The Policy Deployment fails and shows the following status:
Pending: managed server deploying
Root Cause Analysis
The following can be observed in the ivp_server0.log file located at ...\Trend Micro\Apex One\iServiceSrv\iVP:
SEVERE: Failed to start iVP server. com.trendmicro.ivp.integration.osce.osf.webservice.OSFWebServiceException: OSF Web response code: 500. at com.trendmicro.ivp.core.Core.setupOSCEIntegration(Core.java:330) at com.trendmicro.ivp.core.Core.start(Core.java:109) at com.trendmicro.ivp.core.Core.main(Core.java:93) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85) at com.exe4j.runtime.WinLauncher$2.run(WinLauncher.java:90)
The issue occurs because the Vulnerability Protection Service (OSF Service), does not support to run on 32-bit applications under IIS on a x64 platform.
There are two options to resolve this issue:
- Install latest Apex One (hot fix 2022 or higher) patch available.
- Add the Windows account to the IIS_IUSRS group to obtain the correct permissions.
- On the Apex One server computer, navigate to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
- Double-click the SQLTxfr.exe application to run the tool.
- Provide the authentication credentials for the SQL Server database.
The user account must belong to the local administrator group or AD built-in administrator.
- Click Start to apply the configuration changes.
For further reference on the database configuration, refer to this article:
Configuring the SQL Server Database Connection
- Open IIS Manager, click Application Pools under the OfficeScan server, and choose "OfficeScanAppPool". You should see Advanced Settings on the right.
- Open Advanced Settings, and set "Enable 32-Bit Application" to false.
- Repeat Step 1 and Step 2 for "OfficeScanOSFAppPool".
- Navigate to C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Web_OSCE\Web\CGI, and look for the isapiClient.dll file.
- Check the file size of "isapiClient.dll", to identify which is currently in use:
If it is the same with the size of "isapiClientX86.dll", it means you are using isapiClient.dll 32-bit. - Rename "isapiClientx64.dll" to "isapiClient.dll", and replace it.
- Change the value of ISAPI_Extension_X64 in ofcscan.ini:
- Go to ..\PCCSRV\Private\, and open the ofcserver.ini file.
- Search for the [ISAPI_EXTENSION] section.
- Set the value of ISAPI_Extension_X64 to "1".
- Using Services.msc, restart the Apex One Master Service and IIS Admin Service.