This article provides the tested OfficeScan 10.6 installation process to cluster environment.
Here is an image of a standard cluster installation:
Do the following to install OfficeScan 10.6 on Windows 2008 R2 cluster environment:
- Go to Administrative Tools and open the Server Manager.
- Click Features > Add Features.
- In the selection screen, select Failover Clustering.
- Finish adding features on two machines.
- Configure witness disk and share disk. For details, refer to Failover Cluster Deployment Guide.
At the end of this process, you should see both nodes in the Cluster.
- Execute setup.exe from the OfficeScan 10.6 installation folder.
The Setup Welcome screen appears. Click Next.
- Accept the license agreement and click Yesto set IIS to 32-bit mode.
- The Client Deployment screen appears. Click Next to acknowledge the OfficeScan agent installation size.
- The OfficeScan Server Settings screen appears. Click Nextsince this is a new installation.
- The Installation Destination screen appears. Select On this computer and then click Nextto install on this server.
- Select Scan the target computer on the Computer Prescan screen, and then click Next.
- Enter the installation path in your share disk and then click Next.
- Enter the proxy server details, and then click Next.
- Select to install to IIS virtual website. Set the HTTP port to 8880 and the SSL port to 4343. Click Next.
- Select to install OfficeScan with the FQDN of the cluster, and then click Next.
- The Product Activation screen appears. Click Next to continue.
- Enter the OfficeScan 10.6 activation codes, and then click Next.
- Select to install the integrated server, and then click Next.
- Select No to disable the Web Reputation Service, and then click Next.
- Enable the OfficeScan client installation, and then click Next.
- Enable the Trend Micro Smart Feedback to prevent information being sent to Trend Micro. Click Next to continue.
- Set the password for the root account for the web console, and for unloading and uninstalling the OfficeScan client. Click Next.
- Set the client port and the security level to High. Click Next.
- Enable the Firewall, and then click Next.
- Enable assessment mode for Anti-spyware. Click Next to proceed.
- Enable the Web Reputation Policy, then click Next.
- Select the Start Menu folder where the OfficeScan shortcut will be created. Click Next.
- Click Install to proceed with the installation.
- Click Finish to complete the installation.
- Go to Administrative Tools and open the Internet Information Service (IIS) Manager.
- Select the OfficeScan virtual site.
- Click Authentication then edit Anonymous Authentication. You must input a domain service account.
- Change the folder permission according to the following:
where: R = read; W = write; M = modify; X = execute
Folder (includes subfolder and files) Folders and files permission for Domain account K:\Program Files\Trend Micro\OfficeScan\PCCSRV\Download R K:\Program Files\Trend Micro\OfficeScan\PCCSRV\TEMP RWMX K:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web R K:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web_console\CGI RX K:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall RWMX K:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI RWMX
- Change the Startup Type for the OfficeScan Master Service from Automatic to Manual on both notes by clicking Start > Administrative Tools > Services.
- Download this cluster failover script and save it to c:\windows\system32\inetsrv on each node. Edit the clusweb7.vbs script as need to specify the site name and application pool.
Refer to Microsoft article Configuring IIS 7.0 World Wide Web Publishing Service in a Microsoft Windows Server 2008 failover cluster.
You can verify the Application Pool and site names from the Internet Information Services (IIS) Manager.
- Under Administrative Tools, open Failover Cluster Management and then click Applications.
- Under Select Service or Application, click Generic Script and then click Next.
- Input the full path and file name of the script file saved in Step 6 (Configure OfficeScan Clustering section). This should be:
- Under Client Access Point on the left pane, configure the Access point name and IP address for the service.
- Under Select Storage on the left pane, select the shared disk where the OfficeScan server is installed, and then click Next.
- Select the new resource added in previous steps, right-click on it and then select Add a resource > Generic Service.
- Select the OfficeScan Master Service from the list and then finish the wizard.
- Repeat Step 12 (Configure OfficeScan Clustering section) and select OfficeScan Active Directory Integration Service.
- On the OfficeScan Active Directory Integration Service, select Properties > Dependencies tab > Insert.
- Select OfficeScan Master Service > OK to finish insert.
- Select OfficeScan Master Service then click Properties > Dependencies tab > Insert.
- Add the Service Name and shared disk where the OfficeScan server is installed as dependencies.
- Click the Registry Replication tab, then click Add.
- Type in the following keys:
- SOFTWARE\Wow6432Node\TrendMicro\Database Backup
- Select OfficeScan Master Service then click Bring This Resource Online.
- Select OfficeScan Active Directory Integration Service then click Bring this Resource Online.
- Select the resource, right-click on it and click Add a shared folder.
- Browse the location and set this to the ..\PCCSRV folder. Click Next.
- Tick the No, do not change NTFS permissions radio button and then click Next.
- Change the share name to "OFCSCAN" and then click Next.
- Set the administrators to have full control and everyone else must be read only permissions, then click Next.
- Click Create on the Review Settings and Create Share screen.
- Click Close.
- Verify the changes under the Cluster Shared Folders.
In a cluster environment, there will be multiple NICs associated with each node. There will be a primary cluster NIC which contains the virtual IP address of the application. and the client will go offline.
The OfficeScan client is designed to acquire the IP address from the primary NIC for registration to the OfficeScan server. When the node is inactive, the primary IP address will be a private 169 address. This will cause the OfficeScan server to lose communication with the client
To address this, add a new registry key to specify the actual address of the node to the OfficeScan server.
- Open the Registry Editor. Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
- Go to HKLM\Software\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion.
- Add a new String value: IP template:
- Edit the String Value of IP Template and add the IP address that the OfficeScan client will present to the OfficeScan server. This IP address should always be reachable to the OfficeScan server.
- Restart the OfficeScan Listener service for the changes to take effect.