Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Certificate-related issues after OfficeScan (OSCE) 10.6 Service Pack (SP) 3

    • Updated:
    • 8 Dec 2016
    • Product/Version:
    • OfficeScan 10.6
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Platform:
    • Windows 10 32-bit
    • Windows 10 64-bit
    • Windows 2003 Datacenter 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Server R2
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Datacenter
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server Core
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Enterprise R2
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Essentials
    • Windows 2012 Standard
    • Windows 2012 Standard R2
    • Windows 2012 Web Server Edition
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Home
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary

Starting with OSCE 10.6 SP3, Trend Micro has used Comodo certificates for digital signature verification.

If the OfficeScan server and client have Windows update disabled or are placed in isolated network environments, it may not obtain Comodo certificates for their trusted certificate store.

For the OSCE server and client machines which do not have these certificates, the following issues may occur:

  • You are unable to install the ActiveX components of the OfficeScan web console, which makes it inaccessible.
    A prompt says that the AtxEnc.cab is signed by an Unknown Publisher and the file is blocked because it does not have a valid digital signature that verifies its publisher.
  • OfficeScan clients remain in "Updating" state and fail to get their updates from the server.
  • The OfficeScan server cannot verify the agents' digital signatures during Inter-Process Communication (IPC).
Details
Public

These issues occur when OSCE is installed on a Windows machine without direct Internet connection for downloading certificate updates.

To resolve this issue:

  1. Download the root and intermediate certificates from the following Comodo links:
  2. Install each certificate on the affected OSCE server.
  3. Open the certificate and click the Install Certificate button.

  4. Click Next when the Certificate Import Wizard appears.
  5. For Windows 2012, select Local Machine and click Next.
  6. Select Place all certificates in the following store and click Browse.
  7. Check the Show physical stores > Trusted Root Certification Authorities > Local Computer, and then click OK.

  8. Click Finish. "The import was successful message" should appear.

  9. Repeat the steps above for the other certificates.

The certificate-related issues should be resolved.

If manually adding the Comodo certificates and performing a Windows Update does not work, check for a Group Policy Object (GPO) that turns off Automatic Root Certificates Update:

  1. Go to Computer Configuration > Policies > Administrative Templates > System > Internet Communication Management > Internet Communication Settings > "Turn off Automatic Root Certificates Update".
  2. Make sure that the value is set to "Not configured" (default value).
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1099410
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.