Summary

There is a failure in deploying policy in Apex One. The following errors can be seen:

• "System error. Error ID: -1” in Apex One server policy
• "System error. Error ID: 420” in Apex One security agent

Root Cause Analysis

• From Apex One ofcserver.ini located at ...\Trend Micro\Apex One\PCCSRV\Private, it shows a different IP Address entry compared to the IP address being accessed by Apex Central during Policy Deployment:

  [SERVER_HOSTINFO]
  IP1=<Different IP Address>
  HOST_NAME=<FQDN of Apex One Server>
  

• From Agent.ini located under ..\Trend Micro\Apex One\PCCSRV\CmAgent\, it shows the same IP Address found on the diagnostic.log of Apex Central:

  IPAddressList=<IP Address found in diagnostic.log>
  

• From Product.ini located under ..\Trend Micro\Apex One\PCCSRV\CmAgent\:

  NAT_Enable=1
  NAT_Port=443
  

This issue is caused by a misconfigured Two-way commnunication port-forwarding setting on the Apex One server. From the findings above, the Two-way communication setting (for the NAT environment) is using the IP address found under Agent.ini, instead of the one found under ofcserver.ini.