After upgrading to OfficeScan XG SP1, Windows 7/2008/2008R2, agents are shown as offline in the web server console.
This issue arises from advancements in secure communications. Older operating systems do not natively support TLS 1.2 as their default secure protocol.
- Update older systems to use TLS 1.2 as the default protocol.
- Verify protocol support by browsing SSL/TLS Capabilities of Your Browser.
- Update Windows 7/2008R2 machines to use TLS 1.2 as a default secure protocol: Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows.
- Refer to a more in-depth guide to enable TLS 1.2 support in Windows 7 or 2008R2: TLS/SSL Settings.
- If TLS 1.2 has been enabled on the system in question and it is still not reporting in, try turning off TLS 1.0 and TLS 1.1 and see if the connection with the console was resolved.
- If the above is not possible in the environment or not working, then proceed to Option 2.
Revert to pre-OfficeScan XG SP1 communications:
- Apply OfficeScan XG Service Pack 1 (SP1) Critical Patch 5147.
- Make a copy of ofcscan.ini (C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV).
- Stop the OfficeScan Master Service.
- Make the following changes to ofcscan.ini i.e. run Notepad as Administrator to save the changes:
UseSocketHTTPAdapter = 1
ASE = 0
- Save the file as ofcscan.ini.
- Restart the OfficeScan Master Service.
- Log in to the OfficeScan web console and click on Agents > Global Agent Settings.
- Click Save even if there were no changes.
- Wait a few moments and check the newly saved ofcscan.ini and verify that the ASE value is "0".
- Unload and reload the OfficeScan Agent on the test agent machine.
- To confirm the changes on the agent machine, check the following registry entries:
- for x64 platform: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\]
- for x86 platform: [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\]Key: ASE
- Go to the web console on the OfficeScan Server and click on Agents > Connection Verification > Manual Verification > Verify Now.
- After 15 minutes, check if the dashboard shows more online agents. This number will continue to grow as the agents check in via HTTP communication.