Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unable to resolve the Trend Micro ActiveUpdate server domain names and download updates on Windows Server 2008 R2

    • Updated:
    • 22 Oct 2015
    • Product/Version:
    • Control Manager 6.0
    • PortalProtect 2.0
    • PortalProtect 2.1
    • ScanMail for Exchange 11.0
    • ServerProtect for Microsoft Windows/Novell Netware 5.7
    • ServerProtect for Microsoft Windows/Novell Netware 5.8
    • Platform:
    • Windows 2008 Server R2
Summary

The Windows 2008 R2 systems are unable to ping and resolve the IP addresses of the ActiveUpdate servers and download updates for the installed Trend Micro products.

Details
Public

This issue happens because of the Windows Server 2008 R2 DNS Server that is looking up Internet names.

In Server 2008 R2, Microsoft enabled the EDNS support by default. In the operating systems prior to Server 2008 R2, the DNS packets carried by UDP were restricted to 512 bytes. Enabling EDNS allows for larger UDP packets if the DNS servers support it. In practice, older firewalls assume a maximum DNS message length of 512 bytes and may block longer DNS packets.

For additional information, refer to this microsoft article: Some DNS name queries are unsuccessful after you deploy a Windows Server 2003 or Windows Server 2008 R2-based DNS server

To resolve this issue, you need to disable the EDNS support on the Windows 2008 R2 DNS Server.

To disable ENDS, you can use any of the following:

Using command prompt

Execute the following command:

dnscmd /config /EnableEDNSProbes 0

 
Using the command prompt will not require a reboot. The change will take effect immediately.

Using the registry

  1. Open the Registry Editor.
     
    Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems
  2. Go to HKLM\SYSTEM\CurrentControlSet\services\DNS\Parameters
  3. Create a DWORD key "EnableEDNSProbes" and set its value to "0".
  4. Close the Registry Editor.
  5. Restart the DNS Server service for the changes to take effect.

If the above steps did not resolve the issue, then do the following:

  1. Download and run the CDT utility on the target host machine.
  2. Collect the CDT logs and send them to Trend Micro Technical Support.
Premium
Internal
Rating:
Category:
Update
Solution Id:
1056089
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.