Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Cannot activate the Deep Security Agent (DSA) on Amazon Web Services (AWS)

    • Updated:
    • 6 Feb 2014
    • Product/Version:
    • Deep Security as a Service 2.0
    • Platform:
    • Windows 2008 Server R2
    • Windows 7 64-bit
Summary
This article discusses the common causes of failure to activate the Deep Security Agent (DSA) on Amazon Web Services (AWS).
Details
Public
Scenario 1: Unable to ativate the DSA from Deep Security Manager (DSM) console
Possible Causes:
  • Communication direction is set to Agent/Appliance Initiated.
    If you want to activate DSA from the DSM console, the communication direction should be set to Bidirectional.
    To check the communication direction settings:
    From the DSM console, go to the Policy tab. Click Policy on the left pane and then select a policy. Cick Settings > Computer > Bidirectional.
  • The DSM cannot contact DSA on port
    By default, port 4118 is not open on the security group (firewall) of AWS. To activate from the DSM console, the DS agent must be able to communicate on port 4118.
    To allow 4118 on the security group of AWS:
    1. Open the AWS web console.
    2. Go to Network and Security.
    3. Select Security Group.
    4. Under TCP Port (Service), check if 4118 is listed. If not, select Create a rule oadd.
      To verify, you can telnet to the machine to verify communication on port 4118.
  • The DSA Service is disabled.
    The DSA activation will fail if the DSA service is disabled.
    To verify, go to the Window Services console and ensure that all DSA services are enabled.
Scenario 2: Unable to activate the DSA agent from the command line utility
To activate DSA from the command utility, you need to generate a script from the DSM console.
For more information on how to generate a script for DS agent installation, refer to the following topic: Deploying agents in AWS.
Possible causes:
  • The communication direction is set to Manager Initiated.
    To resolve the issue, set the communication direction to Agent/appliance –initiated or Bidirectional.
  • The setting Allow Agent-initiated activation is not enabled.
    From the DSM console, go to Administration > System settings > Agents. Tick the box Allow Agent activation—for any computers.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1102164
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.