This article discusses troubleshooting options you can take when you encounter the following scenarios in WFBS:
- The Security Server is not updating.
- Manual Update is working but Scheduled Update is not.
- You are getting one of the following errors:
- The Security Server was unable to reach the update source
- 100% Not completed
- Generic failure on source network
To resolve the issue, do any of the following:
Sometimes when the Security Server gets updates, it would time out and generate errors in the logs. To resolve this:
Increase the timeout value when the Security Server gets updates
- On the Security Server, open the ..\Program Files\Trend Micro\Security Server\PCCSRV\Admin\aucfg.ini file using a text editor such as Notepad.
- Insert the "timeout=99999" line, as shown below:
[downloader]
retry=3
timeout=99999 - Save and close the file.
- Update the server and verify the new timeout settings.
The issue may also occur when the client is using a proxy server to update. To fix this:
Specify the proxy server on the WFBS console
- Log in to the WFBS console.
- Go to Administration > Global Settings > Proxy tab.
- Under the Security Server Proxy section, update the following:
- Use a proxy server for updates and license notification
- Use SOCKS 4/5 proxy protocol
- Address
- Port
- Proxy server authentication
- User name
- Password
The client sometimes has a firewall that blocks the current update source. To resolve this:
Change the ActiveUpdate source
- Log in to the WFBS console.
- Go to Update > Source.
- Select Alternate update source.
- Use any of the following sources for WFBS:
- WFBS 10.0: https://wfbs-p.activeupdate.trendmicro.com/activeupdate
- WFBS 9.5: http://wfbs95-p.activeupdate.trendmicro.com/activeupdate/
- WFBS 9.0: http://wfbs90-p.activeupdate.trendmicro.com/activeupdate/
- WFBS 8.0: http://wfbs80-p.activeupdate.trendmicro.com/activeupdate/
- WFBS 7.0: http://iau.trendmicro.com/iau_server.dll
- WFBS 6.0: http://wfbs60-p.activeupdate.trendmicro.com/activeupdate
Akamai, Trend Micro's third-party content provider, provides localized cache servers that are geographically located close to you. Since Akamai's server IP addresses change depending on your location (and even under different network conditions), it is best to use the DNS name "trendmicro.georedirector.akadns.net" or "activeupdate.trendmicro.com.edgekey.net " as the basis for your firewall rule.
Add an IP range of ActiveUpdate servers to be excluded on your firewall configuration
This works best if you are connecting using a single ISP.
- Do one of the following:
- WFBS 10.0: Ping "wfbs-p.activeupdate.trendmicro.com"
(includes Smart Scan Agent Pattern) - For WFBS 9.5: Ping "wfbs95-p.activeupdate.trendmicro.com"
- For WFBS 9.0: Ping "wfbs90-p.activeupdate.trendmicro.com"
- For WFBS 8.0: Ping "wfbs80-p.activeupdate.trendmicro.com"
- For WFBS 7.0: Ping "iau.trendmicro.com"
- For WFBS 6.0: Ping "wfbs60-p.activeupdate.trendmicro.com"
- For License update: Ping "licenseupdate.trendmicro.com"
- For AntiSpam source: Ping "csm-as.activeupdate.trendmicro.com"
- For Smart Scan update: Ping "wfbs-lspn20.activeupdate.trendmicro.com"
(Smart Scan Agent Pattern not included) - For AutoUpdate server: Ping "autoupdate.wfbs.trendmicro.com"
- For the OPP (Outbreak Policy Pattern): Ping "oc.activeupdate.trendmicro.com"
You should then be redirected to "e19270.dscd.akamaiedge.net". If you're not able to receive a reply, it might be the firewall that blocks the connection so you need to whitelist the DNS above or the IP range you received from the ping command.
- WFBS 10.0: Ping "wfbs-p.activeupdate.trendmicro.com"
- Change the last octet of the IP address you received to ".255" This should give you the address block for your servers.
The resolved IP addresses can change depending on network traffic, and on whether or not the servers fail. Akamai compensates for this by modifying their DNS to point to a different server set. If this is the case, the procedure above should be repeated again, then add the new server IPs to the list.
Verify if the update sources on the following configurations are correct:
- Open the ..\PCCSRV\Private\ofcserver.ini using a text editor such as Notepad.
- Make sure that the following lines are correct:
UpdateSource=https://wfbs-p.activeupdate.trendmicro.com/activeupdate DefaultAUServer=https://wfbs-p.activeupdate.trendmicro.com/activeupdate DefaultAUServerHttps=https://wfbs-p.activeupdate.trendmicro.com/activeupdate UpdateSource_Schedule=https://wfbs-p.activeupdate.trendmicro.com/activeupdate DefaultAUServer_Schedule=https://wfbs-p.activeupdate.trendmicro.com/activeupdate DefaultAUServerHttps_Schedule=https://wfbs-p.activeupdate.trendmicro.com/activeupdate UpdateSpamSource=https://csm-as.activeupdate.trendmicro.com/activeupdate ScheduleUpdateSpamSource=https://csm-as.activeupdate.trendmicro.com/activeupdate AutoUpdateServerUrl=https://autoupdate.wfbs.trendmicro.com
- Open the ..\PCCSRV\ofcscan.ini using a text editor such as Notepad.
- Make sure that the following lines are correct:
Master_Program_URL=https://wfbs-p.activeupdate.trendmicro.com/activeupdate Trend_AU_Master_Program_URL=https://wfbs-p.activeupdate.trendmicro.com/activeupdate GlobalScanServerAddress=https://wfbs10.icrc.trendmicro.com/tmcss/
- Open the ..\PCCSRV\wss\AU.ini using a text editor such as Notepad.
- Make sure that the following lines are correct:
DefaultAUServer=https://wfbs-lspn20-p.activeupdate.trendmicro.com/activeupdate/
The Security Server might not update due to corrupted pattern files or corrupted update components in the server's cache. To fix this, run the Disk Cleaner tool.
Smart Duplication is a function to reduce the network traffic when updating to ActiveUpdate Server as it only downloads the increment required to brings its existing components to the latest version. This requires more resources as it stores the current components.
You may switch to Site Duplication to download the full pattern every update. However, expect a bandwidth intensive network tradeoff for this function but it will benefit the Security Server as it saves more disk space. To do this:
Change the DuplicationAction of the components on the Security Server
- Open the ..\PCCSRV\Private\component.ini using a text editor such as Notepad.
Back-up the configuration file before doing any modification. Incorrect changes can cause serious problems.
- Replace all "DuplicateAction=80" with "DuplicationAction=0".
- Save the changes.
- Restart Trend Micro Security Server Service.
- Updating the pattern files without internet connection using Intranet
- Manually updating the pattern file of a Security Server and Agents
If the issue still persists, contact Trend Micro Technical Support and provide the Case Diagnostic Tool (CDT) log generated on the WFBS server. For the instructions on how to get this, refer to the Knowledge Base article: Using the CDT to collect all the information needed by Trend Micro Technical Support.
