To fix the issue, verify the cryptographic keys on the agent. Do the following:

1. Open "secpol.msc" using Run or Command Prompt.
2. Expand Security settings > Local Policies > Security Options.
3. Go to "System Cryptography: Use FIPS compliant algorithms".
4. Disable it and try to redeploy the policy again.

If issue persists, check the ofcipcer.dat file:

1. Navigate to ..\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Pccnt\Common\.
2. Rename ofcipcer.dat to ofcipcer.cer.
3. Check the Serial Number, it needs to be the same with the IIS binding certificate.
   If they are not the same, replace ofcipcer.dat by public key. For instructions, refer to:
   Configuring Apex One to use a certificate signed by corporate Certificate Authority
4. Wait until agent gets the new ofcipcer.dat, then redeploy the policy.