated.
You may also remove the Trend Micro DSA Filter Driver under Network Properties and then reboot the machine. After rebooting, the driver will be installed back to the machine once the Deep Security Agent is restarted.

Further Troubleshooting:

You can also try the following to check if the TBIMDSA driver is running properly.

Check if the driver is running a state using this command:
sc query tbimdsa
Stop the agent service:
sc stop ds_agent
Enable debug tracing by creating the ds_agent.ini file under the C:\Windows directory.
Add this line to the ds_agent.ini file:
trace=*
Run Dbgview.exe. (Manually enable clock time).
Start the agent service:
sc start ds_agent
Capture the startup information of the ds_agent service.
Perform an update task to simulate the problem.
Save the DebugView output and send it to Trend Micro Technical Support for analysis.

Error: Engine command code DSA_IOCTL_SET_FILTER_CONFIG failed with error: 0x0005aa
(insufficient system resources exist to complete the requested service.).

Possible Root Cause:

The Deep Security Agent stores its configuration in kernel memory. This configuration id used to process packets as they arrive at the host. For TCP connections and UDP and ICPM pseudo-connections, we need to ensure that the configuration is in place for a specific connection and that they will not change in the middle of a connection.

In other words, if you push down a new configuration, there is a need to make sure that for any existing connections to the host, we will use the old configuration and for any new connections, we will use the new configuration.

Because of this requirement to allow a new configuration to be pushed to the Agent, we are increasing our kernel memory requirements because we need to have enough memory for both configurations.

In addition, the Agent actually uses contiguous kernel memory. This means that when there is an attempt to allocate the memory to store the new configuration, we are looking for a contiguous block of kernel memory, big enough to hold the entire configuration. We do not use fragmented piece of kernel memory for this allocation. If we are unable to allocate a block of contiguous kernel memory to fit the new configuration, the Agent will throw the "Engine command code DSA_IOCTL_SET_FILTER_CONFIG failed with error: 0x0005aa (insufficient system resources exist to complete the requested service.)." error.

Recommended Solution:

Check the operation system used on the machine. Windows XP are affected by this issue more than Windows 7 machines.
Check the size of the config.bin file. This file should not be larger than 30MB.
Check the number of DPI rules assigned to the machine.
The Deep Security Agent configuration uses Non-paged pool kernel memory. You can open the Task Manager > Performance tab and check what the current amount of Non-paged Pool memory is used by the machine.
Limit the assigned number of DPI rules in a host or security profile at any given time to no more than 300 rules.
Reboot the machine to fix the fragmented kernel memory. After the reboot, check if the machine is able to complete an update

Keywords: Update Failed error,Event ID 2085 Security Configuration Error,Event ID 1001 Engine Command Failed,DSA_IOCTL_SET_FILTER_CONFIG 0x0005aa,Deep Security Agent cannot update,DSA unable to update

Unable to apply new updates on the Deep Security Agent (DSA)

Product / Version includes:

Deep Security9.6

Last updated: 2021/08/28

Solution ID: KA-0002345

Category: Troubleshoot , Update

Summary

Click the Update Failed error message to go to the system events and get more details about the update error. Depending on the error ID, there are different things that you can do to fix the issue.

EXPAND ALL

Event ID: 2085

Event: Security Configuration Error

Description: Error compiling configuration:

6079: error: dynamic port FTPClient:dport is referenced but not defined (apptype not applied)

Possible Root Cause:

Sometimes, the recommendation scan recommends a DPI rule that is dependent on other rules, but the recommendation scan did not include the dependent rule.

This will result to an update error because the rule being recommended cannot be applied correctly. For example, sample of dependent rule is "DPI rule: 1000128 - HTTP Protocol Decoding").

Recommended Solution:

Determine if this error is occurring on one or multiple machines.
Clear all the recommendations on the target machine.
Assign a security profile with 0 DPI rule to this machine and check if the update completed successfully.
Manually enable a few DPI rules in the security profile and check if the machine is able to complete the update successfully.
Perform a recommendation scan and apply the rules to the target machine.

Further Troubleshooting:

If the issue remains the same, export the Security Profile used by the machine experiencing the update error and send to Trend Micro Technical Support for analysis.

Event ID: 1001

Event: Engine Command Failed

Description: Engine command code SET_CONFIG failed with error: 00000057 (the parameter is incorrect).

Possible Root Cause:

If the TBIMDSA filter driver is not installed properly, the agent will not be able to apply the configuration settings properly.

Recommended Solution:

Make sure that the driver is running and is not in an upgrade pending state.

Check if the Deep Security Agent driver (TBIMDSA.SYS) has been updated to the latest version.
Verify the file under C:\Windows\System32\Drivers\TBIMDSA.SYS. The file should be using the latest version, or the version that comes with the installation. Otherwise, reboot the machine and check if the file has been updated.
You may also remove the Trend Micro DSA Filter Driver under Network Properties and then reboot the machine. After rebooting, the driver will be installed back to the machine once the Deep Security Agent is restarted.

Further Troubleshooting:

You can also try the following to check if the TBIMDSA driver is running properly.

Check if the driver is running a state using this command:
sc query tbimdsa
Stop the agent service:
sc stop ds_agent
Enable debug tracing by creating the ds_agent.ini file under the C:\Windows directory.
Add this line to the ds_agent.ini file:
trace=*
Run Dbgview.exe. (Manually enable clock time).
Start the agent service:
sc start ds_agent
Capture the startup information of the ds_agent service.
Perform an update task to simulate the problem.
Save the DebugView output and send it to Trend Micro Technical Support for analysis.

Error: Engine command code DSA_IOCTL_SET_FILTER_CONFIG failed with error: 0x0005aa
(insufficient system resources exist to complete the requested service.).

Possible Root Cause:

Because of this requirement to allow a new configuration to be pushed to the Agent, we are increasing our kernel memory requirements because we need to have enough memory for both configurations.

Recommended Solution:

Check the operation system used on the machine. Windows XP are affected by this issue more than Windows 7 machines.
Check the size of the config.bin file. This file should not be larger than 30MB.
Check the number of DPI rules assigned to the machine.
The Deep Security Agent configuration uses Non-paged pool kernel memory. You can open the Task Manager > Performance tab and check what the current amount of Non-paged Pool memory is used by the machine.
Limit the assigned number of DPI rules in a host or security profile at any given time to no more than 300 rules.
Reboot the machine to fix the fragmented kernel memory. After the reboot, check if the machine is able to complete an update

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Unable to apply new updates on the Deep Security Agent (DSA)

Event ID: 2085

Event ID: 1001

Unable to apply new updates on the Deep Security Agent (DSA)

Product / Version includes:

Summary

Event ID: 2085

Event ID: 1001