Server side
After the client and the server successfully negotiate SSL protocol, then the server sends the CAVIT command to the agent.
- If the CAVIT command failed via the TA-Server tool, on your browser, verify this issue using this link: https://agent-ip-address:port/?CAVIT.
- Use curl to verify this connection.
-
Download the curl from the following website: https://curl.haxx.se/windows/
For information on how to install and use curl on windows, refer to the Stack Overflow Q & A post.
-
Run following command:
curl.exe -k -v https://10.106.186.47:443
curl.exe -k -v --tlsv1 https://10.106.186.47:443
-
Agent side
On the agent side, when the SATA tool checks the Tmlisten.exe status, it also uses the CAVIT command to check it status.
-
The SATA tool checks the agent's registry key "localserverport", this is from the tmlisten process listening port:
[ X64 ] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion] [ X86 ] [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion] "LocalServerPort"=dword:00005278
-
The SATA tool checks the agent's regstry key "UseSocketHTTPAdapter", this code means tmlisten used HTTP or HTTPS protocol:
[ X64 ] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion] [ X86 ] [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion] "UseSocketHTTPAdapter"=dword:00000001 UseSocketHTTPAdapter=0 means HTTPS protocol UseSocketHTTPAdapter=1 means HTTP protocol
If there is no "UseSocketHTTPAdapter" parameter, this means it used the default setting, UseSocketHTTPAdapter=0.
- The SATA tool will use the command "Http(s)://agent-IP-address:localserverport/CAVIT" to verify the connection.
Next Steps
- If the agent also did not respond to the browser, this means the communication has a problem, you need to first debug the network issue.
- If the agent has responded to the browser, that means network connection has no problem, please collect the CDT log on the agent and server to analyze the root cause.