Troubleshooting Security Server update issues in Worry-Free Business Security (WFBS)

Sometimes when the Security Server gets updates, it would time out and generate errors in the logs. To resolve this:

Increase the timeout value when the Security Server gets updates

1. On the Security Server, open the ..\Program Files\Trend Micro\Security Server\PCCSRV\Admin\aucfg.ini file using a text editor such as Notepad.
2. Insert the "timeout=99999" line, as shown below:

   [downloader]
   retry=3
   timeout=99999

3. Save and close the file.
4. Update the server and verify the new timeout settings.

The issue may also occur when the client is using a proxy server to update. To fix this:

Specify the proxy server on the WFBS console

1. Log in to the WFBS console.
2. Go to Preferences > Global Settings.
3. Under the Proxy Information section, update the following:
   • Use a proxy server for updates and license notification
   • Use SOCKS 4/5 proxy protocol
   • Address
   • Port
   • Proxy server authentication
     • User name
     • Password

The client sometimes has a firewall that blocks the current update source. To resolve this:

Change the ActiveUpdate source

1. Log in to the WFBS console.
2. Go to Update > Source.
3. Select Alternate update source.
4. Use any of the following sources for WFBS:
   • WFBS 9.0: http://wfbs90-p.activeupdate.trendmicro.com/activeupdate/
   • WFBS 8.0: http://wfbs80-p.activeupdate.trendmicro.com/activeupdate/
   • WFBS 7.0: http://iau.trendmicro.com/iau_server.dll
   • WFBS 6.0: http://wfbs60-p.activeupdate.trendmicro.com/activeupdate

Akamai, Trend Micro's third-party content provider, provides localized cache servers that are geographically located close to you. Since Akamai's server IP addresses change depending on your location (and even under different network conditions), it is best to use the DNS name "trendmicro.georedirector.akadns.net" or "activeupdate.trendmicro.com.edgekey.net " as the basis for your firewall rule.

Add an IP range of ActiveUpdate servers to be excluded on your firewall configuration

This works best if you are connecting using a single ISP.

1. Do one of the following:
   • For WFBS 9.0: Ping "wfbs90-p.activeupdate.trendmicro.com"
   • For WFBS 8.0: Ping "wfbs80-p.activeupdate.trendmicro.com"
   • For WFBS 7.0: Ping "iau.trendmicro.com"
   • For WFBS 6.0: Ping "wfbs60-p.activeupdate.trendmicro.com"
   • For License update: Ping "licenseupdate.trendmicro.com"
   • For AntiSpam source: Ping "csm-as.activeupdate.trendmicro.com"
   • For Smart Scan update: Ping "wfbs6-icss-p.activeupdate.trendmicro.com"
   • For the OPP (Outbreak Policy Pattern): Ping "oc.activeupdate.trendmicro.com"

   You should then be redirected to "a151.g.akamai.net".

2. Change the last octet of the IP address you received to ".255" This should give you the address block for your servers.

   The resolved IP addresses can change depending on network traffic, and on whether or not the servers fail. Akamai compensates for this by modifying their DNS to point to a different server set. If this is the case, the procedure above should be repeated again, then add the new server IPs to the list.

The issue may also occur when manual update is working and scheduled update is not in WFBS 6.0. To fix this:

Verify the scheduled update source of WFBS 6.0

1. Open the ..\PCCSRV\Private\ofcserver.ini using a text editor such as Notepad.
2. Make sure that the following lines are correct:

   EnableScheduleUpdate=1
   UpdateSource_Schedule=http://wfbs60-p.activeupdate.trendmicro.com/activeupdate
   ScheduleUpdateSpamSource=http://csm-as.activeupdate.trendmicro.com/activeupdate

The Security Server might not update due to corrupted pattern files or corrupted update components in the server's cache. To fix this, run the Disk Cleaner tool.