Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabled HTTP/2 causes "Product communication error" when deploying Apex One Vulnerability Protection policy from Apex Central

    • Updated:
    • 22 Apr 2020
    • Product/Version:
    • Apex Central All
    • Apex One All
    • Platform:
Summary

When deploying policies from Apex Central to Apex One Vulnerability Protection, the following error details can be seen:

Policy Error ID 5 (Vulnerability Protection Service: Product communication error).
Apex One: Deployed
Endpoint Sensor Service: Deployed
Application Control Service: Deployed
Vulnerability Protection Service: Product communication error.

Root Cause Analysis

This issue is occurs because Apex Central was not able to send request to Apex One Vulnerability Protection server because of the wrong setting of "HTTP/2". The error can be seen in the diagnostic.log file of Apex Central, located under ...\Control Manager\WebUI\WebApp\widget\repository\log\Diagnostic.log:

2020-01-15 17:24:12,144,DEBUG,null,null,[modOSCE IVPProxy][send_policy]In.

2020-01-15 17:24:12,144,DEBUG,null,null,[modOSCE IVPProxy][send_policy]iVP socket timeout: 700

2020-01-15 17:24:12,144,DEBUG,null,null,[modOSCE IVPProxy][send_policy]URL = 
https://apex-one.cjf.local:4343/officescan_ivp/command

2020-01-15 17:24:12,144,DEBUG,null,null,[modOSCE IVPProxy][send_policy]param = 
{"name":"UpdateClientSettings","clientUIDs":["168a7096-6d25-4d55-9dae-7fa5a7fe953e"],
"policyGUID":"6f0fbbd0-9546-4792-9173-7eee4762fa8b","policyVersion":"2020-01-15 19:24:06","clientSettings":
{"vulnerabilityShieldState":0,"fixedSizePatternMode":1,"ipsRules":{"disabledList":[],
"enabledList":[]},"networkEngineSettings":{"settings.configuration.networkDriverMode":"0",
"settings.configuration.packet.driver.timeoutEstab":"3","settings.configuration.packet.driver.timeoutLastAck":"30",
"settings.configuration.packet.driver.timeoutColdStart":"300","settings.configuration.packet.driver.timeoutUdp":"10",
"settings.configuration.packet.driver.maxConnectionsUdp":"1000000",
"settings.configuration.packet.driver.maxConnectionsTcp":"1000000","settings.configuration.packet.driver.ignorestatus0":"0",
"settings.configuration.packet.driver.ignorestatus1":"0","settings.configuration.packet.driver.ignorestatus2":"0",
"settings.configuration.packet.driver.logRules":"-1"}}}

2020-01-15 17:24:12,144,DEBUG,null,null,[HTTPTALK]Failed error code:92

2020-01-15 17:24:12,144,DEBUG,null,null,[HTTPTALK]Failed reason:HTTP/2 stream 0 was not closed cleanly: HTTP_1_1_REQUIRED (err 13)

2020-01-15 17:24:12,144,DEBUG,null,null,[modOSCE IVPProxy][send_policy]Send() failed, 
    error message = HTTP/2 stream 0 was not closed cleanly: HTTP_1_1_REQUIRED (err 13)

2020-01-15 17:24:12,144,DEBUG,null,null,[modOSCE IVPProxy][send_policy]Out.

2020-01-15 17:24:12,144,DEBUG,null,null,[modOSCE IVPProxy][proxy_exec]return code = 2

2020-01-15 17:24:12,144,DEBUG,null,null,[modOSCE IVPProxy][proxy_exec]resultDeploy = , 
errCode = 421, errMessage = Connecting to server failed

2020-01-15 17:24:12,144,DEBUG,null,null,[modOSCE IVPProxy][proxy_exec]Out
Details
Public

To fix the issue:

  1. Install Apex Central HF 4363 or newer hotfix. And in case the issue persists, re-collect Apex Central CDT with issue replication.
  2. If issue persists or if installing a newer HF is not an option, you can try to disable HTTP/2:
    1. Open the Windows Registry Editor.
    2. Navigate to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters.
    3. Add the following as REG_DWORD values to this registry key.
      • EnableHttp2Tls
      • EnableHttp2Cleartext
    4. Set the value of both Registry Keys to 0.
    5. Reboot the Apex one server.
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000250597
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.