A default installation of the Trend Micro OfficeScan client in a vDisk of a provisioned device is going to get you in trouble…
The Trend Micro management server expects each client to register with a unique GUID.
When you install the Trend Micro OfficeScan client in a vDisk, all provisioned devices using that vDisk will register with the same GUID and the management server becomes clueless.
While figuring out how the client interacts with the management server, I found out that the management server is not really picky with these GUIDs and let’s you make up your own GUID as long as you follow this format:
abcdefgh-abcd-abcd-abcd-abcdefghikj
So what we need to do is make sure each provisioned device has a unique GUID before it registers with the management server.
Start with the following:
- Install the Trend Micro OfficeScan client in the vDisk.
- Unload OfficeScan.
- Set the Trend Micro services to “manual”.
Create a startup script with the following contents:
REG ADD HKLM\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion /v GUID /t REG_SZ /d "0d8ffd52-a5a7-48c5-9313-ecdc%COMPUTERNAME%" /f
(leave out the Wow6432Node if you’re on a 32-bit system).
What this does is change the current GUID to a random value, appended with the name of the provisioned device (which should be unique for each provisioned device !).
In my environment the %COMPUTERNAME% translates to devices with a name made out of 8 characters, so if you follow a naming convention which is not made out of 8 character make sure you add or subtract random characters before the %COMPUTERNAME% variable and follow the format mentioned earlier.
You can now add another line to your script to manually start the Trend Micro Officescan client:
net start tmlisten
net start ntrtscan
The client will now successfully register with the management server and you’re done !
Hello there, just a quick question regarding this. We are close to our production handover and we have not installed a A/V client on our image. After reading this, I am a bit concerned but more for the A/V admin. The reason, what happens when you have a reboot schedule and a new GUID is created for the image. Does it create a new machine in the console of the A/V software? If so, is there a different method to keep everything static that you are aware of.
Thanks in advance,
Fares Amari
Hi Fares,
The GUID will be hard-coded in the registry of your golden image after you installed the client, so when you deploy your image to your target devices in standard mode (read-only) the GUID will not change after a reboot.
You keep the GUID static for each target device by setting the Trend Micro services to manual and change the GUID (so it reflects the name of the target device, which should be static) before the services start like I described in my post.
I have successfully tested this “trick” (changing the GUID before the services start) with Sophos as well and I’m working on Symantec which seems to work the same way.
Michael,
Just wanted to pass along this info about how we are deploying Trend with image clones (Provisioning servers in this case) There is an application is called ImgSetup provided with the install of Trend and this article explains how that works. http://esupport.trendmicro.com/solution/en-us/1035208.aspx
We have been using this over the past month and so far it has worked well.
Thanks,
Fares Amari
Hi Michael
You say “what we need to do is make sure each provisioned device has a unique GUID before it registers with the management server.” How are you achieving this? Whenever I install OfficeScan onto the vDisk, the server registers pretty much instantly in the OfficeScan management server.
Hi Phil,
You are exactly right: After you install OfficeScan into the vDisk, the OfficeScan client will automatically register itself in the management server. But…
After you put this vDisk into standard mode and deploy it to 10 other server, all 10 servers will register to the management server with the same, in the registry hard-coded, GUID and these duplicate GUIDs are what causes trouble.
By making sure the GUID is changed and unique for each server before the OfficeScan client can contact the management server, you can resolve this.
Michel
Try as I might, I can’t seem to get this to work! I’ve done everything as above but for some reason the client isn’t contacting/checking onto the Trend management server, even though the services are running and it has a unique GUID. Any ideas?
Cheers
Phil
Hi Phil,
Did you generate your client package (that you installed in the vDisk) from the management console ? In other words: Is the client instructed to contact the management server ?
Hi Michel
Yes, it was generated from the management console.
Hi Michel
You, sir, are a legend! Our server names are 10 characters and I wasn’t taking that into account. I’ve changed to startup script by removing the letters dc and everything is now working fine. Thank you so much for your help and guidance.
Regards
Phil
Michael in Trend Micro OfficeScan 10.5 is not posibble configure manual services
Hello Michael,
We have setup Citrix VDI-in a box. I’ve created Windows 7 Image on the XenServer 5.6 SP2. We use Trend Officescan version 10.6. Could you please explain to me how I will install Officescan client on my Windows 7 Image? Once I have this image ready, I will need to create a template using this Image. As you’re aware, Citrix-VDI in a box doesn’t have a seperate PVS or any other VDI component. It is all in one box.
I desperately need help. Any help you can offer will be a blessing!!!!
Thanks,
Jay
Hi Jay,
This article actually applies to all kinds of technologies where a single image is involved.
PVS uses a vDisk and VDI-in-a-box uses an image, so it shouldn’t really matter.
Thanks for the quick response.
You’ve mentioned to create a startup script that will change the GUID to a random value, so I guess I need to add this script to my START-All Programs-Startup folder?? Also, how does the dat files get updated? What are some of the exclusions or the whitelist I need to apply?
Regards,
Jay
Jay, I am in the same boat as you. I am using VDI Box 5.2.1 and Officescan 10.6. I was pulling my hair out with getting Personal Desktops to work correctly. I had created a gold image and then ran the Template creater for Trend on that Image. However, anytime i tried and spool up a personal disk, constant failure and bsod with a NTFS,sys issue. Finally, removing the Trend Client from the gold image, i was able to start up a normal Vdisk (personal disk desktop) . I am very curious on how to set it up correctly as well.
Michel hutto gihin hukapan genita