Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Error "HTTP Status: 400" when activating an agent in Cloud One - Workload Security

    • Updated:
    • 22 Sep 2020
    • Product/Version:
    • Cloud One - Workload Security Not Applicable
    • Platform:

The following error is showing after trying to activate the Cloud One Workload Security Agent.

Activation will be re-attempted 30 time(s) in case of failure
HTTP Status: 400 - OK
Attempting to connect to
SSL handshake completed successfully - initiating command session.
Connected with ECDHE-RSA-AES256-GCM-SHA384 to peer at
Error: activation was not successful. The manager may not be configured to allow agent-initiated activation,
or the manager may not be configured to allow re-activation of existing hosts

To resolve this issue, follow the recommendations below.

  • Check the Agent activation syntax for any typographical errors.

    The following is the syntax for activating the Agent manually:

    dsa_control -a dsm:// "tenantID:<tenant ID>" "token:<token>"

    To find the appropriate values for <tenant ID> and <token> in the Workload Security console, go to Support > Deployment Scripts, scroll to the end of the script that is generated, and copy the tenant ID and token values.

    To avoid errors, you can activate the agent through a deployment script. See Use deployment scripts to add and protect computers for details.

  • Double-check the Agent-Initiated Activation settings.

    Under Administration > System Settings > Agents, in the Cloud One Workload Security console, verify the Agent-Initiated Activation setting. The Allow-Agent-Initiated Activation box should be checked:

  • Check the communication between Agent and Manager.

    You can follow these steps to verify the communication of the machine to the Cloud One Workload Security servers:

    1. Open Command prompt. Check if you can resolve the following hostname. If the hostname can't be resolved, fix the DNS settings of the server.


    2. Do a telnet test to the following URLs:

      telnet 443
      telnet 443

    If the activation is still failing, verify if you have an access list, security group, a Firewall or any device that might be blocking the connection or has SSL inspection enabled. The port number, URLs, IP addresses and protocols being used by Cloud One - Workload Security can be found on this article. If you are using a proxy, you can refer to this article for the configuration steps.

  • Verify Agent service status.

    Make sure that the agent service is running. If it is, try restarting the agent service and reactivate the agent again.

    For Windows:

    1. Open Command prompt.
    2. Run the following agent commands:

      cd C:\Program Files\Trend Micro\Deep Security Agent
      dsa_control -s 0 -p <password>

    3. Open Services.msc.
    4. Restart the Trend Micro Deep Security Agent service.
    5. Re-try the agent activation command.

    For Linux:

    1. Run the following command:

      sudo service ds_agent restart

    2. Re-try the agent activation command.
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.