• The App Control Console is generating an Alert: "Connected; Archived Communication Key Use"
• The App Control Agent is generating a failed Health Check due to "Archived Communication Key Use"
• Agents are not receiving updates to the Configlist.xml or yara.bt9 file.

• App Control Agent: 8.7 and Higher
• App Control Console: 8.7 and Higher

The keychain.json file has changed on the Server and the Health Check has determined the local copy on the endpoint does not match.

This message is only a problem if the same Agent is repeatedly generating this Health Check.
By default the Agent initiates a Health Check automatically once every 6 hours. Depending on the timing of when the Communication Key (keychain.json) file was refreshed, and when the Agent last ran a Health Check, the message could be triggered erroneously.

To verify the issue is persisting, Run An Agent Health Check. If the Health Check fails again:

1. Verify the Update Resource Download Location (RDL) in System Configuration > Advanced Options:
   • If using an alternate RDL, copy the updated keychain.json file (C:\Program Files (x86)\Bit9\Parity Server\hostpkg\keychain.json) to the alternate RDL.
   • Verify the endpoint is able to download keychain.json via the RDL. By default this would be: https://ServerAddress/hostpkg/pkg.php?pkg=keychain.json
2. Verify the IIS certificate is not expired, and formatted correctly: Bind a New Certificate to Parity Web Console in IIS (by default this is IIS on the application server)
   • Common Name shown should match Server Address from the General tab.
   • Expiration Date should be in the future.
   • A matching Certificate should be listed in the Console > System Configuration > Security > Import a Trusted Communication Certificate, and Trusted.
3. The keychain.json file can be imported on endpoints: Manually Import TrustedCertList.pem and Keychain.json Files on Agents.
4. Verify any new Agent deployments are always using the steps to Install an App Control Agent.
   • The keychain.json file is built into the Policy Installer. 
   • Deploying Agents using an old Communication Key is not recommended.

• The Restore Back The Communication Key After It Was Recently Updated (keychain.json) to the previous version, and  Disable the Automatic Refresh of the Communication Key File (keychain.json).
• The keychain.json file is automatically refreshed by a Scheduled Task in the App Control Server. This is done to maintain a higher Security Posture between the Agent and Server.