Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Debugging procedures in Worry-Free Business Security (WFBS)

    • Updated:
    • 18 Aug 2016
    • Product/Version:
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 2008 Standard
    • Windows 2011 Small Business Server Standard
    • Windows 8 64-bit
Summary

Learn how to get debug logs to resolve issues that you may encounter in WFBS.

Details
Public

To turn on debug log in WFBS Security Server:

  1. Log on to the Security Server.
  2. Click the letter M under the word "TREND".
  3. Mark Enable debug log check box.
  4. Enter the Log Filename.
  5. Click Save.
    Security Server condole Debugging steps
  6. You will get "You have successfully turned debug on." message. Click Close.
 ModuleDebug Log location
Security ServerSecurity Server debug log (ofcdebug.log)Refer to log Filename you specified.
Active Update%ServerFolder%\Web\Service\AU_log\Tmudump.txt
--- Advanced ---
Server side
  1. Go to ..\PCCSRV\Admin.
  2. Modify the configuration file"aucfg.ini".
  3. Copy aucfg.ini to ..
    \PCCSRV\Web\Service folder.
  4. Add
    =======
    [debug]
    level=-1
    =======
    Default is 5.
  5. Restart the Security Server Master Service.
  6. Log path C:\TM\SS\PCCSRV\Web\Service\
    AU_Data\AU_Log \ TmuDump.txt
Install/Upgrade/Uninstall%WINDIR%\Temp\WFBS_Debug folder
In addition,ofcdebug.log if LogServer
is launched separately.
Smart Scan ServerUpdate%ServerFolder%\WSS\AU.ini
%ServerFolder%\WSS\FRSVersion.ini
%ServerFolder%\WSS\UpdatePattern.ini
%ServerFolder%\WSS\service.ini
%ServerFolder%\WSS\diagnostic.log
%ServerFolder%\WSS\Access.log
%ServerFolder%\WSS\AU_Data\AU_
Log\TmuDump.txt
%ServerFolder%\WSS\spsc\log\*.log

To turn on the debug log on the Security Agent:

  1. Go to client installation folder.
  2. Find and copy the following files to root C:\:
    1. ofcdebug.ini
    2. LogServer.exe
    3. TmDbg20.dll.
  3. Modify ofcdebug.ini under root C:\
    c:\ofcdebug.ini
    [debug]
    debuglevel=9
    debuglevel_new=d
    debugSplitSize=104857600
    debugRemoveAfterSplit=0
    debugSplitPeriod=24
    RequireFreeSpace=209715200
    debuglog=c:\Ofcdebug.log
  4. Double-click LogServer.exe to run debug.
 ModuleLog location
Client LogVirus log%ClientFolder%
\misc\pccnt35.log
Clean up log%ClientFolder%\report\YYYYMMDD.log 
Connection Status%ClientFolder%\ConnLog\Conn_xxxxxxxx.log
 
Login Script\Winnt\ofcNT.log
 
Upgrade%ClientFolder%\temp\upgrade.log
 
Smart Client%ClientFolder%\ssNotify.ini
%ClientFolder%\icrc.dat
%ClientFolder%\BF.ptn
 
ActiveupdateClient side
  1. Go \CSA root folder.
  2. Modify the configuration file“aucfg.ini”
    ( under\CSA root folder)
    Add
    =======
    [debug]
    level=-1
    =======
    Default is 5.
  3. Reload Client
  4. Log path C:\TM\CSA\AU_Log\TmuDump.txt
 
Client
Debug Log
Install/Upgrade/UninstallAll installation /upgrade methods: 
%WINDIR%\Temp\WFBS_Debug folder
In addition, for remote install:
ofcdebug.log on the SS
Upgrade failed from WFBS
5.x/6.x: \CSA\Temp\upgrade*.log
TSC
  1. Open %ClientFolder%\tsc.ini
  2. Change the value of "DebugInfoLevel" to "3".
  3. Save the file, and then reproduce.
    Debug log will be created at:
    %ClientFolder%\Debug\ TSCDebug.log
If DebugInfoLevel=4 or 5, you have to
replace tsc.exe with tsc_qa.exe which will
be provided by engine team.
 
VSAPI%systemroot%\tmfilter.log
  • Method 1: Use setdbg.exe
  • Method 2: Change registry below:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    services\TMFilter\Parameters\DebugLogFlags=0xFFFFFFFF
 
SSAPI
  1. Add a DWORD Value in the registry:
    1. Open the Registry Editor.
    2. Go to HKLM\Software\TrendMicro\
      PC-cillinNTCorp\Current Version\Misc.\
    3. Create a DWORD (32-bit) Value with
      the following values:
      1. Name: EnableSSAPILog
      2. Value Data: 1
  2. Collect C:\SSAPI.log and c:\ofcdebug.log.
 
PFW rule table
  1. Go to %ClientFolder%\, and type "TmPfw dump".
  2. Get the log "!PfwDump.txt" under %ClientFolder%.
 
Behavior Monitoring
  1. Add DWORD value in the registry:
    1. Open the Registry Editor.
    2. Go to HKEY_LOCAL_MACHINE
      \SOFTWARE\TrendMicro\AEGIS.
    3. Create a DWORD (32-bit) Value with the
      following values:
      1. Name: EnableSSAPILog
      2. Value Data: 1
  2. Reload CSA.
  3. Reproduce the issue. The AEGIS log
    will be created in ..\Trend Micro\BM\log
    folder on the client side. TMUFE log
    will be created in %SystemRoot%\system32\
    log folder on the client side.
  4. Collect the driver related logs below:
    1. C:\Windows\tmcomm.log
    2. C:\Windows\tmevtmgr.log 
 
Firewall
  1. Open %ClientFolder%\TmPfw.ini.
  2. Modify Enable=1 under InteractiveSession and ServiceSession,
    and then reproduce the issue.
  3. Collect the following logs:
    1. C:\temp\ddmmyyyy_NSC_TmPfw.log
    2. C:\ofcdebug.log 
 
POP3
mail scan
and IM
From TMAS:
  1. Open %ClientFolder%\TMAS_OL\TMAS_OL.ini,
    and then set debug=1.
  2. Open %ClientFolder%\TMAS_OE\TMAS_OE.ini,,br> and then set debug=1.
  3. Collect the Debug logs from the following locations:
    • <ProgramData>\Trend Micro\OL\Users\
      <user name>\log
    • On Windows XP, <ProgramData>=C:\Documents
      and Settings\All Users\Application Data
    • On Window Vista, <ProgramData> = c:\ProgramData\
Note: If TMAS has enable/disable problem, collect registry
in HKCU\Software\Microsoft\OEMonCtl and
HKCU\Software\Microsoft\Office\Outlook\Addins.


For TmProxy:
  1. Open %Program Files%\Trend Micro\Client Server
    Security Agent\TmProxy.ini with a text editor.
    (e.g. Notepad)
  2. Modify the entries as follows:
    [InteractiveSession] Enable=1
    [ServiceSession] Enable=1
  3. Collect C:\temp\ddmmyyyy_NSC_TmProxy.log.
 
Web Reputation
and URL Filtering
For Windows 7 and below:
For TMproxy:
  1. Open %Program Files%\Trend Micro\Security Agent\
    TmProxy.ini with a text editor. (e.g. Notepad)
  2. Modify the entries as follows:
    [InteractiveSession] Enable=1
    [ServiceSession] Enable=1
  3. Collect C:\temp\ddmmyyyy_NSC_TmProxy.log.
For TMTDI driver:
  1. Add tmtdi debug key into CSA registry key
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\tmtdi\parameters]
    "Debug"=dword:00001111
    "LogFile"="c:\temp\tmtdi.log"
  2. Reboot CSA machine.
For Win8/2012:
For Osprey/EE:
  1. Open %Program Files%\Trend Micro\Security Agent\
    TmOsprey.ini with a text editor. (e.g. Notepad)
  2. Modify the entries as follows:
    [InteractiveSession] Enable=1
    [ServiceSession] Enable=1
  3. Collect C:\temp\ddmmyyyy_EE_TmOsprey.etl.
  4. Use OspreyEtl2Txt tool to convert ETL file to TXT file.
    1. Unzip Tools_pwd_novirus.zip to C:\.
    2. Run command prompt as administrator.
    3. Run the following command:
      C:\OspreyEtl2Txt\[x86/x64]>TmOpEtl2txt.bat
      <etl filename><SA path>
      Example:
      TmOpEtl2txt.bat 2012-05-18_EE_TmOsprey.etl
      C:\Program Files\Trend Micro\Security Agent
 
Trend protectFor TMUFE log:
  1. Go to HKEY_CURRENT_USER\Software\TrendMicro\
    TrendProtect\1.0\
  2. Create the following:
    "TMUFE_LOG "=dword:00000001
    "TMUFE_LOG_LEVEL"=dword:00000005
    Log level is between 1-5.
  3. Collect the log from this location:
    C:\Program Files\Trend Micro\TrendProtect\
    MSIE\WRS_DEBUG.LOG\WRS_TMUFE.LOG
For WRS log
  1. Go to HKEY_CURRENT_USER\Software\
    TrendMicro\TrendProtect\1.0.
  2. Create the following:
    "WRS_LOG_LEVEL"=dword:00000003
     Log level is between 1-3.
  3. Collect the log from this location:
    C:\Program Files\Trend Micro\TrendProtect\
    MSIE\WRS_DEBUG.LOG
 
Transaction Protector
  1. C:\ofcdebug.log
  2. All registry keys and sub keys in HKLM\Software\TrendMicro\TrendSecure\
 
ReportCollect the following:
  1. ofcdebug.log
  2. \PCCSRV\log\ReportAgent.log
  3. \PCCSRV\Report\CSM\*
 
Installing EBS/
SBS plug-in
Collect the following:
  1. OFCMAS.log
  2. PCCSRV\temp\SBS2008ConsoleMSISetup.log or
    PCCSRV\temp\ EBS2008ConsoleMSISetup.log
 
EBS/SBS
administration console
  1. Set the value of HKLM\Software\TrendMicro\
    Officescan\WindowsConsole\EnableLog to "1".
    Note: This should be a 64-bit key, not a 32-bit key.
  2. Collect the following:
    1. ofcdebug.log on the Security Server (SS). 
    2. %Program Files%\Windows Small Business Server\bin\TrendMicro.SMB.
      Cougar.Console.Securit.log or %Program
      Files%\Windows Essential Business Server\
      TrendMicro.SMB.Centro.Console.Securit.log.
 
PLMServer side:
  1. Install: PCCSRV\PLMLog.txt
    Uninstall: %TEMP%\PLMLog.txt
    Note: This will not generate the log if PLM is
    uninstalled from Add/Remove Programs
  2. C:\ofcdebug.log
Client side:
  1. C:\ofcdebug.log
  2. tmudump
 
ActiveSupportC:\OfficeScan NT\ActiveSuppot .txt
 
TMAS Toolbar
  1. Open %ClientRoot%\TMAS\TMAS_OL\TMAS_OL.ini.
  2. Change the value of "Debug" to "1".
  3. Reproduce the issue.
  4. Collect the log from the following location:
    C:\ProgramData\Trend Micro\OL\Users\
    <User mail account>\log\*.log
 

Messaging Security Agent:

 ScenarioLog Location
MSA LogInstall/Uninstall/Upgrade\\source server\%WinDir%\OFCMAS.LOG
\\source & target servers\%WinDir%\Temp\*.log
\\source & target servers\%TEMP%\*.log
\\target server\<MSA>\SMEX_DatabaseCreation.log
\\target server\<MSA>\web_server_info.ini
\\target server\<MSA>\Debug\*.log
\\GC, DC, DNS, source and target servers\Application event logs
\\GC, DC, DNS, source and target servers\System event logs
\\source and target servers\ ==> IIS Manager ==> %WinDir%\system32\LogFiles\*\*.logs
\\target server\ ==> regedit ==> HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Exchange\*
\\source and target servers\ ==> ipconfig /all ==> everything on the screen
Others\\source server\ ==> Turn on SS debug log, reproduce bugs, collect SS debug logs and then turn off SS debug log
\\target server\ ==> Turn on MSA debug log, reproduce bugs, collect <MSA>\Debug\*.log and then turn off MSA debug log
\\target server\<MSA>\web_server_info.ini
\\GC, DC, DNS, source and target servers\Application event logs
\\GC, DC, DNS, source and target servers\System event logs
\\source and target servers\ ==> IIS Manager ==> %WinDir%\system32\LogFiles\*\*.logs
\\target server\ ==> regedit ==> HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Exchange\*
\\source and target servers\ ==> ipconfig /all ==> everything on the screen

To turn on/off debug for MSA:

MSA debugging

Turn on RM Agent debug log step:

  1. Go to the installation folder of WFRM agent (e.g C:\Program Files\Trend Micro\WFRMAgentForWFBS).
  2. Find and open the AgentLocalConfig.xml.
  3. Enable the Debug log level to ALL.

    Example:
    <DebugLogLevel>LL_FOR_ALL</DebugLogLevel>
    PS: Original level: <DebugLogLevel>LL_FOR_ERROR</DebugLogLevel>
  4. Restart the WFRM Agent Service.

Below is the WFRM Agent debug log path:

<RM Agent Installed folder>\log (e.g. C:\Program Files\Trend Micro\WFRMAgentForWFBS\log)

If LMP-RM automatic agent installation fails, follow the debug procedure below.

If RM agent fails to install automatically, collect debug log information from the server.

  1. Make sure that the following requirements are met:
    • WFBS 9.0 and later version
    • Hotfix 1070 or 1068 is installed

      When troubleshooting Licensing Management Platform (LMP):
      Verify if the activation code used is issued from a valid LMP account.

      To verify the AC:
      Go to Preferences > Product License. Replace the AC with an LMP WFBS issued license.

  2. Uninstall any existing TMR agent.
  3. Turn on debug log in WFBS Security Server.
    1. Log on to the Security Server.
    2. Click the letter M under the word "TREND".
      WFBS Security Server console
    3. Tick the "Enable debug log" option.
    4. Enter the log file name.
    5. Click Save.
    6. Trigger Remote Manager Agent Installation
      1. Modify the registry below.

        For x64 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro
        \OfficeScan\service\PrThread Set PerformPrCheckNow (DWORD) to 1

        For x86 HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro
        \OfficeScan\service\PrThread Set PerformPrCheckNow (DWORD) to 1
      2. Refresh the Regedit page and wait for the DWORD to change to "0".
      3. Wait for a few minutes. The TMRM Agent installation process will start automatically.
    7. Disable debug.
    8. Search and submit ofcdebug.log to Trend Micro if RM agent fails to install.
TypeOSlog location
System Event LogAll 
GPF2000C:\Documents and Settings\All Users\Documents\DrWatson\drwtsn32.log
C:\Documents and Settings\All Users\Documents\DrWatson\user.dmp
XP/2003 (drwtsn32.exe)C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Dr Watson\user.dmp
Application ErrorXP/2003C:\Documents and Settings\$Current Users\Local Settings\temp\WER#.tmp.dir\appcompat.log
C:\Documents and Settings\$Current Users\Local Settings\temp\WER#.tmp.dir\RtDict.exe.mdmp
BlueScreen2000C:\WinNT\memory.dmp
C:\WinNT\Mini####.dmp
XP/2003/2008 and aboveC:\Windows\memory.dmp
C:\Windows\Mini####.dmp
IIS2000C:\winNT\system32\LogFiles\W3SVC1\exYYMMDD.log(when use virtual web site)
C:\winNT\system32\LogFiles\W3SVC3\\exYYMMDD.log(when use virtual web site)
2003C:\winodws\system32\LogFiles\W3SVC1\exYYMMDD.log(when use virtual web site)
C:\winodws\system32\LogFiles\W3SVC3\\exYYMMDD.log(when use virtual web site)
2008 and aboveC:\inetpub\logs\LogFiles\W3SVC1 (when using default website)
C:\inetpub\logs\LogFiles\W3SVC_  (when using virtual website; check Site # of OfficeScan in IIS Manager).
Premium
Internal
Rating:
Category:
Configure; Deploy; Install; Migrate; Purchase
Solution Id:
1061374
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.