1. Identify the agent IP and listening port:
   • To identify from the server, navigate to Agents > Agent Management > Locate the endpoint.

     You can identify the IP Address for the endpoint, and the listening port configured.

      

     For accurate results, the IP address should be verified on the agent side as communication issues could prevent the IP Address from updating on the console correctly when it changes at the endpoint.

     

   • To identify from the endpoint, open a command prompt and run ipconfig to find the IP Address, and then right-click on the agent iconin the system tray and choose "Component Versions".

     At the top of the window will display the listening port.

     

2. On the OfficeScan/Apex One server:
   1. Open Internet Explorer.
   2. In the address bar, enter the following address replacing the IP and port where indicated:

      https://<endpoint IP>:<agentport>/?CAVIT

      CAVIT must be capitalized. For agents before OfficeScan XG SP1, http must be used instead of https as the communication did not switch to https until XG SP1.

   3. Hit Enter.

      For a successful connection, a warning about the certificate will appear. This is expected as the agent uses an internal signed certificate. Proceed past the warning and a page with a string of text starting with !CRYPT! should appear.

      If an error or blank page appears, this test is failed and communication is not occurring.

      

      

1. Identify the Server IP/FQDN and listening ports.
   • IP/FQDN can be gotten from the web console address, ipconfig as in Step 1, or web console by Web Console > Administration > Agent Connection.
   • Ports can be identified either by:
     • Web Console > Administration > Agent Connection
     • IIS Manager > Sites > OfficeScan > Edit Bindings

       

2. Open a web browser on the testing endpoint.
3. In the address bar, enter the following address replacing the IP and port where indicated:

   https://<OSCE|Apex One SERVER IP>:<https port>/officescan/cgi/cgionstart.exe

   For agents before OfficeScan XG SP1, http must be used instead of https as the communication did not switch to https until XG SP1. The HTTP port (default 8080) should also be used in this case.

   A blank page with a -2 should appear in the upper-left if successful.

4. Also verify if the agent is configured to use these correct ports and IP/FQDN:
   1. Right-click the agent in the system tray.
   2. Choose "Component Versions".
   3. Verify the Server name/port: line is correct.

      

From a testing endpoint, open a web browser and enter the following address replacing the IP and port where indicated:

https://<OSCE|Apex One Server IP/FQDN>:<HTTPS PORT>/tmcss/?LCRC=08000000AC41080092000080C4F01936B21D9104

Example:

Result:

When using this test, the "Do not save encrypted page to disk" setting must be disabled as shown below. Otherwise, the test will fail.

If any of the above steps failed, we will want to verify we can reach the remote port on the machine to verify if the port is blocked/closed, or we are getting an unexpected response.

To test a port before Windows 8.1/2012 R2:

1. Download the PortQry Tool from Microsoft and extract it to the machine you want to test from.
2. Run from a command-line:

   PortQry.exe –n <remote IP/FQDN> -e <port>

   Example from server to endpoint using information from above:

   

   Example from endpoint to server using information from above:

   

To test a port from Windows 8.1/2012 R2 and up:

1. Open a Powershell window on the machine testing from.
2. Use the Test-NetConnection command:

   Test-NetConnection –ComputerName “<ComputerName>” (or IP) –Port <PortNumber>

   Example from server to endpoint using information from above:

   

   Example from endpoint to server using information from above:

   

1. Open a command prompt on the machine to verify.
2. Run the following command to verify the port state with the Windows Firewall:

   Netsh firewall show state

   Example: