Views:


Log Collection

  • Permission issue is indicated in the C:\TMSM_Install.log: 
    InstallShield 15:45:11: Invoking script function ChangeClientFoldrACL
1: ServerInfoTool.exe --dir-acl
	"C:\Program Files (x86)\Trend Micro\Apex One\Addon\TMSM\TMSM_HTML\ActiveUpdate\ClientInstall"
	S-1-5-32-546

1: Warning: Unable to set client package folder ACL:2
InstallShield 15:45:11: Setup aborted
InstallShield 15:45:11: CallScriptFunctionFromMsiCA() ends, result 0x642
CustomAction ChangeClientFoldrACL returned actual error code 1602
	(note this may not be 100% accurate if translation happened inside sandbox)

Action ended 15:45:11: ChangeClientFoldrACL. Return value 2.
Action ended 15:45:11: INSTALL. Return value 2.
  • During the Installation, our installation scripts need to modify the ClientInstall folder's ACL, but the operation failed. 
    2022-10-07 15:45:11.8705 INFO [1] ServerInfoTool - ==========================
2022-10-07 15:45:11.8861 INFO [1] ServerInfoTool - = ServerInfoTool Started =
2022-10-07 15:45:11.8861 INFO [1] ServerInfoTool - ==========================
2022-10-07 15:45:11.8861 INFO [1] ServerInfoTool - Called to set update directory ACL
2022-10-07 15:45:11.8861 DEBUG [1] ServerInfoTool - Directory: 
	C:\Program Files (x86)\Trend Micro\Apex One\Addon\TMSM\TMSM_HTML\ActiveUpdate\ClientInstall

2022-10-07 15:45:11.8861 DEBUG [1] ServerInfoTool - SID : S-1-5-32-546
2022-10-07 15:45:11.8861 ERROR [1] ServerInfoTool - System.InvalidOperationException: 
	This access control list is not in canonical form and therefore cannot be modified.

at System.Security.AccessControl.CommonAcl.ThrowIfNotCanonical()
at System.Security.AccessControl.CommonAcl.SetQualifiedAce(SecurityIdentifier sid, 
	AceQualifier qualifier, Int32 accessMask, AceFlags flags, ObjectAceFlags objectFlags, 
	Guid objectType, Guid inheritedObjectType)

at System.Security.AccessControl.DiscretionaryAcl.SetAccess(AccessControlType accessType, 
	SecurityIdentifier sid, Int32 accessMask, InheritanceFlags inheritanceFlags, 
	PropagationFlags propagationFlags)

at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification 
	modification, AccessRule rule, Boolean& modified)

at System.Security.AccessControl.CommonObjectSecurity.SetAccessRule(AccessRule rule)
at TMSM.Setup.ServerInfoTool.addReadExecPermission(String dir, String sid)
at TMSM.Setup.ServerInfoTool.Main(String[] args)

The issue can happens because of one of the scenarios:

  • The user credentials of the current user are not sufficient to perform the action needed by the Apex One Mac installation.
  • There is a process blocking this operation, or the system is configured to block change folder authority.

Resolution

Follow the steps below to resolve the issue:

  1. Contact Trend Micro Technical Support to obtain the TMSM Removal tool.
  2. Extract the TMSM Removal Tool
  3. Start a Command Prompt as Administrator, then change the path to the location of the TMSM Removal tool.
  4. Run the command PsExec.exe -s -i cmd.exe
  5. In the new pop-out cmd.exe window (PsExec change the priority of this new cmd.exe to the system to be able to remove software installation information in the system registry)
  6. Run removeTMSM.bat
  7. Change the path to C:\Program Files (x86)\Trend Micro\Apex One\ in cmd.exe and then execute this command:
    ICACLS Addon /T /C /RESET
     
    This changes the Addon folder to default inherited ACL authority.
     
  8. After all these steps, try to re-login to the Apex One Server and go to the Plugin Manager 
  9. The console should be able to show the latest Apex One (Mac) download button. Download and install the plugin.

Checking TMSM_ServerInfoTool.log, found the following error logs.

2023-10-17 14:09:17.1406 ERROR [1] ServerInfoTool - [updateServerInfoPackages] C:\Program Files (x86)\Trend Micro\Apex One\Addon\TMSM\endpoint_basecamp.conf.plist not exist, skip to add it into ServerInfoHttps.zip
2023-10-17 14:09:17.1596 ERROR [1] ServerInfoTool - System.InvalidOperationException: Diese Implementation ist nicht Teil der FIPS-überprüften kryptographischen Algorithmen für die Windows-Plattform.
bei System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
bei TMSMMainService.Util.Utility.encryptCertificate(String plainFilePath, String cipherFilePath)
bei TMSM.ServerInfo.updateServerInfoPackages(String zipPath, String httpsZipPath, String localZipPath, String tmsmHomeDir)
bei TMSM.ServerInfo.createServerInfoZipPackages(String configPath, String configHttpsPath, String configHttpsLocalPath, String tmsmHomeDir)
bei TMSM.Setup.ServerInfoTool.writeServerInfoToClientPkg(String[] args)
bei TMSM.Setup.ServerInfoTool.Main(String[] args)
System.InvalidOperationException: Diese Implementation ist nicht Teil der FIPS-überprüften kryptographischen Algorithmen für die Windows-Plattform.
bei System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
bei TMSMMainService.Util.Utility.encryptCertificate(String plainFilePath, String cipherFilePath)
bei TMSM.ServerInfo.updateServerInfoPackages(String zipPath, String httpsZipPath, String localZipPath, String tmsmHomeDir)
bei TMSM.ServerInfo.createServerInfoZipPackages(String configPath, String configHttpsPath, String configHttpsLocalPath, String tmsmHomeDir)
bei TMSM.Setup.ServerInfoTool.writeServerInfoToClientPkg(String[] args)
bei TMSM.Setup.ServerInfoTool.Main(String[] args)
2023-10-17 14:09:17.4278 INFO [1] ServerInfoTool -

The issue happen because the policy "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" is enabled.
 

Resolution

Follow the steps below to resolve the issue:

  1. Open Control Panel
  2. Click Administrative Tools, and then double-click Local Security Policy. 
  3. In Security Settings, expand Local Policies, and then click Security Options.
  4. Under Policy in the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, and then click Disabled.
Keywords: apex one mac plugin install error,unable to install apex one mac plugin,apex one mac plugin install error