Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabled FIPS algorithm causes failure of policy deployment from Apex Central to Apex One Vulnerability Protection

    • Updated:
    • 23 Jun 2020
    • Product/Version:
    • Apex Central All
    • Apex One All
    • Platform:
Summary

The policy deployment from Apex Central to Apex One Vulnerability Protection fails.

Root Cause Analysis

From Apex One agent ...\Trend Micro\iService\iVP\vp_agent*.log, we can see the errors as below shown:

2020:01:08-11:56:25:213 [VPENG][talkToVpServer:141] g_pfnTmSendHttpToOSCEServer failed, responseCode(27)
2020:01:08-11:56:25:213 [VPENG][ProcessNotify:579] talkToVpServer for heartbeat failed
2020:01:08-12:17:01:470 [VPENG][CmdProcessFn:59] FetchData failed: error=0 (0: ERROR_SUCCESS, 997: ERROR_IO_PENDING)

The logs indicate that the Apex One Agent can not communicate with Apex One Server to report Vulnerability Protections status.

Details
Public

To fix the issue, verify the cryptographic keys on the agent. Do the following:

  1. Open "secpol.msc" using Run or Command Prompt.
  2. Expand Security settings > Local Policies > Security Options.
  3. Go to "System Cryptography: Use FIPS compliant algorithms".
  4. Disable it and try to redeploy the policy again.

If issue persists, check the ofcipcer.dat file:

  1. Navigate to ..\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Pccnt\Common\.
  2. Rename ofcipcer.dat to ofcipcer.cer.
  3. Check the Serial Number, it needs to be the same with the IIS binding certificate.
    If they are not the same, replace ofcipcer.dat by public key. For instructions, refer to:
    Configuring Apex One to use a certificate signed by corporate Certificate Authority
  4. Wait until agent gets the new ofcipcer.dat, then redeploy the policy.
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000250838
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.