Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unsuccessful agent deployment of Full Disk Encryption client through Endpoint Encryption Deployment Tool plugin of Apex One

    • Updated:
    • 29 Sep 2020
    • Product/Version:
    • Apex One All
    • Platform:
Summary

This article provides information for when your agent deployment of Full Disk Encryption client through the Endpoint Encryption Deployment Tool plugin of Apex One is unsuccessful.

Pre-requisites

Details
Public

If the installation error is still not clear and it does not fall in the common error codes mentioned above, you may check the following:

The timeout period for agent deployment is 30 minutes. In some cases, AddonClientToolBox.loc does not exist in the folder: [C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Download\Product\enu].

This results to the following entries in the agent update log (Tmudump.txt) on Apex One endpoint:

Inf 20200623 15:41:06 7888 9764 Downloading local sig [http://:8080/officescan/
                                download/product/enu/AddonClientToolBox.loc] to [C:\Program Files (x86)\
                                Trend Micro\OfficeScan Client\AU_Data\AU_Temp\7888_9764\AU_Down\product\enu\
                                AddonClientToolBox.loc]...
Err 20200623 15:41:06 7888 9764 HttpConnection: Client Error: HTTP 404 Not Found

To resolve this issue:

  1. Set the registry key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\TrendMicro\OfficeScan\service\information\] "ALGS"=0

  2. Restart the Apex One Master Service.
  3. Check if the AddonClientToolBox.loc has been generated:

    [C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Download\Product\enu\AddonClientToolBox.loc]

  4. Retry the deployment.

The error may occur if the partition type is GUID Partition Table (GPT), which is not supported by FDE.

From Preinstall Check Report.txt:

Name: Partition Type
Description: The drive has an incompatible partition type.
Status: Fail

To check if the disk uses GPT, open the command prompt as an administrator and type the following commands:

diskpart
list disk

You will see a (*) symbol below GPT.

To resolve the issue, see Converting GUID Partition Table (GPT) Disk to Master Boot Record (MBR) disk in Endpoint Encryption.

 
Do a test on a less critical machine before applying the steps on other machines. Ensure to have a backup before changing the partition type.

This error may show if the disk is a Self-Encrypting Drive (SED). SEDs provide "hardware-based encryption", as opposed to the type of encryption that Full Disk Encryption provides, which is referred to as "software-based encryption".

If this line exist in tmfdeinstall.log, machine is properly encrypted:

[Server]:[Engineering]:detail detectDiskTable[0]: ErrorCode=0, DiskName=sda, DiskIndex=0, Caption=SanDisk SD7TN3Q-256G-1006, DiskID=cd8b11e1-71c3-5905-8d0b-16444815d2e1, SerialNumber=161388406092, Model=, Role=System, Type=SED, Encryption=Hardware, ScratchSpace=Full

We only support the following SED drives:

  • Seagate DriveTrust drives
  • Seagate OPAL and OPAL 2 drives
  • SanDisk self-encrypting solid-state drives

If you want to use software encryption using FDE, proceed with manual deployment by adding FORCESOFTWARE parameter during installation. For more information, see Full Disk Encryption Manual Deployment.

The issue happens because the "File system " Requirements – two partitions: a boot partition and a system partition - are not met:

Error code -17
Installation is unable to continue. Encryption Management for Microsoft BitLocker requires two partitions: a boot partition and a system partition. Endpoint Encryption will encrypt the boot partition. The system partition will remain unencrypted to allow Windows to start. For more information, refer to the documentation of your Windows operating system.

"BitLocker requires two partitions that meet the following requirements:" https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies

"File system " Requirement mentioned in https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-basic-deployment

To resolve the issue, create partition manually. Refer to How to prepare a single partition drive for BitLocker (MBAM) or other Microsoft documents.

The error -35 is Upgrade_UnsupportedVersion. Check if you are installing on a server platform. TMEE agents doesn't support server platforms. Please review the System Requirements.

Server Ofcdebug.log:

[TB_CMDHO2][TmeeDepService.exe]CClientSync::ClientDataWithOSCallBack2 - Sever platform

To view the deployment status, open the log files at:

Client endpointC:\TMEE_Deploy_Client.log
C:\tmfdeinstall.log
C:\PreInstall Check Report.txt
C:\TMFDEUpgradeLog.txt or TMFDEInstall.log
C:\TMFDE (x64).msi.log
C:\TMFIPSSetup (x64).msi.log
C:\Program Files\Trend Micro\Full Disk Encryption\log\fdedebug.log
Server endpointC:\TMEE_Deploy_Server_Inst.log

If the issue still persists, please submit the mentioned logs (if existing) to Trend Micro Technical Support.

Premium
Internal
Partner
Rating:
Category:
Troubleshoot; Deploy
Solution Id:
000274725
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.