Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"License deployment was unsuccessful" error when deploying Apex One Vulnerability Protection License

    • Updated:
    • 24 Jun 2020
    • Product/Version:
    • Apex Central 2019
    • Apex One 2019
    • Platform:
Summary

Error "License deployment was unsuccessful" can be seen when deploying license to activate Apex One Vulnerability Protection in Apex Central.

Root Cause Analysis

Based on the Vulnerability Protection Service debug log (e.g. ivp_server0.log located at C:\Program Files (x86)Trend Micro\Apex One\iServiceSrv\iVP\), the following error log generated out which indicates the Vulnerability Protection server fails to validate the Apex One server website certificate.

SEVERE: Failed to start iVP server.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The root cause of this issue could be that the Apex One server is using a certificate with private key un-exportable, which conflicts with Vulnerability Protection server constraints.

Details
Public

There are two conditions in resolving this issue:

If the Apex One server website uses a 3rd party certificate (e,g, a certificate signed by corporate Certificate Authority), follow the article on Configuring Apex One to use a certificate signed by corporate Certificate Authority . In re-importing the certificate, make sure to select the option "Mark this key as exportable..."

If the Apex One server uses self-signed certificate, please follow these steps:

Renew the Apex One server web site certificate.

  1. On the OfficeScan / Apex One server, open a Command prompt and go to this location:

    \Program Files (x86)\Trend Micro\OfficeScan\PCCSRV directory
    \Program Files (x86)\Trend Micro\Apex One\PCCSRV directory

  2. Run the following command to add a new certificate to the IIS certificate store:

    svrsvcsetup –GenIISCert

  3. Confirm that the certificate is renewed.

  4. Open the IIS Manager console (inetmgr.exe).
  5. In the IIS Manager, expand the Sites folder and highlight the OfficeScan virtual site.

  6. In the Actions pane, click Bindings... to open the Site Bindings window.

  7. In the Site Bindings window, select type="https" and click Edit.... The Edit Site Binding window will appear.
  8. From the SSL Certificate section, click Select... and verify that the certificate expiration date has been extended, or select the certificate with the latest expiration date.

  9. Click OK to close the window.

Remove the old web site certificate.

  1. Open the Certificates MMC Snap-In,
  2. Navigate to Certificates (Local Computer) > 'Personal' Store

  3. Find the expired certificate. Right-click on the certificate then select Delete.
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000250013
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.