Download Failures Due To WinHttpSendRequest Error 12030
search cancel

Download Failures Due To WinHttpSendRequest Error 12030


Article ID: 286455


Updated On:


Carbon Black App Control (formerly Cb Protection)


  • Upgrading Agents via the Console produces the following error:
    Agent upgrade: Failed to download upgrade package: https://<ServerName>/hostpkg/pkg.php?pkg=/ParityHostAgent.msi. WinHttpSendRequest Error[12030:]
    • Able to download from the browser with the URL


    • App Control Console: All Supported Versions
    • App Control Agent: All Supported Versions


    Microsoft defines the WinHttpSendRequest Error[12030] as:

    The connection with the server has been reset or terminated, or an incompatible SSL protocol was encountered. 


    1. Verify traffic between the endpoint and the Resource Download Location (RDL) is not blocked by the firewall.
    2. A matching set of Protocols and Cipher Suites must exist between the endpoints and the application server.
      • No settings for TLS/Cipher Suites are available in App Control and all configuration must be done at the OS layer.
      • Typically these modifications must be done via the Registry or GPO, but a tool (such as IIS Crypto) may make it easier.
      • Assistance in editing the TLS & Cipher Suites in the Operating System may require support from Microsoft.
    3. Temporarily change the Resource Download Location (RDL) to use http instead of https:
      1. Log in to the Console and navigate to System Configuration > Advanced Settings > Edit.
      2. Modify the RDL from https to http
        Default: https://**ServerIP**/hostpkg/pkg.php?pkg=
        Modified: http://**ServerIP**/hostpkg/pkg.php?pkg=
      3. Save the changes and allow the Agent(s) to complete the download & upgrade.
      4. Revert the changes to the RDL.
    4. Use a 3rd party application (such as SCCM) to complete the Agent upgrade:
      • Note: The communication issue preventing Agent Upgrades will also prevent future required file transfers.
      • It is strongly encouraged to resolve the underlying Protocol/Cipher Suite mismatch to prevent situations like Approvals out of Date.