Views:

Procedure

  1. On the Trend Micro Apex One server, go to <Server installation folder>\PCCSRV\Admin\Utility\IpXfer.
  2. Copy the following files to the Security Agent endpoint.
    • For x86 platforms:
      • IpXfer.exe
      • DatFHS.dll (required for Security Agent version 14.0.12526 or later)
    • For x64 platforms:
      • IpXfer_x64.exe
      • DatFHS_x64.dll (required for Security Agent version 14.0.12526 or later)
  3. On the Security Agent endpoint, open a command prompt and then go to the folder where you copied the executable file.
  4. Run Agent Mover using the following syntax:
    <executable file name> -s <server name> -p <server listening port> -c <agent listening port> -d <domain or domain hierarchy> -e <Certificate location and file name> -pwd <agent unload and unlock privilege password>

    Agent Mover Parameters

    Parameter
    Explanation
    <executable file name>
    IpXfer.exe or IpXfer_x64.exe
    -s <server name>
    The name of the destination Trend Micro Apex One server (the server to which the Security Agent will transfer)
    -p <server listening port>
    The listening port (or trusted port) of the destination Trend Micro Apex One server (for local servers only)
    To view the listening port on the Trend Micro Apex One web console, click AdministrationSettingsAgent Connection in the main menu.
    -sp <server HTTPS listening port>
    The listening port (or trusted port) of the destination Trend Micro Apex One server for HTTPS communication
    -c <agent listening port>
    The port number used by the Security Agent endpoint to communicate with the server
    -d <domain or domain hierarchy>
    The agent tree domain or subdomain to which the agent will be grouped
    The domain hierarchy should indicate the subdomain.
    -e <Certificate location and file name>
    Imports a new authentication certificate for the Security Agent during the move process
    If this parameter is not used, the Security Agent automatically retrieves the current authentication certificate from its new managing server.
    Note
    Note
    The default certificate location on the Trend Micro Apex One server is:
    <Server installation folder>\PCCSRV\Pccnt\Common\OfcNTCer.dat.
    When using a certificate from a source other than Trend Micro Apex One, ensure that the certificate is in Distinguished Encoding Rules (DER) format.
    -pwd <agent unload and unlock privilege password>
    The unload and unlock privilege password configured in Privileges and Other Settings
    Note
    Note
    If the unload and unlock password is required and you do not provide the password, Agent Mover prompts you before attempting to move agents.
    -dbg
    Enables connection debug logging
    -off
    Enables the Agent Move tool to transfer Security Agents with the offline status to another Trend Micro Apex One server
    -off -iATASoff
    Disables iATAS package download to move Security Agents with the offline status
    -upx
    Uses a proxy server (optional)
    Possible values:
    • 0: Disable
    • 1: Enable
    -pxs
    The proxy server name or IP address. This value is required when the -upx value is 1.
    -pxp
    The proxy server port number. This value is required when the -upx value is 1.
    -pxu
    The user name for proxy server authentication (optional)
    -pxw
    The password for proxy server authentication (optional)
    -acsoff
    Disables Azure Code Signing to move Security Agents that do not support certificate integrity checking
    Examples:
    • For Trend Micro Apex One servers using HTTP communication:
      ipXfer.exe -s Server01 -p 8080 -c 21112 -d Workgroup -pwd unlock
      ipXfer_x64.exe -s Server02 -p 8080 -c 21112 -d Workgroup\Group01 -pwd unlock
    • For Trend Micro Apex One servers using HTTPS communication:
      ipXfer.exe -s Server01 -sp 443 -p 8080 -c 21112 -d Workgroup -pwd unlock -dbg 1
  5. To confirm the Security Agent now reports to the other server, do the following:
    1. On the Security Agent endpoint, right-click the Security Agent program icon in the system tray.
    2. Select Component Versions.
    3. Check the Trend Micro Apex One server that the Security Agent reports to in the Server name/port field.
      Note
      Note
      If the Security Agent does not appear in the agent tree of the new Trend Micro Apex One server managing it, restart the new server's Master Service (ofservice.exe).