Test Agent Network Connectivity (Windows)
search cancel

Test Agent Network Connectivity (Windows)

book

Article ID: 286509

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

To test network connectivity between an endpoint and the App Control Server.

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

  1. Log in to the endpoint being tested and use a command prompt to note the Server Address the Agent is currently configured to use:
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli server

    Example Output:
    Current server: appcontrol.domain.com:41002
  2. The endpoint must be able to resolve the Server Address returned, on the port referenced.
  3. Verify the endpoint can resolve the Server Address:
    nslookup <ServerAddress>
    ping <ServerAddress> (might be disabled and show as Request Timed Out)
    tracert <ServerAddress>
  4. Check to see if the Agent has ESTABLISHED a connection to the Server Address on the port:
    netstat -ano | findstr "41002"
  5. If a Proxy is in use, verify the 32-bit netsh is configured with a Bypass for the Server Address:
    C:\Windows\SysWOW64\netsh.exe winhttp show proxy
    (for XP/Server 2003 use: proxycfg)
  6. Use PowerShell to issue the following commands :
    Test-NetConnection -ComputerName <ServerAddress> -Port 41002 -InformationLevel "Detailed"
    Test-NetConnection -ComputerName <ServerAddress> -Port 443 -InformationLevel "Detailed"
  7. Verify the endpoint and application server hosting the Console have matching Cipher Suites & Protocols.
  8. Confirm results are successful (See Additional Notes for further reference).

If the issue persists capture the Disconnected Agent Logs and provide to Support.

Additional Information

  • The output of the PowerShell command should indicate that the name resolves to an IP and the TcpTest is "True"
    RemoteAddress            : 10.1.2.3
    TcpTestSucceeded         : True
  • If Remote address did not return the correct IP address then the DNS must be fixed
  • If the TcpTest is "False" then port 41002 is not accessible on the server
  • The output of netstat -ano | findstr "41002", should be 'ESTABLISHED' - This is necessary in order for comms to succeed between agent and server. If there is anything other than 'ESTABLISHED' (including No output), then this generally indicates some issue or other with Firewall or proxy settings, and will likely need the Infra/IT Team to help determine why Port 41002 connection was not 'ESTABLISHED', as this is not something the agent has control of, as it relies on the connection settings in order to make the 2 way communication.
  • If ICMP response is disabled in the environment, ping may not be successful
  • For more information on communication requirements see the documentation for the relevant version
  • Optionally if Telnet is available, you can check connectivity with:
    telnet AppCServerName 41002
  • See also the Microsoft Learn site for more information on Telnet.