Views:

From IIS log, 403 16 was found

2023-08-17 17:48:15 fe80::65f9:93cf:2ea5:c218%3 POST /officescan/osfwebapp/api/v2/SystemCall/scid/OSF_SYSCALL_ONREGISTER/scc/OSF_IPRODUCT_IAC - 4343 - fe80::65f9:93cf:2ea5:c218%3 ApexOne-OSF_IPRODUCT_IAC-OSF_SYSCALL_ONREGISTER - 403 16 2148204809 6
    2023-08-17 17:48:16 fe80::65f9:93cf:2ea5:c218%3 POST /officescan/osfwebapp/api/v2/SystemCall/scid/OSF_SYSCALL_GET_SERVER_INFO/scc/OSF_IPRODUCT_IAC - 4343 - fe80::65f9:93cf:2ea5:c218%3 ApexOne-OSF_IPRODUCT_IAC-OSF_SYSCALL_GET_SERVER_INFO - 403 16 2148204809 8
    2023-08-17 17:48:15 fe80::65f9:93cf:2ea5:c218%3 POST /officescan/osfwebapp/api/v2/SystemCall/scid/OSF_SYSCALL_ONREGISTER/scc/OSF_IPRODUCT_IAC - 4343 - fe80::65f9:93cf:2ea5:c218%3 ApexOne-OSF_IPRODUCT_IAC-OSF_SYSCALL_ONREGISTER - 403 16 2148204809 6
    2023-08-17 17:50:12 192.168.2.32 POST /officescan/osfwebapp/api/v2/SystemCall/scid/OSF_SYSCALL_ONREGISTER/scc/OSF_IPRODUCT_IVP - 4343 - 192.168.2.32 ApexOne-OSF_IPRODUCT_IVP-OSF_SYSCALL_ONREGISTER - 403 16 2148204809 101


The error is also found from ofcdebug.log

  <h3>HTTP Error 403.16 - Forbidden</h3> 
    <h4>Your client certificate is either not trusted or is invalid.</h4>


Solution: 

 1. Find certificate with different issue and subject name

 A) This PowerShell command will identify non-self-signed certificates:

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject}


B) This PowerShell command moved these non-self-signed certificates into the Intermediate Certification Authorities (i.e. CA) store:

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Move-Item -Destination Cert:\LocalMachine\CA


2. Change ClientAuthTrustMode to 2 as reg key below
 

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel]

   ClientAuthTrustMode=2


Reference:   https://docs.microsoft.com/en-us/windows-server/security/tls/what-s-new-in-tls-ssl-schannel-ssp-overview

3. Run Svrsvcsetup.exe to test OSF connection
  A) Switch to %ApexOneInstallFolder%\PCCSRV\ directory
  B) Enter below command in cmd

  svrsvcsetup_64x.exe -testOSFWebApp

  C) Verify status code of URI request(api/v1/SystemCall or api/v2/SystemCall/scid/OSF_SYSCALL_ECHOV2) in IIS log, 200 for success, others for failure

  eg.  ... /officescan/osfwebapp/api/v2/SystemCall/scid/OSF_SYSCALL_ECHOV2/scc/OSF_IPRODUCT_OSCE - 4343 - 10.1.1.1 ApexOne-MSVC-OSF-OSF_SYSCALL_ECHOV2


Reference for the Solution: Policy Deploy - US SEG - JARVIS Wiki (trendmicro.com)