After installing OSCE 11.0, the services on client machines are unable to start. After checking further, the OSCE client machines are not getting their patterns from the OSCE server even though they can connect to it. This happens when the OSCE server is unable to complete downloading and merging pattern files.
In the OSCE server's tmudump.txt update log, error lines similar to the following are seen:
Err 20160309 12:17:04 3012 3084 Signature Check C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\LWCS\patch.exe failed, ret : 1536 Inf 20160309 12:17:04 3012 3084 Cleanning Temp dir [C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\LWCS\AU_Data\AU_Temp\3012_3084] Inf 20160309 12:17:05 3012 3084 UpdateManager endwith 69 (450000): ActiveUpdate self integrity check fail. Inf 20160309 12:17:05 3012 3084 End TmuUpdateEx()
The "ActiveUpdate self integrity check fail" error usually appears when when the OSCE server is installed on a Windows machine without an Internet connection or with Windows Update disabled. If the OSCE server doesn't have Windows Update enabled or was placed in an isolated network environment, it may not obtain the Comodo root certificates in its trusted certificate store. Without the certificates, the updates cannot be validated and will fail.
For the OSCE server and client machines that do not have the updated certificates in their trusted certificate stores, the following issues may occur:
- You are unable to install the ActiveX components of the OfficeScan web console, which makes the console inaccessible.
- A prompt says that the AtxEnc.cab is signed by an Unknown Publisher and the file is blocked because it does not have a valid digital signature that verifies its publisher.
- OfficeScan clients remain in an "Updating" state and do not receive their pattern updates.
- OfficeScan cannot verify the computer's digital signatures during Inter-Process Communication (IPC).
To resolve the issue, first make sure that the OSCE server has OSCE 11.0 Service Pack (SP) 1 (Build 2995 or later) installed. The latest service packs and patches are available in the Download Center.
After applying and deploying OSCE 11.0 SP1 (Build 2995 or later), you must manually update the root certificates or perform a Windows Update.
- If the OSCE server can be connected to the Internet, then perform a Windows Update in order to download and install the needed root certificates.
- If the computer does not have an Internet connection, then download the certificates on an Internet-connected computer and then install them on the OSCE server by following the steps in the following article: Certificate-related issues after OfficeScan (OSCE) 10.6 SP3.