When DSM fails to connect to an agent in Deep Security, activation failure may occur for affected servers.
From the troubleshooting steps provided, it appears that DSM is unable to connect to Agent, which is causing the activation failure.
To resolve this issue, it is recommended to involve the network team to open the required port between DSM and the agent. Additionally, the following steps can be performed from Agent and DSM side to further troubleshoot the issue:
For agent offline issues is mainly between Agent installed on the machine and the DSM server. Agent offline issue will occur because of the following.
1. The VM / Machine is OFF
2. The Agent Service is STOPPED
3. There is a network issue between Agent and DSM server
4. There is a DNS issue between Agent and DSM server
Action from DSM Server / Console side.
- DSM Console >> Computers >> double click affected computer
- Under general >> click clear warnings and errors, perform check status, check if the issue persist.
- From DSM Server, perform communication test below
- ping the hostname or IP of the affected computer
- nslookup the hostname or IP of the affected computer
- telnet the hostname or IP of the affected computer at port 4118
Agent Side Troubleshooting
If all of the above steps result is Ok, proceed to computer side troubleshooting
-Check if the computer is ON
Linux Agent
-SSH to the affected computer
- Verify that the agent is running
-On Linux, open a terminal and enter the command for a process listing. Look for the service named ds_agent or ds-agent, such as:
sudo ps -aux | grep ds_agent
sudo service ds_agent status
Windows Agent
- RDP to the affected computer
- Verify that the agent is running
- On Windows, open the Microsoft Windows Services Console (services.msc) or Task Manager. Look for the service named ds_agent.
- Open DSA notifier and check the agent status.
Agent Network Troubleshooting
- If all of the steps above is working, perform communication test below
- ping the hostname or IP of the DSM server
- nslookup the hostname or IP of the DSM server
- telnet the hostname or IP of the DSM server at port 4120
- if all of the above test has failed ,please consult your network and Admin team for Network and DNS troubleshooting.
Log Collection
if all of the above test has passed and still the same issue please create diagnostic package on the agent side.
Linux
1. Establish an SSH connection for the server that you want to generate the package for.
2. Open terminal, switch to root and run the following:
sudo /opt/ds_agent/dsa_control -d
The output shows the name and location of the diagnostic package: /var/opt/ds_agent/diag
Windows
1. Connect to the server you want to generate the package for using a Remote Desktop Connection.
2. Open a command prompt as an administrator and run the following commands:
cd C:\Program Files\Trend Micro\Deep Security Agent
dsa_control.cmd -d
The output shows the name and location of the diagnostic ZIP package: C:\ProgramData\Trend Micro\Deep Security Agent\diag
For Windows 2003, it should be under C:\Documents and Settings\All Users\Application Data\Trend Micro\Deep Security Agent\diag\
Note: Package creation may take some time, please wait for the zip file to be created.
Submit a case to Trend micro technical support and attach the diagnostic logs including the troubleshooting steps that you have performed together with the screenshots of the test results.
Performing these steps and providing the results to Trend Micro support can help identify the root cause of the issue and facilitate a resolution.