Download Failures or Disconnected Agents Due To WinHttpSendRequest Error 12002
search cancel

Download Failures or Disconnected Agents Due To WinHttpSendRequest Error 12002

book

Article ID: 286515

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Errors when attempting to download the Agent upgrade package, similar to:
    Failed to download upgrade package: https://ServerAddress/hostpkg/pkg.php?pkg=/ParityHostAgent.msi. WinHttpReadData Error[12002]
  • Errors when attempting to download some other file from the Resource Download Location (RDL), similar to:
    Failed to download Server Cert List file from URL [https://ServerAddress/hostpkg/pkg.php?pkg=TrustedCertList.pem]: Error[WinHttpSendRequest Error[12002:]]. Options[00000003] TotalFailures[1] FailureId[961]
  •  Agents may be disconnected, Disconnected Agent Logs reveal messages similar to the following in the Trace.bt9 file:
    Server Communication: WinHTTP communication error: 12002

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

Microsoft defines the WinHttpSendRequest Error[12002] as:
ERROR_WINHTTP_TIMEOUT: 12002
The request has timed out.

This error can be returned as a result of TCP/IP time-out behavior, regardless of time-out values set in Windows HTTP Services.

Typically this happens when the endpoint encountered a network timeout while attempting to access the files on the Resource Download Location. In some instances this is due to a Proxy blocking the communication.

Resolution

  1. Verify the Resource Download Location (RDL) specified is correct and traffic is not blocked by the firewall.
  2. Log in to the endpoint encountering the error and use a browser to validate the file exists and can be downloaded (without error), example:
    https://ServerAddress/hostpkg/pkg.php?pkg=ParityHostAgent.msi
  3. If a Proxy is in use:
    • The Agent does not officially support a Proxy and a bypass to the Server Address/RDL may be required.
    • Use an administrative command prompt on the endpoint to verify a Bypass exists:
      netsh winhttp show proxy
    • If a Bypass does not exist, add one:
      netsh winhttp set proxy proxy-server="<proxyservername>" bypass-list=<appserver.domain.com>;<Existing Bypass Lists>
    • A reboot may be required to restore the connection.
  4. Perform the relevant task manually on the endpoint:

Additional Information

Certain Proxies may also require the ports be added to the address in the Bypass List, example:

Server Address:
appserver.domain.com:41002
appserver.domain.com:443