Summary
The Policy Deployment from Apex Central to Apex One fails, and returns the following error:
System Error. Error ID:-1
Root Cause Analysis
Errors can be seen in the following log files:
- In the TMCM_sCloudProcessor.log file located at ...\Trend Micro\Control Manager\DebugLog:
2019-12-03 10:43:57,929 3089653 [15] ERROR TrendMicro.TMCM.sCloudProcessor.CommonSender.TaskDispatcher - [Send] TaskDispatcher SendRequest Exception: The remote server returned an error: (403) Forbidden.
2019-12-03 10:43:57,929 3089653 [15] DEBUG TrendMicro.TMCM.Utilities.PolicyDatabaseWrapper.ServerList - [1]UpdateServerStatus Info:E55344060EB8-47A8AE6D-13E1-6D73-8D90:-1
2019-12-03 10:43:57,929 3089653 [15] ERROR TrendMicro.TMCM.Utilities.PolicyDatabaseWrapper.ServerList - UpdateServerStatus Exception [-1]: -1
2019-12-03 10:43:57,929 3089653 [15] DEBUG TrendMicro.TMCM.Utilities.PolicyDatabaseWrapper.ServerList - [2]UpdateServerStatus Code:-1
2019-12-03 10:43:57,929 3089653 [15] INFO TrendMicro.TMCM.sCloudProcessor.PolicyTask - Update policy status to database for PolicyID = [7afa4d37-6ab0-48cc-9834-464f048d7f37], serverResult.errCode = [-1].
- In the SystemConfiguration.xml file located at ...\Program Files\Trend Micro\Control Manager:
</P><P Name="m_strProtocol" Value="http">
The error in the TMCM_sCloudProcessor.log points out that this machine does not support HTTP protocol, but the profile "SystemConfiguration.xml" is set to support HTTP.
This issue happens because the SSO function doesn't work from Apex One to Apex Central, which affects the policy deployment. Based on the findings in the logs, the SSO issue is caused by the HTTP protocol configured.
To fix the policy deployment issue, the SSO issue must be fixed first. Follow the steps below:
- Stop the following services in order:
- World Wide Web Publishing Service
- Trend Micro Apex Central
- Trend Micro Management Infrastructure
- Modify the SystemConfiguration.xml file:
- Create a backup of the following files:
- ..\Control Manager\SystemConfiguration.xml
- ..\Control Manager\WebUI\WebApp\App_Data\SystemConfiguration.xml
- Use a text editor to open the SystemConfiguration.xml file, then look for:
</P><P Name="m_strProtocol" Value="http">
- Change the Value from "http" to "https".
- Save the changes.
The SystemConfiguration.xml file on both directories should be modified.
- Restart the following services in order:
- World Wide Web Publishing Service
- Trend Micro Apex Central
- Trend Micro Management Infrastructure
- To verify, check if SSO function works. Re-deploy the policy and check it again.
Log Collection
- Collect CDT Logs by following this KB article.
- Apex Central Server CDT
- Apex One Server CDT
- Submit support ticket to Technical Support.
