To resolve the issue, do the following:

1. Back up the original NTSG certificate on the Apex One/OSCE server.
    

   CertificateManager.exe -b is deprecated and it's not possible to back up the certificate anymore after applying Service Pack 3 on OfficeScan XG. Please bypass this step if your OfficeScan/Apex One version is the above.

   Run CMD command with administrator privileges on the Server.

    

   You can locate “CertificateManager.exe” via the following path:

   • For OSCE XG: %Trend Micro%\OfficeScan\PCCSRV\Admin\Utility\CertificateManager
   • For Apex One: %Trend Micro%\Apex One\PCCSRV\Admin\Utility\CertificateManager

    
2. Using “exe”, generate a new Trend Micro certificate and replace the existing one.

   CertificateManager.exe –c [Backup_Password]

   

3. Verify that the OfcNTCer.dat has been recreated：
   1. Open a command line and run: MMC.
   2. Click File > Add or Remove Snap-ins.
   3. Select Certificates > Add > Computer Account > Next > Local Computer > Finish > OK.
   4. Select Console Root > Certificates (Local Computer) > OfficeScan NT > Certificates.
   5. Double-click the OfficeScan Server NTSG and select the General tab.

       

      It will show that the valid time has been changed.

      You may also select the Details tab to check if the serial number has been changed.

4. At this point, the agent side will synchronize "ofcNTCer.dat" with the next update.

   You can also manually trigger the update to synchronize "ofcNTCer.dat".

5. To confirm that the "OfcNTCer.dat" has been synchronized to the agent side, check whether the serial number is same as on the server side.
   1. Copy the OfcNTCer.dat to another folder.
   2. Rename it as OfcNTCer.cer.
   3. Double-click and select Details.
   4. Check the serial number.
    

   You can locate "OfcNTCer.dat" via the following path:

   • For OSCE XG: %Trend Micro%\OfficeScan Client
   • For Apex One: %Trend Micro%\Security Agent