App Control: Agents Unable To Download The TrustedCert Files From Alternate IIS Web Site
Article ID: 286559
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- App Control Server is configured to use an alternate Resource Download Location in System Configuration > Advanced Options
- IIS uses separate web site or a different IIS web server is configured as the Resource Download Location
- Some Computers report 'Upgrade Blocked'
- Message similar to following received when attempting to resend all policy rules:
Internal error reported from 'DOMAIN\COMPUTERNAME': Failed configlist file import Location[https://computer.domain.net/configlistwithdeleteditems.xml.egk]: Error[Failed to obtain CL file[https://computer.domain.net/configlistwithdeleteditems.xml.egk]: Error[WinHttpQueryHeaders StatusCode[00000194]]] Attempt[1].
Environment
- App Control Server: Version 8.7 and Higher
- App Control Agent: All Versions
Cause
When IIS uses separate web site or a different IIS web server is configured as the Resource Download Location then IIS MIME configuration must be updated for the App Control file extensions
Resolution
Ensure MIME Types of App Control files are added to the alternate Resource Download Location
- Login to the application server hosting the IIS Site used for the alternate Resource Download Location
- Open Internet Information Services (IIS) Manager
- Navigate to: Server Name > Sites > select the relevant Site.
- From the middle pane open MIME Types under the IIS Category.
- Choose Add and use the following details:
- File name extension: .pem | MIME type: application/x-pem-file
- File name extension: .egk | MIME type: application/x-egk-file
- File name extension: .enc | MIME type: application/x-enc-file
- File name extension: .bt9 | MIME type: application/x-bt9-file
- Click OK
Feedback
Yes
No
Powered by
