Troubleshooting Disconnected Agents (Linux)
search cancel

Troubleshooting Disconnected Agents (Linux)

book

Article ID: 286621

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Endpoints are showing as Disconnected in the Console under Assets > Computers.
  • Endpoints are not showing in the Console under Assets > Computers.
  • Endpoints are experiencing general communication issues with the App Control Server.
  • Agents have stopped checking in with the App Control Server.

Environment

  • App Control Agent: All Supported Versions
  • App Control Server: All Supported Versions
  • Linux: All Supported Versions

Resolution

  1. Verify the Server-Agent Certificate in the Console > System Configuration > Security is not expired, and formatted correctly.
    • Common Name shown should match Server Address from the General tab.
    • Expiration Date should be in the future.
    • A matching Certificate should be listed in the Trusted Communication Certificates list at the bottom of the Security tab, and Trusted.
  2. Verify the Agent and Linux OS/kernel combination being used is supported.
  3. Verify all Linux Agent Exclusions are added to any other security product on the endpoint.
  4. Use Terminal to manually restart the Agent service.
  5. Verify endpoint/server name resolution:
    1. Use Terminal to verify the Server Address and Port combination:
      cd /opt/bit9/bin
      ./b9cli --server
    2. Make a note of the Server Address and Port returned, example output:
      ServerAddress[appcontrol.local]
      Port[41002]
      NOTE: If no Server is returned, the install was missing the server.conf file and will require reinstall using the Uninstall Disconnected Linux Agent method.
    3. Verify the endpoint resolves the resulting Server Address with the following test commands using the above example:
      ping appcontrol.local
      nslookup appcontrol.log
      telnet appcontrol.local 41002
  6. If the Server Address is listed, and the commands above succeed, collect the Disconnected Agent Logs (Linux) and provide when opening a case with Support.