Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"Enable 32-Bit Application" setting in IIS causes "Pending: managed server deploying" error when deploying Apex One Vulnerability Protection Policy from Apex Central

    • Updated:
    • 19 Jun 2020
    • Product/Version:
    • Apex One 2019
    • Platform:
Summary

The Policy Deployment fails and shows the following status:

Pending: managed server deploying

Root Cause Analysis

The following can be observed in the ivp_server0.log file located at ...\Trend Micro\Apex One\iServiceSrv\iVP:

SEVERE: Failed to start iVP server.
com.trendmicro.ivp.integration.osce.osf.webservice.OSFWebServiceException: OSF Web response code: 500.
at com.trendmicro.ivp.core.Core.setupOSCEIntegration(Core.java:330)
at com.trendmicro.ivp.core.Core.start(Core.java:109)
at com.trendmicro.ivp.core.Core.main(Core.java:93)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85)
at com.exe4j.runtime.WinLauncher$2.run(WinLauncher.java:90)

The issue occurs because the Vulnerability Protection Service (OSF Service), does not support to run on 32-bit applications under IIS on a x64 platform.

Details
Public

There are two options to resolve this issue:

  1. Install latest Apex One (hot fix 2022 or higher) patch available.
     
    The hot fix can be obtained from the Apex One Download Center page.
     
  2. Add the Windows account to the IIS_IUSRS group to obtain the correct permissions.
    1. On the Apex One server computer, navigate to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
    2. Double-click the SQLTxfr.exe application to run the tool.
    3. Provide the authentication credentials for the SQL Server database.
       
      The user account must belong to the local administrator group or AD built-in administrator.
       
  3. Click Start to apply the configuration changes.

For further reference on the database configuration, refer to this article:
Configuring the SQL Server Database Connection

  1. Open IIS Manager, click Application Pools under the OfficeScan server, and choose "OfficeScanAppPool". You should see Advanced Settings on the right.

    App Pools

  2. Open Advanced Settings, and set "Enable 32-Bit Application" to false.

    Adv Settings

  3. Repeat Step 1 and Step 2 for "OfficeScanOSFAppPool".
  4. Navigate to C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Web_OSCE\Web\CGI, and look for the isapiClient.dll file.
  5. Check the file size of "isapiClient.dll", to identify which is currently in use:
    If it is the same with the size of "isapiClientX86.dll", it means you are using isapiClient.dll 32-bit.

    Check Size

  6. Rename "isapiClientx64.dll" to "isapiClient.dll", and replace it.
  7. Change the value of ISAPI_Extension_X64 in ofcscan.ini:
    1. Go to ..\PCCSRV\Private\, and open the ofcserver.ini file.
    2. Search for the [ISAPI_EXTENSION] section.
    3. Set the value of ISAPI_Extension_X64 to "1".
  8. Using Services.msc, restart the Apex One Master Service and IIS Admin Service.
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000250842
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.