Troubleshooting Issues Parent topic

Issue Description and Resolution
General
No access to the management console
 The management console URL is not a trusted site in Internet Explorer. Add the URL to the trusted sites.
The imssps daemon is running but refusing connections.
If the imssps daemon is running, the policy service is working. Check the connection between the policy service and scanner service and verify your LDAP settings.
Unable to activate products (Antivirus/eManager, SPS, Email Reputation, IP Filtering) or update components
To activate Email Reputation, IMSS needs to connect to Trend Micro. This process requires an HTTP query with a valid DNS setting. Therefore, if a DNS server is not available or has connection problems, activation cannot occur.
To verify your DNS server settings:
  • Use the following command:
    nslookup licenseupdate.trendmicro.com
The command should return the IP address of your IMSS server.
If a proxy server is required to connect to the Internet, verify your proxy settings to ensure the HTTP request reaches http://licenseupdate.trendmicro.com.
To verify your proxy settings from the management console:
  1. Go to AdministrationUpdates.
    The Schedule tab displays by default.
  2. Click the Source tab.
  3. Configure the proxy settings.
  4. Click Save.
Email notifications do not properly display.
If your computer is running a non-English operating system and the notification message was not written in English, it may appear distorted. Modify the character set through the management console.
To modify the character set:
  1. Go to AdministrationNotificationsDelivery Settings.
  2. Next to Preferred Charset, select the character set in which the messages will be encoded.
Cannot query message logs in IMSS. IMSS scanner records the log with local time. To query message logs, synchronize the date/time on all computers with IMSS.
IMSS does not receive email messages.
  1. Check if the IMSS scanner service and SMTP service are running.
  2. Check if a different application is using the required port. Free up port 25.
Services are not running normally.
The database has not been started or the database was started after the IMSS services started. Restart all IMSS services.
After enabling Web Reputation, the scan time for messages increases significantly.
Web Reputation needs to query the Trend Micro Web Reputation servers. Verify the HTTP connectivity from the IMSS scanner to the external network.
For Web Reputation issues, check the wrsagent.* files under the {Installation_Path}\imss\log folder.
End-User Quarantine Issues
Unable to access the EUQ management console
Do the following:
  1. Verify that you are using the correct URL and port number.
    To view the console from another computer on the network, type the following URLs:
    • Primary EUQ service: https://<target server IP address>:8447
    • Secondary EUQ service: https://<target server IP address>:8446
  2. Verify that the system time of each EUQ service on your network is synchronized.
The first instance of the EUQ service, the primary EUQ service, runs Apache Web Server (httpd) while listening on port 8447 (HTTPS).
This Web Server serves as a connection point for the EUQ clients and for load balancing for all EUQ services. If the Apache server is not up and running, users will not be able to access the EUQ management console from the normal IP address:
https://{Primary EUQ Service IP address}:8447/
Users are unable to log on to EUQ management console
Do the following:
  1. On the LDAP server, verify that the user accounts are in the correct group. Only user accounts in the approved group can access EUQ.
  2. Verify LDAP and User Quarantine Access settings through the IMSS management console:
    1. Go to Administration IMSS ConfigurationConnectionsLDAP.
    2. Verify all settings, especially the LDAP type and server information. If you are using Kerberos authentication, ensure that the time for all IMSS computers and the LDAP server is synchronized.
    3. Go to AdministrationEnd-User Quarantine.
    4. Select Enable User Quarantine Access.
    5. Verify that the correct LDAP groups appear under Selected Groups and that the user account belongs to the selected groups.
  3. Verify that users are using the correct logon name and password. For more information, see Logon Name Format..
  4. If the issue persists even after verifying the above settings, do the following:
    1. Go to LogsSettings.
    2. Set the application log level to Debug.
    3. Select System Status, restart the Web EUQ service.
    4. Request the user to try logging on to the EUQ management console again.
    5. Send the log file imssuieuq.yyyymmdd located in /opt/trend/imss/logs to Trend Micro’s technical support.
The EUQ digest does not correctly display quarantined message information.
Verify that the correct character set is selected:
  1. Go to AdministrationNotificationsDelivery Settings.
  2. Next to Preferred charset, select the character set that will properly display the digest information.
Some quarantined messages are not appearing on the EUQ management console
On the EUQ management console, users can only access the quarantined messages if the administrator configures EUQ to allow access.
To make quarantine areas visible to end users:
  1. Go to Quarantine & ArchiveSettings.
  2. Click the link of the quarantine area that you want to synchronize to EUQ.
  3. Select the check box next to Synchronize all spam and email messages, that do not violate virus, phishing, or Web reputation rules, to the EUQ database (for this area only). This allows end users to view and manage the messages from the EUQ Web console.
After enabling this option, all non-malicious messages (messages that do not trigger antivirus rules, anti-phishing conditions, or Web Reputation) quarantined in this area synchronize with the EUQ database. This allows end users to view and manage the messages from the EUQ management console.
End users cannot access malicious messages.
Cannot enable LDAP with Kerberos authentication.
Kerberos protocol requires time synchronization between the Kerberos server and IMSS.
Synchronize the date/time for all computers with IMSS.
Check whether the DNS server is configured correctly.
IP Filtering Issues
FoxProxy cannot start up
There are several reasons why FoxProxy might not start. To find out the reason, view the IP Profiler logs.
To view IP Profiler logs:
  1. Go to the directory where IP Profiler is installed (by default: /opt/trend/ipprofiler/config).
  2. Open foxproxy.ini.
  3. Change the value for log_level to 4.
  4. Restart FoxProxy by typing the following:
    /opt/trend/ipprofiler/script/foxproxyd restart
  5. Open the log file by typing the following: /opt/trend/ipprofiler/logs/foxproxy-general.****
Unable to connect to FoxProxy
Verify that FoxProxy is running and that it binds on port 25.
Unable to view connections that FoxProxy is blocking
Every five (5) minutes, FoxProxy sends information about blocked connections to the IMSS server.
Wait for at least five minutes before viewing the connection information.
To change this time value:
  1. Open foxproxy.ini.
  2. Modify the value for report_send_interval.
  3. Restart FoxProxy by typing the following:
    /opt/trend/ipprofiler/script/foxproxyd restart
FoxDNS is not functioning.
Verify that the BIND service is running:
  1. Specify the following command:
    ps –ef | grep named
  2. Start the service if it is not running.
No IP Profiler log information exists
The following IP Profiler-related log files are in the IMSS admin database:
  • foxmsg.****
  • foxnullmsg.****
  • foxreport.****
Verify that the log files exist:
  1. Go to the log directory where IMSS is installed (by default: /opt/trend/imss/log/).
  2. If the files are not present, use the following command to check if imssmgr is running:
    ps –ef | grep imssmgr
  3. Check if FoxProxy is running:
    ps –ef |grep foxproxy
  4. Verify that IP Profiler is enabled. In the table t_foxhuntersetting, the following should exist:
    record: ‘Type’ = 1 and ’enable’ = TRUE
ERS does not work after being enabled from the management console.
ERS may not work due to the following reasons:
  • IP Filtering Servicewas not activated. ERS shares the same Activation Code with IP Filtering Service. If IP Filtering Service was not activated, activate IP Filtering Service and then activate ERS.
  • The computer on which the scanning service is installed cannot access the Internet. MTA cannot get a response for the DNS query for Activation Code validation. Confirm that the computer where the scanner service is installed has access to the Internet.
Activate SPS and confirm that the computer with SPS installed can access the Internet.
The MTA settings on the SMTP Routing management console screen are not being written into the Postfix configuration files
By default, the settings on the SMTP routing screen will not be automatically applied to Postfix on each scanner.
To apply the settings to all scanners:
  1. Go to Administration IMSS ConfigurationSMTP Routing.
    The SMTP Routing screen appears.
  2. Select the Apply settings to all scanners check box.
  3. Click Save.
After a few minutes, the IMSS manager process on each scanner synchronizes the settings to Postfix. To restart the IMSS manager immediately, use the command:
/opt/trend/imss/script/S99MANAGER restart
If the process above does not work, check the local configuration file /opt/trend/imss/config/imss.ini to verify the enable_postset_thd key is set to yes or is blank.
IP profiler does not block IP addresses in the Blocked List.
The changes require about one (1) minute to take effect.
Wait one (1) minute before checking the list again.
Blocked IP address does not display in the Overview page
The Overview page displays the top 10 blocked IP addresses by type for the last 24 uninterrupted hours. For example, at 16:12 today the Overview page displays data from 16:00 yesterday to 16:00 today.
View the Overview page after an hour.