Agent Using Archived Communication Key
search cancel

Agent Using Archived Communication Key


Article ID: 286571


Updated On:


Carbon Black App Control (formerly Cb Protection)


  • The App Control Console is generating an Alert: "Connected; Archived Communication Key Use"
  • The App Control Agent is generating a failed Health Check due to "Archived Communication Key Use"
  • Agents are not receiving updates to the Configlist.xml or yara.bt9 file.


  • App Control Agent: 8.7 and Higher
  • App Control Console: 8.7 and Higher


The keychain.json file has changed on the Server and the Health Check has determined the local copy on the endpoint does not match.


This message is only a problem if the same Agent is repeatedly generating this Health Check.
By default the Agent initiates a Health Check automatically once every 6 hours. Depending on the timing of when the Communication Key (keychain.json) file was refreshed, and when the Agent last ran a Health Check, the message could be triggered erroneously.

To verify the issue is persisting, Run An Agent Health Check. If the Health Check fails again:

  1. Verify the Update Resource Download Location (RDL) in System Configuration > Advanced Options:
    • If using an alternate RDL, copy the updated keychain.json file (C:\Program Files (x86)\Bit9\Parity Server\hostpkg\keychain.json) to the alternate RDL.
    • Verify the endpoint is able to download keychain.json via the RDL. By default this would be: https://ServerAddress/hostpkg/pkg.php?pkg=keychain.json
  2. Verify the IIS certificate is not expired, and formatted correctly: Bind a New Certificate to Parity Web Console in IIS (by default this is IIS on the application server)
    • Common Name shown should match Server Address from the General tab.
    • Expiration Date should be in the future.
    • A matching Certificate should be listed in the Console > System Configuration > Security > Import a Trusted Communication Certificate, and Trusted.
  3. The keychain.json file can be imported on endpoints: Manually Import TrustedCertList.pem and Keychain.json Files on Agents.
  4. Verify any new Agent deployments are always using the steps to Install an App Control Agent.
    • The keychain.json file is built into the Policy Installer. 
    • Deploying Agents using an old Communication Key is not recommended.

Additional Information