On servers with multiple NICs where one (1) NIC is used for internal networks (e.g. CIFS/NAS) and no default gateway is set, the Deep Security Manager (DSM) uses this NIC to communicate with the agent during the activation process, hence, the activation fails.

As a workaround to the issue, instruct the DSM to communicate to VMs via the hostname instead of the IP address supplied by the vCenter. By default, DSM uses the IP address to communicate with the agent, which is normally the last NIC adapter added to the virtual machine (VM).

For DSM to communicate with the VM via hostname, use the dsm_c tool. Go to C:\Program Files\Trend Micro\Deep Security Manager and run the following command:

dsm_c -action changesetting -name configuration.connectionSchemeVM -value 0

Where the connectionSchemeVM values are:

0 = to use hostname
1 = to use IPs (default)

Sample result:

Stopping Trend Micro Deep Security Manager...
Setting: configuration.connectionSchemeVM saved.
Starting Trend Micro Deep Security Manager...
Complete
 
C:\Program Files\Trend Micro\Deep Security Manager>

In order for this to work, you must have a working DNS and the DSM should be able to resolve the VMs’ hostnames to the IP addresses that the DSM can reach.