Summary
OfficeScan clients cannot receive the latest program update from the server even when you unchecked the following options under Privileges and Other Settings page of web console:
- For OSCE 11.0/XG: OfficeScan agents can update components but not upgrade the agent program or deploy hot fixes
- For OSCE 10.6: Clients can update components but not upgrade the client program or deploy hot fixes
Upon checking the ofcdebug log, the following appears:
2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [-L-][tmlisten.exe]tmSendLogToHttpServer Failed.(tmdDownloadFile), Error = 403 - [cnttmlis_TmdUpd.cpp(891)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [-L-][tmlisten.exe][__downloadHotfix] Fail to download hot fix [/officescan/hotfix_admin/TmUn]. Try again. - [cnttmlis_CfgSyncMgr.cpp(223)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [][tmlisten.exe]delete C:\Program Files\Trend Micro\OfficeScan Client\temp\hotfix\/officescan/hotfix_admin/TmUn - [(1)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [-S-][tmlisten.exe][tmSendLogToHttpServer_ex][HTTP]bInternet=0, szAddr=10.120.0.168 - [cnttmsoc_TmSock.cpp(4369)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [-S-][tmlisten.exe][tmSendLogToHttpServer_ex][HTTP]szSendObject=/officescan/hotfix_admin/TmUn, AccessType=1 - [cnttmsoc_TmSock.cpp(4370)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [-S-][tmlisten.exe][tmSendLogToHttpServer_ex][SAF] RelayEnableGetCfgFromUA = 0 - [cnttmsoc_TmSock.cpp(4391)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [-S-][tmlisten.exe][tmSendLogToHttpServerLwithCallBack] Full-computer name = 10.120.0.168,computer name = - [cnttmsoc_TmSock.cpp(3098)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (F) [-S-][tmlisten.exe][tmSendLogToHttpServerLwithCallBack] Original URL = 10.120.0.168/officescan/hotfix_admin/TmUn - [cnttmsoc_TmSock.cpp(3253)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (F) [-S-][tmlisten.exe][tmSendLogToHttpServerLwithCallBack] After trim 0 unsafe character(s),URL = 10.120.0.168/officescan/hotfix_admin/TmUn - [cnttmsoc_TmSock.cpp(3255)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [-S-][tmlisten.exe][tmSendLogToHttpServerLwithCallBack] After Post or Get nError = 403. (DQDN(0), bTryComp(0) - [cnttmsoc_TmSock.cpp(3266)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [-S-][tmlisten.exe][tmSendLogToHttpServerLwithCallBack] LoadHttp Get func failed,error code = 403 - [cnttmsoc_TmSock.cpp(3330)] 2014 08/12 16:08:21 [17cc : 17c0] (00) (D) [-S-][tmlisten.exe][tmSendLogToHttpServerLwithCallBack] DeleteFile done, err = 0 - [cnttmsoc_TmSock.cpp(3351)]
In addition, the IIS log shows the following HTTP Error 403:
2014-08-12 00:56:07 10.120.0.168 GET /officescan/hotfix_admin/TmUn - 8080 - 10.120.22.35 62691CB3BF62DAF233FB2C02782E7BD2 - 403 1 5 0 2014-08-12 00:56:07 10.120.0.168 GET /officescan/hotfix_admin/TmUn - 8080 - 10.120.22.35 62691CB3BF62DAF233FB2C02782E7BD2 - 403 1 5 0 2014-08-12 00:56:40 10.120.0.168 GET /officescan/hotfix_admin/TmUn - 8080 - 10.120.22.35 62691CB3BF62DAF233FB2C02782E7BD2 - 403 1 5 0
The issue is due to incorrect permissions on the OfficeScan server. To resolve the issue:
- On the OfficeScan server, open the IIS Manager.
- Navigate to Server > Sites > OfficeScan > officescan > hotfix_admin.
- Under the Features View, double-click Handler Mappings.
- On the Actions pane, click Edit Feature Permissions. The Edit Feature Permissions dialog box appears.
- Tick the Script checkbox and click OK.
- Restart the IIS and OfficeScan Master Service.
- Perform a component update on clients.
- Verify that the clients automatically upgrade to the latest version and/or build number.