Troubleshooting Issues Parent topic

Issue Description and Resolution
General
No access to the management console
 The management console URL is not a trusted site in Internet Explorer. Add the URL to the trusted sites.
The imssps daemon is running but refusing connections.
If the imssps daemon is running, the policy service is working. Check the connection between the policy service and scanner service and verify your LDAP settings.
Unable to activate products (Antivirus/eManager, SPS, Email Reputation, IP Filtering) or update components
To activate Email Reputation, IMSS needs to connect to Trend Micro. This process requires an HTTP query with a valid DNS setting. Therefore, if a DNS server is not available or has connection problems, activation cannot occur.
To verify your DNS server settings:
  • Use the following command:
    nslookup licenseupdate.trendmicro.com
The command should return the IP address of the Trend Micro license update server.
If a proxy server is required to connect to the Internet, verify your proxy settings to ensure the HTTP request reaches http://licenseupdate.trendmicro.com.
To verify your proxy settings from the management console:
  1. Go to AdministrationUpdates.
    The Schedule tab displays by default.
  2. Click the Source tab.
  3. Configure the proxy settings.
  4. Click Save.
Email notifications do not properly display.
If your computer is running a non-English operating system and the notification message was not written in English, it may appear distorted. Modify the character set through the management console.
To modify the character set:
  1. Go to AdministrationNotificationsDelivery Settings.
  2. Next to Preferred Charset, select the character set in which the messages will be encoded.
Cannot query message logs in IMSS. IMSS scanner records the log with local time. To query message logs, synchronize the date/time on all computers with IMSS.
IMSS does not receive email messages.
  1. Check if the IMSS scanner service and SMTP service are running.
  2. Check if a different application is using the required port. Free up port 25.
Services are not running normally.
The database has not been started or the database was started after the IMSS services started. Restart all IMSS services.
After enabling Web Reputation, the scan time for messages increases significantly.
Web Reputation needs to query the Trend Micro Web Reputation servers. Verify the HTTP connectivity from the IMSS scanner to the external network.
For Web Reputation issues, check the wrsagent.* files under the {Installation_Path}\imss\log folder.
End-User Quarantine Issues
Unable to access the EUQ management console
Do the following:
  1. Verify that you are using the correct URL and port number.
    To view the console from another computer on the network, type the following URLs:
    • Primary EUQ service: https://<target server IP address>:8447
    • Secondary EUQ service: https://<target server IP address>:8446
  2. Verify that the system time of each EUQ service on your network is synchronized.
The first instance of the EUQ service, the primary EUQ service, runs Apache Web Server (httpd) while listening on port 8447 (HTTPS).
This Web Server serves as a connection point for the EUQ clients and for load balancing for all EUQ services. If the Apache server is not up and running, users will not be able to access the EUQ management console from the normal IP address:
https://{Primary EUQ Service IP address}:8447/
Users are unable to log on to EUQ management console
Do the following:
  1. On the LDAP server, verify that the user accounts are in the correct group. Only user accounts in the approved group can access EUQ.
  2. Verify LDAP and User Quarantine Access settings through the IMSS management console:
    1. Go to Administration IMSS ConfigurationConnectionsLDAP.
    2. Verify all settings, especially the LDAP type and server information. If you are using Kerberos authentication, ensure that the time for all IMSS computers and the LDAP server is synchronized.
    3. Go to AdministrationEnd-User Quarantine.
    4. Select Enable User Quarantine Access.
    5. Verify that the correct LDAP groups appear under Selected Groups and that the user account belongs to the selected groups.
  3. Verify that users are using the correct logon name and password. For more information, see Logon Name Format..
  4. If the issue persists even after verifying the above settings, do the following:
    1. Go to LogsSettings.
    2. Set the application log level to Debug.
    3. Select System Status, restart the Web EUQ service.
    4. Request the user to try logging on to the EUQ management console again.
    5. Send the log file imssuieuq.yyyymmdd located in C:Program Files\Trend Micro\IMSS\logs to Trend Micro’s technical support.
The EUQ digest does not correctly display quarantined message information.
Verify that the correct character set is selected:
  1. Go to AdministrationNotificationsDelivery Settings.
  2. Next to Preferred charset, select the character set that will properly display the digest information.
Some quarantined messages are not appearing on the EUQ management console
On the EUQ management console, users can only access the quarantined messages if the administrator configures EUQ to allow access.
To make quarantine areas visible to end users:
  1. Go to Mail Areas & QueuesSettings.
  2. Click the link of the quarantine area that you want to synchronize to EUQ.
  3. Select the check box next to Synchronize all messages that do not violate virus, phishing, or Web reputation rules, to the EUQ database (for this area only).
After enabling this option, all non-malicious messages (messages that do not trigger antivirus rules, anti-phishing conditions, or Web Reputation) quarantined in this area synchronize with the EUQ database. This allows end users to view and manage the messages from the EUQ management console.
End users cannot access malicious messages.
Cannot enable LDAP with Kerberos authentication.
Kerberos protocol requires time synchronization between the Kerberos server and IMSS.
Synchronize the date/time for all computers with IMSS.
Check whether the DNS server is configured correctly.
IP Filtering Issues
FoxDNS is not functioning.
Verify that the BIND service is running:
  1. Check the BIND service status from the System Services console.
  2. Start the service if it is not running.
Email Reputation does not work after being enabled from the management console.
Email Reputation may not work due to the following reasons:
  • IP Filtering Servicewas not activated. Email Reputation shares the same Activation Code with IP Filtering Service. If IP Filtering Service was not activated, activate IP Filtering Service and then activate Email Reputation.
  • The computer on which the scanning service is installed cannot access the Internet. MTA cannot get a response for the DNS query for Activation Code validation. Confirm that the computer where the scanner service is installed has access to the Internet.
Activate IP Filtering Service and confirm IMSS can access the Internet.
IP profiler does not block IP addresses in the Blocked List.
The changes require about one (1) minute to take effect.
Wait one (1) minute before checking the list again.
Blocked IP address does not display in the Overview page
The Overview page displays the top 10 blocked IP addresses by type for the last 24 uninterrupted hours. For example, at 16:12 today the Overview page displays data from 16:00 yesterday to 16:00 today.
View the Overview page after an hour.