PolicyServer MMC is unable to connect to the server

If you are connecting remotely, enter the NETBIOS name or IP address of the remote PolicyServer.

If you are connecting locally, enter the localhost.

1. Remote Desktop into the SQL Server.
2. Click Start > Run > Services.msc.
3. Scroll down to MSSQLServer (or MSSQL$Instance if running in an instance install) and ensure it is started.
4. Click Start > Run > SvrNetCn.exe.
5. Ensure that Named Pipes and TCP/IP are in the Enabled Protocol section of the General tab and that the instance selected is the same instance that the Mobile ArmorDB/Log are installed under.
6. If any changes are made, restart the SQL Service.

1. Open Windows Explorer and locate the directory you installed the PolicyServer Service. By default, this is C:\Program Files\Mobile Armor\PolicyServer.
2. Double-click DiagnosticsMonitor.exe.
3. In the Admin Tool under PolicyServer Process, click Start and Logging On.
4. Click Log File: On and save the file to the desktop. Use a naming convention that is familiar to you.
5. Click Start > Run > Services.msc.
6. Scroll down to PolicyServer Windows Service and restart the service.
7. Search the file that is generated for database connected. If this is unavailable in the log file, send the log file to Trend Micro Technical Support.

Copy and paste the link http://localhost/mawebservice2/service.asmx into a web browser on the Application Server. If the picture code does not appear, or you receive a runtime error message, IIS is not running properly.

1. Click Start > Control Panel.
2. Click Add Remove Windows Components.
3. Click Application Server > Details.
4. Ensure ASP.net is checked.
5. Click Internet Information Services (IIS) and click Details.
6. Find World Wide Web Service in the list and click Details.
7. Ensure Active Server Pages is checked.
8. Click OK three times then click Next. You may be required to insert a Windows Server CD at this time.

1. Click Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.
2. Expand Web Sites > Default Web Site.
3. Right-click MAWebService2 and choose Properties.
4. Click Directory Security and click Edit on Authentication and Access Control.
5. Ensure Enable Anonymous Access is checked.
6. Ensure Integrated Windows authentication is checked.
7. Click OK.
8. Restart IIS.

1. From the server where the Full Disk Encryption Web Service is installed, open a Command Prompt.
2. Navigate to windir%\Microsoft.NET\Framework\v1.1.4322.
3. Execute the command aspnet_regiis.exe – i to re-register ASP.NET.
4. Attempt to browse to http://localhost/mawebservice2/service.asmx.

1. Browse to C:\Inetpub\wwwroot\MAWebService2\Web.config file.
2. Change the Customer errors line to <customErrors mode="Off" />
3. Attempt to log into the PolicyServer again.
4. Review the error on the page for possible causes or copy and paste the pages contents and send to Trend Micro Technical Support.

1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
2. Expand Computer Name > Websites > Default Website.
3. Right-click MAWebService2 and select Permissions.
4. If Network Service is in the list, click the Full Control Permission for this account.
   If the Network Service account is not in the list click Add > Type Network Service > Click Check Names > OK > Grant the Account Full Control Permission.
5. Click OK.

1. Click Start > Run > Services.msc.
2. Stop the IIS Admin Service.
3. Start the IIS Admin Service.
4. Open IIS Manager.
5. Start the Default Web Site.
6. Attempt to browse to http://localhost/mawebservice2/service.asmx.

1. Click Run, then type “services.msc” and press ENTER.
2. Scroll down to PolicyServer Windows Service and stop the service. If not using Single Sign-On, skip to step 7.
3. Double-click the service.
4. Click the Log On tab.
5. Ensure This Account radio button is marked.
6. Ensure the user running the service has Domain Administrator rights on the domain.
7. Retype the password to receive a confirmation that the user is allowed to run the service.
8. Start the service.
9. Reinstall the PolicyServer Windows Service.

• Group Policy denied guest logon on the server.
• The IUSER and IWAM account were members of the guest group.
• Remove the IUSER and IWAM accounts from that group, and move them into the Users group.
• Modify the GPO to allow the "Network Service" account to have read permission on \Windows\Temp folder.
• Below is an example of a Group Policy which works:

  Computer Configuration
  Windows Setting
  Security Setting
  Local Policies
  User Rights Assignment - (The user whose rights are being modified is the same user whom you have set to run the PolicyServer Windows Service).
  Access this computer from the network
  Act as part of the operating system
  Log on Locally
  Bypass traverse checking
  Impersonate a client after authentication
  Lock pages in memory
  Log on as service
  Replace a process level token
  Take ownership of files or other objects

  Computer Configuration
  Windows Setting
  Security Setting
  Local Policies
  Security Options
  Network security: LAN Manager Authentication Level
  Send LM & NTLM responses
  Network security: LDAP client signing requirement level
  Negotiate signing

  Windows Setting
  Security Setting
  System Services
  ASP.NET State Service – Automatic
  Distributed Transaction Coordinator – Automatic
  Event Log – Automatic
  HTTP SSL – Automatic
  IIS Admin Service – Automatic
  SMTPSVC – Automatic
  World Wide Web Publishing Service – Automatic
  PolicyServer Windows Service - Automatic
  MSSQLServer - Automatic
  SQLServerAgent – Automatic

  Windows Setting
  Security Setting
  File System
  %SystemRoot%\Microsoft.NET\Framework\v1.1.4322
  (Service account needs full control)