Views:

To troubleshoot the Enforcement Agent (EA):

  1. Check the service status.

    1. Go to Task Manager > Services.
    2. Check if IWSaaSLocalProxy and IWSSrv are both running.

      Module state

    3. Check config.dat.

      1. Go to ...\Trend Micro\IWS Enforcement Agent folder .
      2. Look for config.dat.
      3. Usually the size of config.dat >= 5KB. Sometimes, when the customer does not install the EA properly, the size of config.dat is about 1KB. (Abnormal status).

        Module state

    4. Determine if there's a port conflict.

      1. Run netstat -ano | findstr 8080.
      2. Copy the process ID (PID) and open Resource Monitor > Network > Listening Ports.
      3. Check which process has the same PID (for this case it should be iwsproxysrv.exe. If not, kill the process and check if you can now connect to TMWS).
      4. Get a copy of netstat (run netsat -ano | findstr 8080 > C:\netstat.txt) and screenshot of Resource Monitor.
    5. Check LocalProxy.

      1. Check if the port (127.0.0.1:8080) is listening and if it is being used by the local proxy.

        Module state

        Port is opened by the process (PID=4632), which is IWSaaSLocalProxy service, according to the step 1. Check the service status screenshot.

      2. Use Telnet to connect to it.

        Module state

        If the connection fails, the EA may not be running properly or the port is blocked.

        Module state

    6. Verify if the URL in the address bar will change to http://127.0.0.1:8080... when you try to download the PAC file.

      1. Go to Administration > SERVICE DEPLOYMENT > PAC files.
      2. Copy the address in the PAC file location.

        Module state

      3. Open a browser, paste the URL and observe whether the address will change to http://127.0.0.1:8080... or not.

        Module state

        When the downloaded PAC file is opened, the content should look similar to the following:

        Module state

Collect the following and submit to Trend Micro Technical Support to further investigate the issue:

  1. Open the installation folder:

     
    • For 64bit OS: C:\program files (x64)\Trend Micro\IWS Enforce Agent\
    • For 32bit OS: C:\program files\Trend Micro\IWS Enforce Agent\
     
    • *.log
    • config.dat
    • pac (folder)
  2. Open Command Prompt and execute the following command and get "iwsaas.reg" (on user's Desktop):

    reg.exe export "HKLM\Software\TrendMicro\IWSaaS" "%HOMEDRIVE%%HOMEPATH%\Desktop\iwsaas.reg"

  3. Open the folder: %appdata%\IWS Enforce Agent

    • *.log
  4. Wireshark logs:

    1. Download WireShark from this link: https://www.wireshark.org/download.html.
    2. Click Capture > Interfaces.
    3. Click the Start button beside the active NIC.

      Make sure that EA is enabled. For replication, access any websites (such as example.com). Once accessed, open another tab and access the diagnose page.

    4. Stop debugging.
    5. Save the file in .pcap format.
  • Screenshot of Diagnose Page. Go to "http://diagnose.iws-hybrid.trendmicro.com".
  • Screenshot of EA status: From system tray, open Enforcement Agent's status dialog.
  • Screenshot of the network status:

    1. Open a command prompt.
    2. Execute the following command:

      • nslookup proxy.iws-hybrid.trendmicro.com
      • nslookup proxy.iws-hybrid.trendmicro.com 8.8.8.8
      • telnet proxy.iws-hybrid.trendmicro.com 80