Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

CAVIT command verification fails after the client and server have negotiated an SSL protocol in OfficeScan XG/Apex One

    • Updated:
    • 24 Jun 2020
    • Product/Version:
    • Apex One All
    • OfficeScan XG
    • Platform:
    • Windows Server 2008 R2
    • Windows Server 2012
    • Windows Server 2012 R2
    • Windows Server 2016
    • Windows Server 2019
Summary

The Troubleshooting Assistant for Server/ (TA-Server) tool and Troubleshooting Assistant for Agent (TA-Agent) tool detected that the server fails to send the CAVIT command to the agent. This article will guide you on how to resolve the issue.

Details
Public

Server side

After the client and the server successfully negotiate SSL protocol, then the server sends the CAVIT command to the agent.

Agent Status

  • If the CAVIT command failed via the TA-Server tool, on your browser, verify this issue using this link: https://agent-ip-address:port/?CAVIT.
  • Use curl to verify this connection.
    • Download the curl from the following website: https://curl.haxx.se/windows/

      For information on how to install and use curl on windows, refer to the Stack Overflow Q & A post.

    • Run following command:

      curl.exe -k -v https://10.106.186.47:443
      curl.exe -k -v --tlsv1 https://10.106.186.47:443

Agent side

On the agent side, when the SATA tool checks the Tmlisten.exe status, it also uses the CAVIT command to check it status.

Tmlisten failed

  1. The SATA tool checks the agent's registry key "localserverport", this is from the tmlisten process listening port:

    [ X64 ]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion]
    [ X86 ]
    [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion]
    "LocalServerPort"=dword:00005278
  2. The SATA tool checks the agent's regstry key "UseSocketHTTPAdapter", this code means tmlisten used HTTP or HTTPS protocol:

    [ X64 ]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion]
    [ X86 ]
    [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion]
    "UseSocketHTTPAdapter"=dword:00000001
    UseSocketHTTPAdapter=0 means HTTPS protocol
    UseSocketHTTPAdapter=1 means HTTP protocol

    If there is no "UseSocketHTTPAdapter" parameter, this means it used the default setting, UseSocketHTTPAdapter=0.

  3. The SATA tool will use the command "Http(s)://agent-IP-address:localserverport/CAVIT" to verify the connection.

Next Steps

  • If the agent also did not respond to the browser, this means the communication has a problem, you need to first debug the network issue.
  • If the agent has responded to the browser, that means network connection has no problem, please collect the CDT log on the agent and server to analyze the root cause.
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000250199
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.