Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Manual unbind of agent port 4118 and re-installation of Deep Security Agent in an AIX host/server

    • Updated:
    • 18 Sep 2019
    • Product/Version:
    • Platform:
    • IBM AIX 5.3
    • IBM AIX 6.1
    • IBM AIX 7.1
Summary

It was determined that the ds_agent service could not be activated because the agent port 4118 could not be released and still being used. This leads to refusal of activation and communication for newer DSA installations in an AIX environment. Manual unbinding of agent port 4118 is required before proceeding with the installation.

Details
Public

Follow these steps:

  1. Manually unbind the process using the port and re-install AIX DSA. In the DSM console, de-activate the Offline Computer via Action tab and Deactivate button. End result should be ‘Unmanaged’ or deactivated.

    Deactivate

  2. SSH to the AIX agent and prepare manual unbind by turning off IPSEC filtering. Confirm that IPSEC is turned off by checking messages trail via,

    # tail -f /var/adm/messages

    The result output should show that Filter should be deactivated:

    IPSEC

  3. Stop the agent:

    # stopsrc -s ds_agent

  4. Uninstall Agent-AIX:

    # installp –u ds_agent

  5. Check if Agent port 4118 is still active and bound:

    # netstat -Aan | grep 4118

    There should be no results if the port is no longer bound.

  6. If Agent port is still bound like the result below, identify the socket associated with the active port. In the example below, it is f1000f000f9da3b8:

    socket

  7. Run command, rmsock <socklet value> tcpcb to identify the process ID tied to the socket. Once identified, proceed to forcefully kill the pid using, kill -9 <pid>. In example below, the pid is 28180820:

    rmsocktcpcb

  8. Check Agent port 4118 again. Binding should no longer exist.

    # netstat -Aan | grep 4118

  9. Proceed to reinstall Agent-AIX package.

    Agent-AIX package

  10. Check Agent port 4118 again. Binding should no longer exist.

    # netstat -Aan | grep 4118

  11. Check the status of ds_agent. It should be active.

    # lssrc –s ds_agent

    ds_agent

  12. Confirm that the driver module (ds_filter) is loaded:

    # /opt/ds_agent/ds_fctrl query

  13. Proceed to activate AIX agent.

    AIX agent

  14. Agent should now show as Online in DSM console.

    Online

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1123838
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.