App Control: Agents Remain Disconnected After Recent Certificate Expiration and Renewal
search cancel

App Control: Agents Remain Disconnected After Recent Certificate Expiration and Renewal

book

Article ID: 286587

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Agent Server Communication Certificate expired, causing all Agents to become disconnected.
  • Communication Certificate was replaced, but Agents remain in a disconnected state.

Environment

  • App Control Server: 8.9.4 - 8.10.0
  • App Control Agent: All Supported Versions

Cause

By default the Server will prioritize the previous Communication Certificate for 60 minutes after it is replaced. In the event this certificate was expired, this prioritization caused the Agents to remain in a disconnected state.

Resolution

This issue was tracked under EP-19021 and resolved with the release of Server 8.10.2. Previously the workaround involved:
  1. Log in to the Console and navigate to https://ServerAddress/shepherd_config.php
  2. Select the Property CertificateDelaySwapMinutes and change the Value to 0
  3. Restart the App Control Server service.
  4. Verify the Agents are once again showing as Connected.
  5. Return the Property CertificateDelaySwapMinutes to the default Value of 60

Additional Information

  • The steps are not necessary if the Communication Certificate is/was replaced prior to expiration.
  • This setting is meant as a way to allow time for the Communication Certificate changes to be downloaded by the Agents.
Powered by Wolken Software