Verify that the server and Security Agents are able to communicate successfully. These steps will benefit the following:
- Isolating pattern and scan engine update issues
- Troubleshooting clients/agents that appear offline or disconnected, or are missing in the console
- VPN connection check
For WFBS 7.0, refer to the article: Performing connection checks.
To investigate communication issues between the server and the agent, you need to verify the connection:
- Use the same server and client/agent for all the steps.
- Make sure to take screenshots of all the results you get.
- To enable the telnet command in Windows 7, follow the steps in the Microsoft article: Enabling telnet client in Windows 7.
- From the Security Server, ping the IP address of the client/agent that has the issue.
- On the Client Security Agent, open the Registry Editor (regedit.exe).
In 64 bit environments, the product is always found in the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Note\TrendMicro\PC-cillinNTCorp\CurrentVersion hive.
- Go to the HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion hive and take note of the value for the registry key "LocalServerPort". This is the client/agent port. Use the decimal value.
- Go back to the Security Server, then open a command prompt and run this command:
telnet<space><client IP address><space><value of the client port>
- Open Internet Explorer then type the following in the address bar:
http://<client's IP address>:<local server port>/?CAVITExample: http://192.168.16.10:12345/?CAVIT
If you get a result "!CRYPT!...", it means that the port is open in the client/agent and the connection from server to client/agent should work. Otherwise, there is a problem with the connection.
- On the Client Server Security Agent, open the Registry Editor (regedit.exe).
- Go to the HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion hive and take note of the values of the following registry keys:
- "Server" - This is the server name the /agent is reporting to.
- "ServerPort" - This is the server port number of the Security Server. Use the decimal value.
- If you are using WFBS 8.0 and 9.0, perform steps a-d. Otherwise, go to Step 9.
Steps 8a-8d are only necessary for issues with the Smart Scan feature, which is only available in WFBS versions 7.0 and above.
- Go to the HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\iCRC\Scan Server hive.
- Take note of the value for the "LocalScanServerUrl" registry key. This is the server name of the client/agent.
- To verify if the Smart Scan server is available, open Internet Explorer, then type the following URL in the address bar:
If the browser returns a File Download Security Warning pop-up window, the Scan Server is enabled and accessible:
File Download: Security Warning
Do you want to save this file?
Type: Unknown File Type, 4 bytes
When using this test, the "Do not save encrypted page to disk" setting must be disabled as shown below. Otherwise, the test will fail.
Make sure to use the port you find in your registry:
For WFBS 8.0 or 9.0 the port normally found in the registry is 8082.
- Go to Step 10.
- From the agent, ping the server name of the Security Server.
telnet<space><server name><space><value of the server port>For the server name, make sure to use the full name you find in the registry key "Server".
To enable the telnet command in Windows 7, follow the steps in the Microsoft article: Enabling telnet client in Windows 7.
- Open Internet Explorer then type the following URL in the address bar:
- For OfficeScan: "http://<server name>:<value of the server port>/officescan/cgi/cgionstart.exe"
- For WFBS: "http://<server name>:<value of the server port>/SMB/cgi/cgionstart.exe"
If the next screen shows "-2", this means the client/agent can communicate with the server. Otherwise, there is a problem with the connection.
- Send the screenshots of the results to Trend Micro Technical Supportfor further analysis.
For WFBS 7.0 or later, also send the file you obtained in Step 8c.
For offline agents, run the following command to check if the tmlisten port is open:
netsh firewall show state