The following error message appears when logging in to the Intrusion Defense Firewall web console inside the OfficeScan Plug-in Manager section:
Unable to open Intrusion Defense Firewall interface. The plug-in could not validate the session. Please see the server0.log in the installation directory for more information.
The server0.log file in the C:\Program Files\Trend Micro\OfficeScan\AddOn\Intrusion Defense Firewall\ folder has a lot of the following entry:
SEVERE: Exception caught attempting to start a job search.
java.sql.SQLException: Could not allocate space for object 'dbo.managermessages'.'PK__managermessages__251C81ED' in database 'IDF' because the 'PRIMARY' filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.
If the server0.log file has the entry "Unable to grant access", please check KB article: Unable to open Intrusion Defense Firewall interface - Unable to grant access.
This problem is more common on Intrusion Defense Firewall (IDF) Servers that are using the built-in Microsoft SQL Express for its database. The issue occurs because the SQL database has a disk size limitation of 4GB only. The large volume of IDF Agent logs/events recorded on the database pushes the disk size to reach the limit.
When the limit is reached, IDF can no longer perform new database transactions including any log in attempt to the web console.
You can address this issue by optimizing the IDF log retention. Follow the steps below:
Optimize the IDF log retention using these steps.
- Open a command prompt on the IDF Server and change directory to C:\Program Files\Trend Micro\OfficeScan\AddOn\Intrusion Defense Firewall\.
Execute the following commands to reset the logs from the database.
idf_c -action resetevents -type all
idf_c -action resetcounters
- Stop the Intrusion Defense Firewall service.
Log in to the SQL Express server using the SQL Management Studio Express.Microsoft SQL Management Studio Express should be installed on the IDF server. You can download Microsoft SQL Management Studio Express from Microsoft.
- Expand the Databases and select the IDF database.
- Choose to Shrink the Database, and then the Files of the IDF database.
- Start the Intrusion Defense Firewall service.
- Check if you can now log in to the IDF web console.
Once log in is successful, use the following settings to optimize the log retention in the IDF database:
- Open the IDF console, go to Firewall > Stateful Configuration > Enable Stateful Inspection.
- Enable stateful logging on ICMP and UDP requests.
- Go to under System > System Settings > Firewall and DPI.
- Generate Firewall Events for packets that are 'Out of Allowed Policy'.
- Go to under System > System Settings > System.
- Set the Prune settings to 7 days or less for the different Events and Counters.