Confirm that the server and OfficeScan clients are able to communicate successfully. These steps are useful in:
- Isolating pattern and scan engine update issues
- Troubleshooting clients/agents that appear offline or disconnected, or are missing in the console
- VPN connection check
To investigate communication issues between the server and the client, you need to verify their connection:
- Use the same server and client/agent for all the steps.
- Make sure to take screenshots of all the results you get.
- For testing pre-Win8/2012R2 machines, grab PortQry from Microsoft.
OfficeScan and Apex One use 2-way communication. The agent connects to the server for updates, log uploads, quarantine uploads, and other processes. The server will make connections to the agents to verify their Online/Offline status, as well as to notify agents of changes to configurations and available updates.
More information on the necessary ports and protocols can be found at Ports and protocols used by OfficeScan that should be allowed through a firewall or router.
Please also review this article regarding HTTPS / TLS traffic: Potential issues with HTTPS communication in OfficeScan XG Service Pack 1.
- Identify the agent IP and listening port:
- To identify from the server, navigate to Agents > Agent Management > Locate the endpoint.
You can identify the IP Address for the endpoint, and the listening port configured.
For accurate results, the IP address should be verified on the agent side as communication issues could prevent the IP Address from updating on the console correctly when it changes at the endpoint. - To identify from the endpoint, open a command prompt and run ipconfig to find the IP Address, and then right-click on the agent iconin the system tray and choose "Component Versions".
At the top of the window will display the listening port.
- To identify from the server, navigate to Agents > Agent Management > Locate the endpoint.
- On the OfficeScan/Apex One server:
- Open Internet Explorer.
- In the address bar, enter the following address replacing the IP and port where indicated:
https://<endpoint IP>:<agentport>/?CAVIT
CAVIT must be capitalized. For agents before OfficeScan XG SP1, http must be used instead of https as the communication did not switch to https until XG SP1.
- Hit Enter.
For a successful connection, a warning about the certificate will appear. This is expected as the agent uses an internal signed certificate. Proceed past the warning and a page with a string of text starting with !CRYPT! should appear.
If an error or blank page appears, this test is failed and communication is not occurring.
- Identify the Server IP/FQDN and listening ports.
- Open a web browser on the testing endpoint.
- In the address bar, enter the following address replacing the IP and port where indicated:
https://<OSCE|Apex One SERVER IP>:<https port>/officescan/cgi/cgionstart.exe
For agents before OfficeScan XG SP1, http must be used instead of https as the communication did not switch to https until XG SP1. The HTTP port (default 8080) should also be used in this case.
A blank page with a -2 should appear in the upper-left if successful.
- Also verify if the agent is configured to use these correct ports and IP/FQDN:
From a testing endpoint, open a web browser and enter the following address replacing the IP and port where indicated:
https://<OSCE|Apex One Server IP/FQDN>:<HTTPS PORT>/tmcss/?LCRC=08000000AC41080092000080C4F01936B21D9104
Example:
Result:
When using this test, the "Do not save encrypted page to disk" setting must be disabled as shown below. Otherwise, the test will fail.
If any of the above steps failed, we will want to verify we can reach the remote port on the machine to verify if the port is blocked/closed, or we are getting an unexpected response.
To test a port before Windows 8.1/2012 R2:
- Download the PortQry Tool from Microsoft and extract it to the machine you want to test from.
- Run from a command-line:
PortQry.exe –n <remote IP/FQDN> -e <port>
Example from server to endpoint using information from above:
Example from endpoint to server using information from above: