Customer installing a DSA might encounter connectivity issues in Microsoft Cluster Environments.
This can either affect a Microsoft Failover File Cluster or a Microsoft SQL Cluster.
To resolve the issue:
- Unbind the passive (first) node using bindview.
- Select All Services from the Show Bindings For drop-down menu and expand the branches under the Agent Trend Micro Lightweight Filter Driver.
- Search for the binding path to MS cluster virtual adapter.
- Right-click the binding path and disable it.
- Test if the Deep Security Agent (DSA) can communicate with Deep Security Manager (DSM) by running an Eicar test.
- Failover the cluster to the passive (first) node.
- Uninstall the DSA from the former active (second) node. This step will disable the network connection for up to one minute.
- Reboot the server. The new passive (second) node should be able to join the cluster.
- Install the DSA on the second node.
- Create a customize firewall rule allowing incoming TCP/UDP port listed on 3343 and 49152-65535, and assign it to the target DSA. These ports are required for MS Cluster Service to allow multi-node communication between the MS Cluster Management Server and cluster nodes.
You may change the Source IP value to Incoming Traffic instead of Any.
The nodes should now be working normally. For more information, refer to this Microsoft article: Service overview and network port requirements for Windows.