Agent Using Archived Communication Key
search cancel

Agent Using Archived Communication Key

book

Article ID: 286571

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Alerts in the Console generated with the Title: Archived Communication Key Use
  • Agents are not receiving updates to the Configlist.xml or yara.bt9 file.
  • Agents are showing with a red dot in Assets > Computers

Environment

  • App Control Agent: 8.7 and Higher
  • App Control Console: 8.7 and Higher

Cause

The Communication Key (keychain.json) is automatically regenerated by a Scheduled Task in the App Control Server. This is done to maintain a higher Security Posture between the Agent and Server.

When this happens, it is possible that every Agent could trigger this Health Check at least once. To verify the issue is persisting, manually initiate an Agent Health Check.

Resolution

REMINDER:  This is only an issue when the SAME machine triggers this Alert REPEATEDLY.
  1. Manually initiate an Agent Health Check.
  2. Wait for the results of the Health Check to return in Reports > Events. Once returned, navigate to Assets > Computers.
    • If the Agent no longer shows Red, the problem is solved.
    • If the Agent still shows Red in Assets, continue.
  3. Verify the Resource Download Location (RDL) in System Configuration > Advanced Options:
    • If using an alternate RDL, copy the updated keychain.json file from the Server to the alternate RDL. This file is located in:
      C:\Program Files (x86)\Bit9\Parity Server\hostpkg\keychain.json
    • Verify the endpoint is able to download keychain.json via the RDL. By default this would be:
      https://ServerAddress/hostpkg/pkg.php?pkg=keychain.json
  4. Verify the IIS certificate is not expired, and formatted correctly:
  5. The keychain.json file can be manually imported imported on endpoints.
  6. Verify any new Agent deployments are always using the proper steps to install an App Control Agent.
    • The keychain.json file is built into the Policy Installer. 
    • Deploying Agents using an old Communication Key is not recommended.

Additional Information