Download Failures or Disconnected Agents Due To WinHttpSendRequest Error 12002
search cancel

Download Failures or Disconnected Agents Due To WinHttpSendRequest Error 12002

book

Article ID: 286515

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Endpoint symptoms may include:
    • Using dascli status the result includes:
      Connection: Disconnected(Security Error)
    • Disconnected Agent Logs reveal messages similar to the following in the Trace.bt9 file:
      Server Communication: WinHTTP communication error: 12002
  • Results in Console may include:
    • Errors when attempting to download the Agent upgrade package, similar to:
      Failed to download upgrade package: https://ServerAddress/hostpkg/pkg.php?pkg=/ParityHostAgent.msi. WinHttpReadData Error[12002]
    • Errors when attempting to download some other file from the Resource Download Location (RDL), similar to:
      Failed to download Server Cert List file from URL [https://ServerAddress/hostpkg/pkg.php?pkg=TrustedCertList.pem]: Error[WinHttpSendRequest Error[12002:]]. Options[00000003] TotalFailures[1] FailureId[961]

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

Microsoft defines the WinHttp Error 12002 as:
ERROR_WINHTTP_TIMEOUT: 12002
The request has timed out.

This error can be returned as a result of TCP/IP time-out behavior, regardless of time-out values set in Windows HTTP Services.

Typically this happens when the endpoint encountered a network timeout while attempting to access the files on the Resource Download Location.

In many cases this is due to a Firewall or Proxy blocking the communication.

Resolution

  1. Verify the Resource Download Location (RDL) specified is correct and traffic is not blocked by the firewall
    • If using 8.10.2 and above verify that the Certificate Download Location is correct and not blocked
  2. Log in to the endpoint encountering the error and use a browser to validate the file exists and can be downloaded (without error), example:
    https://ServerAddress/hostpkg/pkg.php?pkg=ParityHostAgent.msi
    https://ServerAddress/packages/trustedcertlist.pem
  3. Test the Agent Network Connectivity
  4. If a Proxy is in use:
    • The Agent does not officially support a Proxy and a bypass to the Server Address/RDL may be required.
    • The Agent is currently still a 32-bit application, and uses the 32-bit Proxy settings.
    • Use an administrative command prompt on the endpoint to verify a Bypass exists:
      cd C:\Windows\SysWOW64\
      netsh winhttp show proxy
    • If a Bypass does not exist, add one:
      netsh winhttp set proxy proxy-server="<proxyservername>" bypass-list=<appserver.domain.com>;<Existing Bypass Lists>
    • A reboot may be required to restore the connection.
  5. Perform the relevant task manually on the endpoint:

Additional Information

Certain Proxies may also require the ports be added to the address in the Bypass List, example:

Server Address:
appserver.domain.com:41002
appserver.domain.com:443