Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"Error 403 Forbidden" appears when installing Deep Security Agent (DSA) on AWS Cloud VM with a proxy connection

    • Updated:
    • 15 Mar 2016
    • Product/Version:
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • Amazon AMI 32-bit
    • Amazon AMI 64-bit
Summary

You may encounter an issue when you install DSA on an Amazon Web Service (AWS) Cloud Virtual Machine (VM) if there is a proxy between the AWS Cloud VM and Deep Security Relay (DSR) agent. Upon activation, the DSA will fail to install the necessary plug-in and will show the "403 Forbidden" error.

2016/02/02 13:47:28.152,[00452:03520],[ERROR],[Core Scan Manager], ScanManager::LoadConfiguration: Fail to load AMSP_CFG_SCMGR_RESCAN_TASKS, asRescanTasksCfg: 0xe016000d,[.\ScanManager.cpp(1997)] 
2016/02/02 13:47:28.152,[00452:03520],[WARNING],[Core Scan Manager], AMSP_CFG_SCMGR_CONFIG_FILE_MAPPING_SIZE error, set mapping file size to 0x300000,[.\ScanManager.cpp(1667)] 
2016/02/02 13:47:28.152,[00452:03520],[INFO],[Core Action Manager], == Plugin_Interface_OnNotify,eError = 0x20ff0000,[.\coreActionManager.cpp(355)] 
2016/02/02 13:47:28.167,[00452:02696],[WARNING],[Core Command Manager], Call register pid error : 0xe0ff000d,[.\CommandManager.cpp(1602)] 
2016/02/02 13:47:28.574,[00452:04240],[INFO],[Core Action Manager], == Plugin_Interface_OnNotify,eError = 0x20ff0000,[.\coreActionManager.cpp(355)] 
2016/02/02 13:47:30.324,[00452:04240],[ERROR],[Core Update Manager], Failed to notify .\Module\40000\2.6.1065\5.50.1104\plugUtilRCM.dll , notify id: 0x100e, ret=0xe0030009,[.\UpdateProcedure.cpp(1693)] 
2016/02/02 13:47:38.011,[00452:04188],[WARNING],[Core Command Manager], Call register pid error : 0xe0ff000d,[.\CommandManager.cpp(1602)] 
2016/02/02 13:47:45.777,[00452:04240],[WARNING],[Plugin System Adapter], Failed to open reg key for IE path. Errorcode: 0x2,[.\AdapterEventThreadPool.cpp(4494)] 
2016/02/02 13:47:45.792,[00452:04240],[ERROR],[Plugin UtilSysInfo], Invalid PID!! ProcEntry.th32ProcessID=0, ProcEntry.szExeFile=[System Process],[.\ProcInfoTable.cpp(1640)] 
2016/02/02 13:47:45.824,[00452:04240],[ERROR],[Plugin UtilSysInfo], Invalid PID!! ProcEntry.th32ProcessID=0, ProcEntry.szExeFile=[System Process],[.\ProcInfoTable.cpp(1640)] 
2016/02/02 13:47:45.824,[00452:04240],[ERROR],[Plugin UtilSysInfo], Invalid PID!! ProcEntry.th32ProcessID=0, ProcEntry.szExeFile=[System Process],[.\ProcInfoTable.cpp(1640)] 
2016/02/02 13:47:45.824,[00452:04240],[ERROR],[Core Config Repository], do not have any recovery item. moudle id= 0x4e21 interface id= 0x30d4b,[.\ConfigRepository.cpp(627)] 
2016/02/02 13:47:45.855,[00452:04240],[ERROR],[Plugin SSAPI], Failed: SSSetRCMTable: major(0x64), minor(0), build(0), 0xfffffbfc,[.\ssapi_implementation.cpp(238)] 
2016/02/02 13:47:45.855,[00452:04240],[ERROR],[Plugin SSAPI], SSAPI error: 0xfffffbfc: ,[.\ssapi_implementation.cpp(268)] 
2016/02/02 13:47:45.855,[00452:04240],[ERROR],[Plugin SSAPI], SSAPI error: 0xfffffbfc: ,[.\ssapi_implementation.cpp(268)]  
Details
Public

The issue happens because the DSA fails to load the plug-in through the proxy connection.

To resolve the issue, a DSR must be placed in the AWS Cloud Zone. This DSR should be kept within its own Relay Group and should be configured with the appropriate proxy settings. Any DSA in AWS Cloud Zone must then be configured using this DSR in place.

  1. Enable the Relay for DSA.
    1. From the Deep Security Manager console, select a DSA which is installed on AWS VM.
    2. Open the machine's context window and go to Overview > Actions > Software.
    3. Click Enable Relay for this machine and wait for the update process to finish.
  2. Create Relay Groups.
    1. Navigate to Administration > Update > Relay Groups.
    2. Click New and follow the Relay Groups Wizard.
    3. Name your Relay Group and select the Relay members for this group.
    4. Configure your primary Relay Group by selecting Primary Security Update Source under the Download Updates From section. This setting will download updates from the Update Source URL configured in the Relay section of Updates tab.
    5. Repeat steps 2-3 to create more Relay Groups.
    6. You may opt to create Relay Group heirarchy by selecting an existing Relay Group as the source of your new Relay Group under the Download Updates From section.
  3. Assign Agents or Appliance to the Relay Groups.
    1. On the Computers page, right-click the selected machine and click Actions.
      If you want to assign a Relay Group to multiple computers, press SHIFT or CTRL and click the selected machines on the list.
       
      When selecting multiple computers, the Assign Relay Group option will only be available if this action is applicable to all the computers you selected.
    2. Click Assign Relay Group and choose the Relay Group to be used by doing any of the following:
      • Select the Relay Group from the drop-down list.
      • From the Computer Details windows, select the Relay Group from the Download Updates From section.
  4. Review all the Relay Group assignments. Note that the agents and appliances with no specific Relay Group assignment are automatically assigned to the "Default Relay Group".
    1. Navigate to Administration > System Settings > Updates.
    2. Click the View Relay Groups button.
    3. Right-click a Relay Group and select Properties.
    4. Click Assigned tab to review the list of agents and appliances assigned to this Relay Group.
    5. To quickly change the assignment for an agent or appliance, click the Assigned to link to open the Computer Details page where you can select another Relay Group assignment.
  5. Configure a Relay Group to use a proxy server.
     
    Each Relay Group (except the Default Relay Group) can be configured to use a separate proxy server to connect to Trend Micro for retrieving Security Updates. The Default Relay Group uses the same proxy to connect to the internet as Deep Security.
    1. From the Deep Security Manager console, go to Administration > Updates > Relay Groups.
    2. Double-click a Relay Group to show its Properties window.
    3. Click Proxies tab and select the proxy server from the Primary Security Update Proxy drop-down list. The list of available proxy servers is maintained on Administration > System Settings > Proxies tab.
    4. Click OK.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1113620
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.