After installing OSCE 11.0, the services on client machines are unable to start. After checking further, the OSCE client machines are not getting their patterns from the OSCE server even though they can connect to it. This happens when the OSCE server is unable to complete downloading and merging pattern files.

In the OSCE server's tmudump.txt update log, error lines similar to the following are seen:

Err 20160309 12:17:04 3012 3084 Signature Check C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\LWCS\patch.exe failed, ret : 1536
Inf 20160309 12:17:04 3012 3084 Cleanning Temp dir [C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\LWCS\AU_Data\AU_Temp\3012_3084]
Inf 20160309 12:17:05 3012 3084 UpdateManager endwith 69 (450000): ActiveUpdate self integrity check fail.
Inf 20160309 12:17:05 3012 3084 End TmuUpdateEx()

The "ActiveUpdate self integrity check fail" error usually appears when when the OSCE server is installed on a Windows machine without an Internet connection or with Windows Update disabled. If the OSCE server doesn't have Windows Update enabled or was placed in an isolated network environment, it may not obtain the Comodo root certificates in its trusted certificate store. Without the certificates, the updates cannot be validated and will fail.

For the OSCE server and client machines that do not have the updated certificates in their trusted certificate stores, the following issues may occur:

• You are unable to install the ActiveX components of the OfficeScan web console, which makes the console inaccessible.
• A prompt says that the AtxEnc.cab is signed by an Unknown Publisher and the file is blocked because it does not have a valid digital signature that verifies its publisher.
• OfficeScan clients remain in an "Updating" state and do not receive their pattern updates.
• OfficeScan cannot verify the computer's digital signatures during Inter-Process Communication (IPC).