The Message Box feature should follow the below constraints:

1. The NS server and the target server joined in the same domain.
2. The NS server was installed with a domain administrator account.
   1. For new installations, as shown, the domain administrator account is mandatory.

      

   2. For existing installations, if the NS server was installed with a local administrator account, then you should run the tool SetUserInfo.exe to modify this account to the domain administrator account.
      • The default location for a 32-bit operating system is C:\Programe Files\Trend\SProtect.
      • The default location for a 64-bit operating system is C:\Programe Files\Trend\SProtect\x64.
3. On the target server, check whether the following registry key has been set to "1":

   HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\AllowRemoteRPC

FAQ

If SPFS had generated a standard alert or outbreak alert, but the target server didn’t pop-up an alert message, please collect CDT logs and Wireshark package and reproduce this issue.

Three error codes can be frequently seen in the Wireshark package.

• The first one is NT_Status: STATUS_TRUSTED_RELATIONSHIP_FAILURE(0xc000018d), as shown below, which means that the logon request failed because the trust relationship between the workstation and the primary domain failed.

  

  To resolve this issue, remove the target server from the domain, and then connect the target server to the domain.

• The second one is NT_Status: STATUS_LOGON_FAILURE(0xc000006d), as shown below, which means the attempted logon is invalid. This is either due to a bad username or authentication information.

  

  Please check whether the user has permission to logon the target server.

• The third one is NT_Status: STATUS_INVALID_PARAMETER (0xc000000d), as shown below, which means an invalid parameter was passed to a service or function.

  

  Please check whether the following registry key had been set to 1:

  HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\AllowRemoteRPC