Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Things to check when the Information Server is unable to update the remote Normal Servers

    • Updated:
    • 30 Dec 2019
    • Product/Version:
    • ServerProtect 5.8
    • ServerProtect for Microsoft Windows/Novell Netware 5.8
    • ServerProtect For Storage 6.0
    • ServerProtect for Storage 6.0
    • Platform:
    • Windows 2000 Advanced Server
    • Windows 2000 Server
    • Windows 2003 Enterprise
    • Windows 2003 Standard Server Edition
    • Windows 2008 Enterprise
    • Windows 2008 Standard

This article lists the things that you need to verify when the ServerProtect Information Server (IS) cannot update the remote Normal Servers (NS).

Things to verify:
  1. Services that should be running automatically:
    • Remote Registry service
    • RPC service
    • RPC locator service
  2. From the NS, ping the IS and vice versa.
  3. Can the update be deployed using the deploy tool located under the \\Sprotect directory?
  4. Does the STOP sign reflect in the console when the NS service has been stopped? This means that the NS can report to the IS.
  5. Open the following ports if there is a firewall in between the NS and IS: 139, 3000-3009, 5005-5014. Make sure that these additional ports are open:
    For the NSs
    TCP: 135, 139, 443, 3628, 4899, 5168
    UDP: 137, 138 , 139
    Important: TCP port 443 is being used by NS to communicate to IS. This is not a web server port in NS, it is by default used by NS.
    For the IS
    TCP: 135, 139, 443, 3628, 4899, 5168, 5005-5014
    UDP: 137, 138 , 139, 3000-3009
    The management console uses port 3000 (UDP) to broadcast and search for the IS. Port 5005 (TCP) is used for communication between the management console as well as the IS. Ports 137 (UDP), 138 (UDP), and 139 (TCP) are used for the IS and NS communication.
    The following are additional TCP ports:
    • Management console listens at ports 1000-1009.
    • IS listens at port 5005-5014 and at ports 3000-3009 for broadcasts.
    • IS listens at 1921 and communicates at port 9921 for NetWare servers.
    • RPC listens to ports 3628 and 5168.
    If these ports are open, would you be able to TELNET these ports from IS to remote NS?
  6. Check if the TCP/IP filtering is enabled on the remote NSs.
    1. Go to TCP/IP properties.
    2. Check Options to verify if this is enabled or disabled. If it is enabled, check if the ports are open.
  7. Edit the tmrpc.ini file to a value of 2.
    Each time an RPC binding wants to be created from an RPC client to an RPC server, the client will read the [DefaultProtocol] section of the TmRPC.ini file (located in the ServerProtect home directory) and then get the RPC server's value.
    • If the value is 1, named pipe is used to connect.
    • If the value is 2, TCP/IP is used to connect.
    The TmRpc.ini file is used to record the communication protocol used in RPC
    For example:
    ServerA=1 // 1 means named pipe
    ServerB=2 // 2 means TCP/IP
  8. Check the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\RestrictAnonymous=2 key. This issue occurs if the registry key has a value of 2.
  9. Do you have log files in your firewall that reflects the failed communication from the IS to the remote NS?
  10. Download the file to verify the communication between IS and remote NS.
    1. Extract rpcread.exe in the root directory of the problematic NS.
    2. Extract rpcsend.exe in the root directory of the IS.
    3. From the NS, go to the command prompt and execute rpcread.exe.
    4. From the IS, go to the command prompt and execute rpcsend.exe.
    5. Type the IP address of the NS.
    6. Type test or any string that you want and press Enter.
    7. From the NS, verify that test or the string that you have typed was received.
  11. If the StUpdate.exe process exists in NS, kill it.
  12. Delete the AC_Up-Rb.tmp and AUSrc.tmp folders under the ServerProtect home directory of NS, then deploy again. These are temporary folders and if deploy fails, NS will keep these two.
  13. If the issue persists, send the following to Trend Micro Technical Support:
    • The result of RPCtalk.
    • The AUBin\Patchdmp.txt from the remote NS.
    • The deploy log for the NS under the \Sprotect\AC_Up-Rb.tmp\temp\tmudump.txt.
    • The firewall settings with screenshots of open ports in the firewall console.
    • Run the ActiveSupport tool on the problem server to get the ActiveSupport log. This is just to get the Basic Product Information and there is no need to replicate the problem yet.
    • The spnt.log on the registry.
    1. Open the regedit file and go to
      Note: Create this file if it does not exist.
    2. Create or modify the String value HomeDirectory to the preferred complete path and filename for the log (ex. C:\spnt.log).
    3. Create or modify the DWORD value MethodMask to 0x00000002 (2).
    4. Create or modify the DWORD value ModuleMask to 0xFFFFFFFF (4294967295).
    5. Create or modify the DWORD value TypeMask to 0x00000003 (3).
    6. Close the registry editor.
      Note: Make sure there is enough disk space on the target drive to hold the log.
    7. Gather the SPNT.log file and turn off the debug.
    8. Turn off the spnt.log file by following the same procedure as enabling it but this time set MethodMask and ModuleMask to 0x00000000 (0).
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.