Knowledge Base

Support

Troubleshooting Guide: Client/Server Security Agent (CSA) or Security Agent (SA) appears offline or disconnected, or does not appear at all

Solution IDLast Updated
1037481Date : 2012/02/9 Time: 5:37 AM (PST)


Product/VersionPlatform
Client Server Messaging Security for SMB - 3.6; Client/Server Security SMB - 3.6; Worry-Free Business Security Standard/Advanced - 5.1, 6.0, 7.0
Windows - 2000 Advanced Server, 2000 Professional, 2000 Server, 2000 Small Business Server, 2003 Enterprise Server, 2003 Small Business Server, 2003 Standard Server Edition, 2008 Essential Business Server, 2008 Small Business Server, 7 32-bit, Vista 32-bit, XP Professional

Problem Description

You encounter the following issues:
  • Agent appears as offline in the CS / CSM / WFBS console.
  • Agent's status in the System Tray shows the disconnected icon.
  • Clients incorrectly appear as "Offline" on the console or do not appear at all.
  • Clients do not show the correct pattern file or scan engine on the console.
  • Clients do not report/appear to the new Security Server.
  • Security Agents are not showing in the WFBS console.
  • Clients do not update properly.
  • Clients deployment problem from the console

Solution

To resolve any of the issues you encountered, please do one of the following options:

Important: Troubleshooting on the Security Server should be done if all or majority of the CSAs are not appearing. On the other hand, troubleshooting on the CSA should be done when a client or some clients are not appearing, but majority of the clients are appearing online. This is to avoid unnecessary actions on the Security Server and prevent further damage on the WFBS client.
[ Expand All ]

 

 

Option 1: Check the number of seats for your license.

  1. Log on to the WFBS console.
  2. Click Preferences > Product License.
  3. Make sure that you have not exceeded the seats for your license. Otherwise, the extra clients will not show up on the management console.
    You can contact your reseller or the Trend Micro Sales department to purchase additional seats.

 

Option 2: Check the server-agent communication.

To check the server-agent communication, do the following:
  1. From the Security Server, ping the IP address of the [appears disconnected/offline] agent.
    1. From the [appears disconnected/offline] Client/Server Security Agent, ping the IP address of the Security Server.
    2. Return to the Security Server and open the ..\PCCSRV\ofcscan.ini file.
    3. Note the values of the following entries:
      • Master_DomainName
      • Master_DomainPort
      • Client_LocalServer_Port
    4. Open the Registry Editor in the client computer and compare the communication information with the WFBS server.
      Important: Always create a backup before modifying the registry. Incorrect registry changes may cause serious issues. Should this occur, restore it by referring to the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.
      The values of the following registry keys should be the same with the values from Step 1d.
      If the values are not the same, use the Client Mover Tool (IPXfer.exe) to restore the communication between the WFBS server and Security Agent. Follow the procedure in this article: Using the Client Mover Tool (IpXfer.exe) in WFBS.
      • For WFBS 7.0: Go to HKEY_LOCAL_MACHINE\Software\Trend Micro\UniClient\1600.
      • For WFBS 5.x/6.0 and CS/CSM 3.6:
        • 32-bit OS: Go to HKEY_LOCAL_MACHINE\Software\Trend Micro\PC-CillinNTtCorp\CurrentVersion
        • 64-bit OS: Go to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Trend Micro\PC-CillinNTtCorp\CurrentVersion
      • Server
      • ServerPort
      • LocalServerPort
    5. Open a command prompt and run this command:
      telnet<space><agent's IP address><space><value of the Client_LocalServer_Port>
      If telnet is unsuccessful, check if a firewall is turned on or is blocking the Client_LocalServer_Port. Ask your network administrator for assistance.
    6. Open a command prompt from the CSA/SA and run this command:
      telnet<space><value of the Master_DomainName><space><value of the Master_DomainPort>
      If telnet is unsuccessful, check if a firewall is turned on or is blocking the Master_DomainPort. Ask your network administrator for assistance.
    7. Check for limited network bandwidth. If this condition exists, run these commands to determine if the limited bandwidth causes connection timeout:
      • From the Security Server, type "ping<space>-t<space><agent's IP address>"
      • From the CSA/SA, type "ping<space>-t<space><server's IP address>
  2. Set the CSA/SA's permission in the ..\Security Server\PCCSRV folder.
    1. From the Security Server, open a command prompt and go to the ..\PCCSRV folder.
    2. Run "svrsvcsetup<space>-setprivilege" and then close the command prompt.
    3. Restart the Trend Micro Client/Server Security Agent Listener service on one of the clients that is disconnected or offline.
    4. Open the WFBS console and go toSecurity Settings.
    5. Refresh the page after 30 seconds and verify if the agent is still disconnected or appearing as offline.
  3. Verify the client’s connection to the Security Server.
    http://<Server name>:<serverport>/SMB/cgi/cgionstart.exe
    If the next screen shows -2, this means the client can communicate with the server.
    1. On the client computer, open Internet Explorer.
    2. Type this URL in the address bar then press Enter:
  4. Access the server and execute autopcc.exe.
    The program autopcc.exe performs the following functions:
    Note: In order to enforce the use of login script installation method, client computers must be listed in the Windows Active Directory of the server that is performing the installation.
    • Determines the operating system of the unprotected computer and the CSA/SA.
    • Updates the scan engine, virus pattern file, Damage Cleanup Services components, cleanup file, and program files.
    1. On the client computer, open Network Neighborhood and access the Security Server.
    2. Go to the PCCSRV folder or the ofcscan shared folder.
    3. Execute autopcc.exe.
    4. Refresh the WFBS console.
      If the agent still does not appear on the WFBS console, re-establish the communication between the server and the agent by using the Client Mover Tool or IpXfer. Follow the procedure in this article: Using the Client Mover Tool (IpXfer.exe) in WFBS.
    5. Return to the WFBS console and check out the status of the agent.
  5. Use the administrator account for the OfficeScan website.
    1. From the Security Server, click Start > Run and then type "inetmgr".
    2. Expand Servername > Website.
    3. Under Websites, right-click OfficeScan and then select All tasks > Save Configuration to a file.
    4. Use "OfficeScan" as the filename.
    5. Click on the Desktop icon and then click Save.
    6. Click on the Directory Security tab.
    7. Under Authentication and Access Control section, click Edit.
    8. Tick the Enable Anonymous Access checkbox.
    9. Enter your administrator account and password.
    10. Click Apply > Yes to All > OK.
    11. Open the Services console and restart the following services:
      • World Wide Web Publishing Service
      • Trend Micro Security Server Master Service
    12. Log on to the WFBS console and verify that the computers are now listed under Servers and Desktop groups.
If the issue still occurs, contact Trend Micro Technical Support and provide the Case Diagnostic Tool (CDT) log generated on the WFBS server and the Security agent. For the instructions on how to get the CDT logs, refer to this solution: Using the CDT to collect all the information needed by Trend Micro Technical Support.

 


Rate this Solution
Did this article help you?  
 
 Please provide your comments to help us improve this solution.

 
  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.
 
 

Connect with us on