To troubleshoot the Enforcement Agent (EA):
-
Check the service status.
- Go to Task Manager > Services.
-
Check if IWSaaSLocalProxy and IWSSrv are both running.
-
Check config.dat.
-
Determine if there's a port conflict.
- Run netstat -ano | findstr 8080.
- Copy the process ID (PID) and open Resource Monitor > Network > Listening Ports.
- Check which process has the same PID (for this case it should be iwsproxysrv.exe. If not, kill the process and check if you can now connect to TMWS).
- Get a copy of netstat (run netsat -ano | findstr 8080 > C:\netstat.txt) and screenshot of Resource Monitor.
-
Check LocalProxy.
-
Check if the port (127.0.0.1:8080) is listening and if it is being used by the local proxy.
Port is opened by the process (PID=4632), which is IWSaaSLocalProxy service, according to the step 1. Check the service status screenshot.
-
Use Telnet to connect to it.
If the connection fails, the EA may not be running properly or the port is blocked.
-
-
Verify if the URL in the address bar will change to http://127.0.0.1:8080... when you try to download the PAC file.
Collect the following and submit to Trend Micro Technical Support to further investigate the issue:
-
Open the installation folder:
- For 64bit OS: C:\program files (x64)\Trend Micro\IWS Enforce Agent\
- For 32bit OS: C:\program files\Trend Micro\IWS Enforce Agent\
- *.log
- config.dat
- pac (folder)
-
Open Command Prompt and execute the following command and get "iwsaas.reg" (on user's Desktop):
reg.exe export "HKLM\Software\TrendMicro\IWSaaS" "%HOMEDRIVE%%HOMEPATH%\Desktop\iwsaas.reg"
-
Open the folder: %appdata%\IWS Enforce Agent
- *.log
-
Wireshark logs:
- Download WireShark from this link: https://www.wireshark.org/download.html.
- Click Capture > Interfaces.
-
Click the Start button beside the active NIC.
Make sure that EA is enabled. For replication, access any websites (such as example.com). Once accessed, open another tab and access the diagnose page.
- Stop debugging.
- Save the file in .pcap format.
- Screenshot of Diagnose Page. Go to "http://diagnose.iws-hybrid.trendmicro.com".
- Screenshot of EA status: From system tray, open Enforcement Agent's status dialog.
-
Screenshot of the network status:
- Open a command prompt.
-
Execute the following command:
- nslookup proxy.iws-hybrid.trendmicro.com
- nslookup proxy.iws-hybrid.trendmicro.com 8.8.8.8
- telnet proxy.iws-hybrid.trendmicro.com 80