Sensor not connecting via proxy/firewall
search cancel

Sensor not connecting via proxy/firewall


Article ID: 285059


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


  • Endpoint Standard sensor fails to install
  • Endpoint Standard sensor stops checking in to the console
  • The following error can be observed in the confer logs 
    http: schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline
  • This issue may also occur in environments without a proxy
  • This issue may occur on select machines while others with the same network configuration are able to communicate


  • Carbon Black Cloud Windows Sensor: Version 3.3.x.x and Higher
  • Microsoft Windows: All Supported Versions
  • Network Proxy and/or Firewall


  • CRL (Certificate Revocation List) checks are performed on a per application basis
  • The 3.3.x.x and higher sensor relies on Windows to execute a CRL check
  • The CRL traffic generated by Windows needs to be allowed
  • This traffic is attempting to access the and domains


#%$Depending on the environment, there are multiple options to allow this traffic not limited to but including the following general steps.  Specific steps will depend on environment configuration.#%$  


Additional Information

  • Additional information can be found about What are some concerns with disabling the CRL check within the Sensor?
  • The minimum requirement to resolve this issue is to allow CRL check traffic to the and domains as noted in the last option listed under Resolution
  • The and domains utilize OCSP (Online Certificate Status Protocol) and Certificate Revocation List (CRL) checks to validate the sensor's install certificate
  • CAPI2 logging can be enabled on the affected device to provide further insight into CRL traffic
  • If the issue is not resolved with the above configuration changes or only occurs on a subset of machines with the same network configuration, please open a support case