Confirm that the server and Officescan clients are able to communicate successfully. These steps are useful in:
- Isolating pattern and scan engine update issues
- Troubleshooting clients/agents that appear offline or disconnected, or are missing in the console
- VPN connection check
To investigate communication issues between the server and the client, you need to verify their connection:
- Use the same server and client/agent for all the steps.
- Make sure to take screenshots of all the results you get.
- To enable the telnet command in Windows 7, follow the steps in the Microsoft article: Install Telnet Client.
- From the Security Server, ping the IP address of the client/agent that has the issue.
- On Client Security Agent, open the Registry Editor (regedit.exe). In 64 bit environments, the product is always found in the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Note\TrendMicro\PC-cillinNTCorp\CurrentVersion hive.
- Go to the HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion hive and take note of the value for the registry key "LocalServerPort". This is the client/agent port. Use the decimal value.
- Go back to the OfficeScan server and then open a command prompt and run this command:
telnet<space><client IP address><space><value of the client port>
- Open Internet Explorer then type the following in the address bar:
http://<client's IP address>:<local server port>/?CAVITExample: http://192.168.16.10:12345/?CAVIT
If you get a result "!CRYPT!...", it means that the port is open in the client/agent and the connection from server to client/agent should work. Otherwise, there is a problem with the connection.Since OfficeScan XG SP1, the default communication protocol has been changed to HTTPS. Try this command if you experience HTTP testing failure:
− https://<Agent IP Address>:<ListeningPort>/?CAVIT
- On the OfficeScan client, open the Registry Editor (regedit.exe).
- Go to the HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion hive and take note of the values of the following registry keys:
- "Server" - This is the OfficeScan server name the OfficeScan client/agent is reporting to
- "ServerSSLPort" - This is the server port number of the OfficeScan server/Security Server. Use the decimal value.
- If you are using OfficeScan 10.6 / 11.0 / XG, perform steps a-d. Steps 8a-8d are only necessary for issues with the Smart Scan feature, which is only available in OfficeScan 10.6 and above.
- Go to the HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\iCRC\Scan Server hive.
- Take note of the value for the "LocalScanServerUrl" registry key. This is the server name of the client/agent.
- To verify if the Smart Scan server is available, open Internet Explorer, then type the following URL in the address bar:
If the browser returns a File Download Security Warning pop-up window, the Scan Server is enabled and accessible:
File Download: Security Warning
Do you want to save this file?
Type: Unknown File Type, 4 bytes
From:When using this test, the "Do not save encrypted page to disk" setting must be disabled as shown below. Otherwise, the test will fail.
Make sure to use the port you find in your registry:
For OfficeScan 10.x / 11.0 / XG, the port is usually 4345.
For OfficeScan 10.x and 11.0 using Apache, the port is normally 4343.
- Go to Step 10.
- From the client/agent, ping the server name of the OfficeScan server.
telnet<space><server name><space><value of the server port>For the server name, make sure to use the full name you find in the registry key "Server".
To enable the telnet command in Windows 7, follow the steps in the Microsoft article: Install Telnet Client.
- Open Internet Explorer then type the following URL in the address bar:
- For OfficeScan: "http://<server name>:<value of the server port>/officescan/cgi/cgionstart.exe"
If the next screen shows "-2", this means the client/agent can communicate with the server. Otherwise, there is a problem with the connection.
- Send the screenshots of the results to Trend Micro Technical Support for further analysis. For OfficeScan 10.6 or later, also send the file you obtained in Step 8c.
For offline clients/agents, run the following command to check if the tmlisten port is open:
netsh firewall show state