- Scenarios
After upgrading Apex One on-prem servers to the version which supports Complimentary XDR, Endpoint Basecamp is deployed and installed on endpoints by Apex One servers. These are Trend Vision One (V1) agents.
Now, the Apex One agent and V1 agent are both on an endpoint. If the Apex One on-prem servers are not yet onboarded to a Trend Vision One company, V1 agents are not shown on the Trend Vision One console.
Then, at some time point, users migrate the Apex One agents from Apex One On-prem server or OfficeScan XG to a new Apex One SaaS server, and are confused about why V1 agents are not shown in the EI App also as well.
Since Apex One agent migration does not include V1 agents, these V1 agents are still under the original Apex One on-prem tenant, instead of the new Apex One SaaS tenant (Apex One SaaS server).
Moreover, the on-prem Apex One server in which the V1 agents belong to, has not been onboarded yet to Trend Vision One.
Before Action
On-Prem Server was never onboarded to Trend Vision One therefore, the V1 tenant is not connected to V1 company/console.
Resolution
To resolve the issue:
- Check the configuration ofcserver.ini file (C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Private) and navigate to XDR section.
- If IsOnboarded =0 then run this command:
SvrSvcSetup.exe -PrepareXBCpatch -AcceptXBCPII yes
The Activation code needs to be aligned with the V1 instance CLP that you are using.After Action
After SVRSVCSETUP.exe is run and the blue bar is clicked. i.e current promotion/V1 sign in's expected behavior is that A1 server will be fully onboarded and machines are visible in Trend Vision One from that server.
To know how to onboard A1 on-prem server via the blue bar, refer to the Apex One On-Premise Onboarding Process section of KB 000259520.Not Supported for onboarding
- XG Servers after EOL due to the fact that Flywheel cannot be done from a EOL Product
Solution: Upgrade to a Supported Version or Manually onboard
- LMP Licenses
- Due to its specific license type, onboarding via the blue bar is not permitted.
- LMP license is for Trend's partners. Partners will provide services or manage their customers based on the LMP license.
- The major concern is that we are unsure how partners manage or sell this product. Partner may use the one license to manage multiple customers and Trend Micro is unable to know the partner's customer information.
- The significant risk is that this tenant may contain other companies' agents and data.
Solution: Reinstall Endpoint Basecamp using the install file on the V1 Console.
Users need to uninstall old Endpoint Basecamp on endpoints first, and then install the new Endpoint Basecamp which is downloaded from the users' current EI console.
In this scenario this will not be possible to follow procedure in previous scenario.
You will need to reach out to Trend Micro Technical Support for assistance in onboarding and provide us the following information:
Since Apex One on-prem server is decommissioned, we can only onboard Apex One on-prem server by backend operation. When giving Technical Support information to onboard, please provide the Apex One “on-prem” servers’ information, not the Apex One SaaS servers’.- XDR Device IDs of sample missing machines : Extracted from XBC Logs or HKLM\SOFTWARE\WOW6432Node\TrendMicro\TMSecurityService\xdr_device_id
- Apex Server GUID
- Apex Server Activation Code
- CLP Company ID: The CLP Company ID where it should be present
The majority of deleted endpoints will come via inactive agent removal.
To verify, go to Audit logs:
Administration > Audit logs > Endpoint Inventory
C1WS endpoints are not expected to show in Endpoint Inventory due to the fact that they do not have endpoint basecamp installed.
Cause of Missing Agents Issue with VM/VDI Environment
Install the agent-installer (Endpoint Basecamp) in an VM/VDI environment by the following steps:
- Preinstall the Endpoint Basecamp in their base image, such as golden image for VDI, or sys-prep-ed image for new machine installation.
- Use the base image to provision multiple endpoints.
This would result in multiple machines being identified as the same one (share the same deviceID).
Thus, users will see only one endpoint record in the Endpoint Inventory App and think there are some endpoints missing from the EI App.
How to Resolve and Avoid the Issue
The agents that share one deviceID should be resolved as soon as possible, regardless of whether the customer has started using security configuration policies or not.
Therefore, users are requested to do the following:
- If you are using the Image Setup Tool, convert your Trend Vision One account to policy-based.
- Adjust the current base images.
Make sure to use the Image Setup Tool to configure virtual desktops when deploying in a Virtual Desktop Infrastructure (VDI) environment.
For more information on virtual desktops, refer to the Trend Vision One Online Help topic: Deploying the Agent Installer to Virtual Desktops .
- For the endpoints that have already been provisioned from the problematic base images:
Please re-provision these endpoints by the new base image you generated by above steps.
Alternative, if you do not want to convert the Trend Vision One account to policy-based, or if the endpoint is a persistent machine and unable to re-provisioned by the new base image set up by Image Setup Tool, ask assistance from Trend Micro Technical Support to uninstall the old Endpoint Basecamp and then install Endpoint Basecamp again. After the process, the endpoints will obtain a unique device id.
- Check the configuration ofcserver.ini file (C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Private) and navigate to XDR section.
- Provide the XBC log from the missing endpoints.
There are several possible root causes which lead to missing agents. The XBC log is needed to know the missing endpoint's XDR device ID and other information. We can identify which tenant the missing endpoint belongs to based on the XBC log.
XBC Logs are located in C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\log
For support assistance, please contact Trend Micro Technical Support.