Summary
"Unable to deploy the Activation Code to specified products" status is shown for both Application Control and Vulnerability Protection
Root Cause Analysis
Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) or may not be able to send the enhanced security policies to Security Agents across the network successfully when managing the Apex One server from the Apex Central web console. This happens for the following reasons:
- The specified Windows account that manages the existing Apex One SQL database changes the logon credentials used to connect to the existing database.
- Users change the Authentication Type of the existing Apex One SQL database from "Windows Account" to "SQL Server Account".
Open the Command prompt as an administrator then change the directory to ..\Trend Micro\Apex One\PCCSRV\. Run the command "SVRSVCSETUP.EXE -testosfwebapp", OSF Web Service Response status=[500] will appear.
The HTTP 500 error appears when Apex One does not grant a sufficient access permission for this account to access the OSF web service.
[ofcservice.exe]BoostHTTPClient::receive - http response code=500
[ofcservice.exe]SendOSFServiceCall - OSF Web Service Response status=[500], http version=[11]
Windows Application Logs may also record a warning message from ASP.NET web event:
Event code: 3008
Event message: A configuration error has occurred.
Event time: 7/10/2019 11:26:16 PM
Event time (UTC): 7/10/2019 3:26:16 PM
Event ID: 229027375eab4ba8a2ad6ce753af3eab
Event sequence: 1
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/3/ROOT/officescan/osfwebapp-5-132072459760915190
Trust level: Full
Application Virtual Path: /officescan/osfwebapp
Application Path: C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Web_OSCE\osf\
Machine name:
Process information:
Process ID: 11708
Process name: w3wp.exe
Account name: IIS APPPOOL\OfficeScanOSFAppPool
Exception information:
Exception type: ConfigurationErrorsException
Exception message: An error occurred executing the configuration section handler for system.web/identity.
at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'The user name or password is incorrect.
' (C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Web_OSCE\osf\web.config line 22)
at System.Web.Configuration.IdentitySection.InitializeToken()
at System.Web.Configuration.IdentitySection.get_ImpersonateToken()
at System.Web.Configuration.IdentitySection.ValidateCredentials()
at System.Web.Configuration.IdentitySection.GetRuntimeObject()
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObjectWithRestrictedPermissions(ConfigurationSection section)
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObject(Object result)
Apex One Hot Fix Build 2022 resolves this issue by updating the SQL Server Database Configuration Tool to add the Windows account to the IIS_IUSRS group to obtain the correct permissions. If your Apex One server build is older than Build 2022, please apply the latest product patch from our Download Center.
After downloading the hot fix, follow these steps:
- Install this hot fix (see "Installation").
- On the Apex One server computer, browse to "\PCCSRV\Admin\Utility\SQL".
- Double-click SQLTxfr.exe to run the tool.
- Provide the authentication credentials for the SQL Server database.
The user account must belong to the local administrator group or AD built-in administrator.
- Click Start to apply the configuration changes.
If the HTTP 500 error persists in Apex One server ofcdebug.log after applying the above steps, please do the following to check the configuration on Apex One server website. Note that this error occurs when IIS application pool setting "Enable 32-Bit Application" is set as true on "OfficeScanOSFAppPool" of in 64-bit machine. To address this issue:
- Open IIS Manager, click Application Pools under your OSCE server, and choose "OfficeScanOSFAppPool". "Advanced Settings" can be seen on the right.
- Open Advanced Settings, then change "Enable 32-Bit Application" to false.
- Restart Master Service and IIS Admin Service.
- Verify the issue.
