The Troubleshooting Assistant for Server/ (TA-Server) tool and Troubleshooting Assistant for Agent (TA-Agent) tool detected that the server fails to send the CAVIT command to the agent. This article will guide you on how to resolve the issue.
After the client and the server successfully negotiate SSL protocol, then the server sends the CAVIT command to the agent.
- If the CAVIT command failed via the TA-Server tool, on your browser, verify this issue using this link: https://agent-ip-address:port/?CAVIT.
- Use curl to verify this connection.
Download the curl from the following website: https://curl.haxx.se/windows/
For information on how to install and use curl on windows, refer to the Stack Overflow Q & A post.
Run following command:
curl.exe -k -v https://10.106.186.47:443
curl.exe -k -v --tlsv1 https://10.106.186.47:443
On the agent side, when the SATA tool checks the Tmlisten.exe status, it also uses the CAVIT command to check it status.
The SATA tool checks the agent's registry key "localserverport", this is from the tmlisten process listening port:
[ X64 ] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion] [ X86 ] [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion] "LocalServerPort"=dword:00005278
The SATA tool checks the agent's regstry key "UseSocketHTTPAdapter", this code means tmlisten used HTTP or HTTPS protocol:
[ X64 ] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion] [ X86 ] [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion] "UseSocketHTTPAdapter"=dword:00000001 UseSocketHTTPAdapter=0 means HTTPS protocol UseSocketHTTPAdapter=1 means HTTP protocol
If there is no "UseSocketHTTPAdapter" parameter, this means it used the default setting, UseSocketHTTPAdapter=0.
- The SATA tool will use the command "Http(s)://agent-IP-address:localserverport/CAVIT" to verify the connection.
- If the agent also did not respond to the browser, this means the communication has a problem, you need to first debug the network issue.
- If the agent has responded to the browser, that means network connection has no problem, please collect the CDT log on the agent and server to analyze the root cause.