Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Stuck at Pending status when deploying policy from Apex Central to Apex One

    • Updated:
    • 15 May 2020
    • Product/Version:
    • Apex Central All
    • Apex One All
    • Platform:
Summary

When deploying a policy from Apex Central to Apex One, the stattus is stuck in "Pending" and does not change.

Errors can be seen in the following log files:

  • In the ofcdebug.log:
    2020 03/03 10:22:10 [12ec : 2490] (00) (E) [][ofcservice.exe]BoostHTTPClient::receive - 
        http response code=403 - [libosfsvcclienthttpclient.cpp(101)]
    
  • In the IIS logs:
    2020-03-03 15:29:51 172.17.0.126 POST /officescan/osfwebapp/api/v1/SystemCall - 4343 - 
        172.17.0.126 Java/11.0.3 - 403 16 2148204809 1734
    
Details
Public

To fix the issue, add the registry key "ClientAuthTrustMode". Do the following:

  1. Find the certificate with different issuer and subject name:

    • This PowerShell command will identify non-self-signed certificates:

      Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject}

      This command will examine all the root certificates to see if their certification authority are all in the Trusted Root Certification Authorities store, and list any non–self-signed certificates whose "Issued To" and "Issued By" values are not an exact match.

    • This PowerShell command moved these non-self-signed certificates into the Intermediate Certification Authorities (i.e. CA) store:

      Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Move-Item -Destination Cert:\LocalMachine\CA

      For the details, refer to the Microsoft KB: "HTTP Error 403.16 - Forbidden" when you try to access a website that's hosted on IIS 7.0.

  2. Change the ClientAuthTrustMode value to "2" as reg key:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel]
    Name: ClientAuthTrustMode
    Type: REG_DWORD
    Value: 2

    ClientAuthTrustMode values and description:

    ClientAuthTrustMode values

    For more details, refer to the Microsoft KB: Overview of TLS - SSL (Schannel SSP).

Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000250843
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.