Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unable to access the OfficeScan console from Control Manager (TMCM) / Apex Central 2019 when using SSO

    • Updated:
    • 29 May 2019
    • Product/Version:
    • Apex Central 2019
    • Control Manager 7.0
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Standard
    • Windows 2012 Server R2
    • Windows 2016 Server

When users cannot access the OfficeScan management console from TMCM/Apex Central, the following error message appears:

  1. The managed product does not use HTTPS for communication. Connection to the managed product will not use a secure channel. That means data will be transmitted as plain text.
  2. Click Yes to proceed.
  3. Do you want to proceed?
  4. Do not show this message again.

When the OK button is clicked, subsequent error message is displayed:

Cannot log on to OfficeScan server due to one of the following reasons:
Public key is missing.
Please check that the public key of the Control Manager server exists on the OfficeScan server.
Please copy the public key to the OfficeScan server if the public key is missing.
Management Communication Protocol (MCP) Agent is not running on OfficeScan server.
Please start the MCP Agent on the OfficeScan server.
User privilege is not properly configured on the OfficeScan server
Please configure the required privilege for this user on the OfficeScan server.
Click here to open this OfficeScan server console in a new window.

To isolate this issue, the following troubleshooting steps were performed:

  • Verified that OfficeScan is registered and that the CMAgent service is running.
  • Verified the account privilege.

However, these steps did not resolve the issue.


To resolve this issue:

  1. Create a super user account in OfficeScan by following the steps in this article: Single-Sign On (SSO) is not working in OfficeScan 10
    Make sure that the passwords are the same.
  2. Copy the SSO_PKI_PublicKey.pem file from the TMCM/Apex Central server folder to the OfficeScan server folder:
    • TMCM/Apex Central server folder: ..\Trend Micro\Control Manager\WebUI\download
    • OfficeScan server folder: ..\Trend Micro\OfficeScan\PCCSRV\CmAgent\key
    Log in as super user account on the TMCM/Apex Central server using the SSO.

If the solution above did not resolve the issue, do the following:

  1. Create a backup of the following file:

    C:\Program Files\Trend Micro\Control Manager\WebUI\download\SSO_PKI_PublicKey.pem

  2. Open a command prompt and change the current working directory to ..\Control Manager\Certificate\.
  3. Run the command below:

    openssl rsa -in SSO_PKI_PrivateKey.pem -pubout -out "C:\Program Files\Trend Micro\Control Manager\WebUI\download\SSO_PKI_PublicKey.pem"

  4. Unregister and reregister the OfficeScan server from/to the TMCM/Apex Central server.
Configure; Troubleshoot
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.