Views:

To resolve the issue, do any of the following:

Sometimes when the Security Server gets updates, it would time out and generate errors in the logs. To resolve this:

Increase the timeout value when the Security Server gets updates

  1. On the Security Server, open the ..\Program Files\Trend Micro\Security Server\PCCSRV\Admin\aucfg.ini file using a text editor such as Notepad.
  2. Insert the "timeout=99999" line, as shown below:

    [downloader]
    retry=3
    timeout=99999

  3. Save and close the file.
  4. Update the server and verify the new timeout settings.

The issue may also occur when the client is using a proxy server to update. To fix this:

Specify the proxy server on the WFBS console

  1. Log in to the WFBS console.
  2. Go to Administration > Global Settings > Proxy tab.
  3. Under the Security Server Proxy section, update the following:
    • Use a proxy server for updates and license notification
    • Use SOCKS 4/5 proxy protocol
    • Address
    • Port
    • Proxy server authentication
      • User name
      • Password

The client sometimes has a firewall that blocks the current update source. To resolve this:

Change the ActiveUpdate source

  1. Log in to the WFBS console.
  2. Go to Update > Source.
  3. Select Alternate update source.
  4. Use any of the following sources for WFBS:
    • WFBS 10.0: https://wfbs-p.activeupdate.trendmicro.com/activeupdate
    • WFBS 9.5: http://wfbs95-p.activeupdate.trendmicro.com/activeupdate/
    • WFBS 9.0: http://wfbs90-p.activeupdate.trendmicro.com/activeupdate/
    • WFBS 8.0: http://wfbs80-p.activeupdate.trendmicro.com/activeupdate/
    • WFBS 7.0: http://iau.trendmicro.com/iau_server.dll
    • WFBS 6.0: http://wfbs60-p.activeupdate.trendmicro.com/activeupdate

Akamai, Trend Micro's third-party content provider, provides localized cache servers that are geographically located close to you. Since Akamai's server IP addresses change depending on your location (and even under different network conditions), it is best to use the DNS name "trendmicro.georedirector.akadns.net" or "activeupdate.trendmicro.com.edgekey.net " as the basis for your firewall rule.

Add an IP range of ActiveUpdate servers to be excluded on your firewall configuration

This works best if you are connecting using a single ISP.

  1. Do one of the following:
    • WFBS 10.0: Ping "wfbs-p.activeupdate.trendmicro.com"
      (includes Smart Scan Agent Pattern)
    • For WFBS 9.5: Ping "wfbs95-p.activeupdate.trendmicro.com"
    • For WFBS 9.0: Ping "wfbs90-p.activeupdate.trendmicro.com"
    • For WFBS 8.0: Ping "wfbs80-p.activeupdate.trendmicro.com"
    • For WFBS 7.0: Ping "iau.trendmicro.com"
    • For WFBS 6.0: Ping "wfbs60-p.activeupdate.trendmicro.com"
    • For License update: Ping "licenseupdate.trendmicro.com"
    • For AntiSpam source: Ping "csm-as.activeupdate.trendmicro.com"
    • For Smart Scan update: Ping "wfbs-lspn20.activeupdate.trendmicro.com"
      (Smart Scan Agent Pattern not included)
    • For AutoUpdate server: Ping "autoupdate.wfbs.trendmicro.com"
    • For the OPP (Outbreak Policy Pattern): Ping "oc.activeupdate.trendmicro.com"

    You should then be redirected to "e19270.dscd.akamaiedge.net". If you're not able to receive a reply, it might be the firewall that blocks the connection so you need to whitelist the DNS above or the IP range you received from the ping command.

  2. Change the last octet of the IP address you received to ".255" This should give you the address block for your servers.

    The resolved IP addresses can change depending on network traffic, and on whether or not the servers fail. Akamai compensates for this by modifying their DNS to point to a different server set. If this is the case, the procedure above should be repeated again, then add the new server IPs to the list.

Verify if the update sources on the following configurations are correct:

  1. Open the ..\PCCSRV\Private\ofcserver.ini using a text editor such as Notepad.
  2. Make sure that the following lines are correct: 
    	UpdateSource=https://wfbs-p.activeupdate.trendmicro.com/activeupdate
	DefaultAUServer=https://wfbs-p.activeupdate.trendmicro.com/activeupdate
	DefaultAUServerHttps=https://wfbs-p.activeupdate.trendmicro.com/activeupdate
	UpdateSource_Schedule=https://wfbs-p.activeupdate.trendmicro.com/activeupdate
	DefaultAUServer_Schedule=https://wfbs-p.activeupdate.trendmicro.com/activeupdate
	DefaultAUServerHttps_Schedule=https://wfbs-p.activeupdate.trendmicro.com/activeupdate
	UpdateSpamSource=https://csm-as.activeupdate.trendmicro.com/activeupdate
	ScheduleUpdateSpamSource=https://csm-as.activeupdate.trendmicro.com/activeupdate
	AutoUpdateServerUrl=https://autoupdate.wfbs.trendmicro.com
  3. Open the ..\PCCSRV\ofcscan.ini using a text editor such as Notepad.
  4. Make sure that the following lines are correct: 
    	Master_Program_URL=https://wfbs-p.activeupdate.trendmicro.com/activeupdate
	Trend_AU_Master_Program_URL=https://wfbs-p.activeupdate.trendmicro.com/activeupdate
	GlobalScanServerAddress=https://wfbs10.icrc.trendmicro.com/tmcss/
  5. Open the ..\PCCSRV\wss\AU.ini using a text editor such as Notepad.
  6. Make sure that the following lines are correct: 
    	DefaultAUServer=https://wfbs-lspn20-p.activeupdate.trendmicro.com/activeupdate/

The Security Server might not update due to corrupted pattern files or corrupted update components in the server's cache. To fix this, run the Disk Cleaner tool.

Smart Duplication is a function to reduce the network traffic when updating to ActiveUpdate Server as it only downloads the increment required to brings its existing components to the latest version. This requires more resources as it stores the current components.

You may switch to Site Duplication to download the full pattern every update. However, expect a bandwidth intensive network tradeoff for this function but it will benefit the Security Server as it saves more disk space. To do this:

Change the DuplicationAction of the components on the Security Server

  1. Open the ..\PCCSRV\Private\component.ini using a text editor such as Notepad.
     
    Back-up the configuration file before doing any modification. Incorrect changes can cause serious problems.
     
  2. Replace all "DuplicateAction=80" with "DuplicationAction=0".
  3. Save the changes.
  4. Restart Trend Micro Security Server Service.
 
If the Security Server is on air-gapped environment, you can refer to the following articles:
 

If the issue still persists, contact Trend Micro Technical Support and provide the Case Diagnostic Tool (CDT) log generated on the WFBS server. For the instructions on how to get this, refer to the Knowledge Base article: Using the CDT to collect all the information needed by Trend Micro Technical Support.

Keywords: Security Server update stops,security server cannot update,update fail,unable to reach update source,generic failure,security server cannot connect,security server not updating,clients appear outdated,clients appear outdated due to server not updating,cli