This article discusses troubleshooting options you can take when you encounter the following scenarios in WFBS:
- The Security Server is not updating.
- Manual Update is working but Scheduled Update is not.
- You are getting one of the following errors:
- The Security Server was unable to reach the update source
- 100% Not completed
- Generic failure on source network
To resolve the issue, do any of the following:
Sometimes when the Security Server gets updates, it would time out and generate errors in the logs. To resolve this:
Increase the timeout value when the Security Server gets updates
- On the Security Server, open the ..\Program Files\Trend Micro\Security Server\PCCSRV\Admin\aucfg.ini file using a text editor such as Notepad.
- Insert the "timeout=99999" line, as shown below:
- Save and close the file.
- Update the server and verify the new timeout settings.
The issue may also occur when the client is using a proxy server to update. To fix this:
Specify the proxy server on the WFBS console
- Log in to the WFBS console.
- Go to Preferences > Global Settings.
- Under the Proxy Information section, update the following:
- Use a proxy server for updates and license notification
- Use SOCKS 4/5 proxy protocol
- Proxy server authentication
- User name
The client sometimes has a firewall that blocks the current update source. To resolve this:
Change the ActiveUpdate source
- Log in to the WFBS console.
- Go to Update > Source.
- Select Alternate update source.
- Use any of the following sources for WFBS:
- WFBS 9.5: http://wfbs95-p.activeupdate.trendmicro.com/activeupdate/
- WFBS 9.0: http://wfbs90-p.activeupdate.trendmicro.com/activeupdate/
- WFBS 8.0: http://wfbs80-p.activeupdate.trendmicro.com/activeupdate/
- WFBS 7.0: http://iau.trendmicro.com/iau_server.dll
- WFBS 6.0: http://wfbs60-p.activeupdate.trendmicro.com/activeupdate
Akamai, Trend Micro's third-party content provider, provides localized cache servers that are geographically located close to you. Since Akamai's server IP addresses change depending on your location (and even under different network conditions), it is best to use the DNS name "trendmicro.georedirector.akadns.net" or "activeupdate.trendmicro.com.edgekey.net " as the basis for your firewall rule.
Add an IP range of ActiveUpdate servers to be excluded on your firewall configuration
This works best if you are connecting using a single ISP.
- Do one of the following:
- For WFBS 9.5: Ping "wfbs95-p.activeupdate.trendmicro.com"
- For WFBS 9.0: Ping "wfbs90-p.activeupdate.trendmicro.com"
- For WFBS 8.0: Ping "wfbs80-p.activeupdate.trendmicro.com"
- For WFBS 7.0: Ping "iau.trendmicro.com"
- For WFBS 6.0: Ping "wfbs60-p.activeupdate.trendmicro.com"
- For License update: Ping "licenseupdate.trendmicro.com"
- For AntiSpam source: Ping "csm-as.activeupdate.trendmicro.com"
- For Smart Scan update: Ping "wfbs6-icss-p.activeupdate.trendmicro.com"
- For the OPP (Outbreak Policy Pattern): Ping "oc.activeupdate.trendmicro.com"
You should then be redirected to "a151.g.akamai.net".
- Change the last octet of the IP address you received to ".255" This should give you the address block for your servers.
The resolved IP addresses can change depending on network traffic, and on whether or not the servers fail. Akamai compensates for this by modifying their DNS to point to a different server set. If this is the case, the procedure above should be repeated again, then add the new server IPs to the list.
The issue may also occur when manual update is working and scheduled update is not in WFBS 6.0. To fix this:
Verify the scheduled update source of WFBS 6.0
- Open the ..\PCCSRV\Private\ofcserver.ini using a text editor such as Notepad.
- Make sure that the following lines are correct:
If the issue still persists, contact Trend Micro Technical Support and provide the Case Diagnostic Tool (CDT) log generated on the WFBS server. For the instructions on how to get this, refer to the Knowledge Base article: Using the CDT to collect all the information needed by Trend Micro Technical Support.