Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

PolicyServer MMC is unable to connect to the server

    • Updated:
    • 17 Feb 2015
    • Product/Version:
    • Endpoint Encryption 3.1 PolicyServer
    • Platform:
    • Windows 2003 Enterprise
Summary

This article outlines the troubleshooting procedures for connection issues with PolicyServer.

Details
Public

You should test the connectivity after completing each procedure to check if you need to continue with the next.

If you are connecting remotely, enter the NETBIOS name or IP address of the remote PolicyServer.

If you are connecting locally, enter the localhost.

  1. Remote Desktop into the SQL Server.
  2. Click Start > Run > Services.msc.
  3. Scroll down to MSSQLServer (or MSSQL$Instance if running in an instance install) and ensure it is started.
  4. Click Start > Run > SvrNetCn.exe.
  5. Ensure that Named Pipes and TCP/IP are in the Enabled Protocol section of the General tab and that the instance selected is the same instance that the Mobile ArmorDB/Log are installed under.
  6. If any changes are made, restart the SQL Service.
  1. Open Windows Explorer and locate the directory you installed the PolicyServer Service. By default, this is C:\Program Files\Mobile Armor\PolicyServer.
  2. Double-click DiagnosticsMonitor.exe.
  3. In the Admin Tool under PolicyServer Process, click Start and Logging On.
  4. Click Log File: On and save the file to the desktop. Use a naming convention that is familiar to you.
  5. Click Start > Run > Services.msc.
  6. Scroll down to PolicyServer Windows Service and restart the service.
  7. Search the file that is generated for database connected. If this is unavailable in the log file, send the log file to Trend Micro Technical Support.

Copy and paste the link http://localhost/mawebservice2/service.asmx into a web browser on the Application Server. If the picture code does not appear, or you receive a runtime error message, IIS is not running properly.

  1. Click Start > Control Panel.
  2. Click Add Remove Windows Components.
  3. Click Application Server > Details.
  4. Ensure ASP.net is checked.
  5. Click Internet Information Services (IIS) and click Details.
  6. Find World Wide Web Service in the list and click Details.
  7. Ensure Active Server Pages is checked.
  8. Click OK three times then click Next. You may be required to insert a Windows Server CD at this time.
  1. Click Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.
  2. Expand Web Sites > Default Web Site.
  3. Right-click MAWebService2 and choose Properties.
  4. Click Directory Security and click Edit on Authentication and Access Control.
  5. Ensure Enable Anonymous Access is checked.
  6. Ensure Integrated Windows authentication is checked.
  7. Click OK.
  8. Restart IIS.
  1. From the server where the Full Disk Encryption Web Service is installed, open a Command Prompt.
  2. Navigate to windir%\Microsoft.NET\Framework\v1.1.4322.
  3. Execute the command aspnet_regiis.exe – i to re-register ASP.NET.
  4. Attempt to browse to http://localhost/mawebservice2/service.asmx.
  1. Browse to C:\Inetpub\wwwroot\MAWebService2\Web.config file.
  2. Change the Customer errors line to <customErrors mode="Off" />
  3. Attempt to log into the PolicyServer again.
  4. Review the error on the page for possible causes or copy and paste the pages contents and send to Trend Micro Technical Support.
  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. Expand Computer Name > Websites > Default Website.
  3. Right-click MAWebService2 and select Permissions.
  4. If Network Service is in the list, click the Full Control Permission for this account.
    If the Network Service account is not in the list click Add > Type Network Service > Click Check Names > OK > Grant the Account Full Control Permission.
  5. Click OK.
  1. Click Start > Run > Services.msc.
  2. Stop the IIS Admin Service.
  3. Start the IIS Admin Service.
  4. Open IIS Manager.
  5. Start the Default Web Site.
  6. Attempt to browse to http://localhost/mawebservice2/service.asmx.
  1. Click Run, then type “services.msc” and press ENTER.
  2. Scroll down to PolicyServer Windows Service and stop the service. If not using Single Sign-On, skip to step 7.
  3. Double-click the service.
  4. Click the Log On tab.
  5. Ensure This Account radio button is marked.
  6. Ensure the user running the service has Domain Administrator rights on the domain.
  7. Retype the password to receive a confirmation that the user is allowed to run the service.
  8. Start the service.
  9. Reinstall the PolicyServer Windows Service.
  • Group Policy denied guest logon on the server.
  • The IUSER and IWAM account were members of the guest group.
  • Remove the IUSER and IWAM accounts from that group, and move them into the Users group.
  • Modify the GPO to allow the "Network Service" account to have read permission on \Windows\Temp folder.
  • Below is an example of a Group Policy which works:

    Computer Configuration
    Windows Setting
    Security Setting
    Local Policies
    User Rights Assignment - (The user whose rights are being modified is the same user whom you have set to run the PolicyServer Windows Service).
    Access this computer from the network
    Act as part of the operating system
    Log on Locally
    Bypass traverse checking
    Impersonate a client after authentication
    Lock pages in memory
    Log on as service
    Replace a process level token
    Take ownership of files or other objects

    Computer Configuration
    Windows Setting
    Security Setting
    Local Policies
    Security Options
    Network security: LAN Manager Authentication Level
    Send LM & NTLM responses
    Network security: LDAP client signing requirement level
    Negotiate signing

    Windows Setting
    Security Setting
    System Services
    ASP.NET State Service – Automatic
    Distributed Transaction Coordinator – Automatic
    Event Log – Automatic
    HTTP SSL – Automatic
    IIS Admin Service – Automatic
    SMTPSVC – Automatic
    World Wide Web Publishing Service – Automatic
    PolicyServer Windows Service - Automatic
    MSSQLServer - Automatic
    SQLServerAgent – Automatic

    Windows Setting
    Security Setting
    File System
    %SystemRoot%\Microsoft.NET\Framework\v1.1.4322
    (Service account needs full control)

Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy; Install; Upgrade
Solution Id:
1059710
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.