Troubleshooting Disconnected Agents (Windows)
search cancel

Troubleshooting Disconnected Agents (Windows)

book

Article ID: 286690

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Endpoints are showing as Disconnected in the Console under Assets > Computers.
  • Endpoints are not showing in the Console under Assets > Computers.
  • Endpoints are experiencing general communication issues with the App Control Server.

Environment

  • App Control Agent: All Supported Versions
  • App Control Server: All Supported Versions
  • Microsoft Windows: All Supported Versions

Cause

There are many reasons why an Agent could have difficulties communicating with the App Control Server.

Resolution

  1. Verify the Server-Agent Certificate in the Console > System Configuration > Security is not expired, and formatted correctly.
    • Common Name shown should match Server Address from the General tab.
    • Expiration Date should be in the future.
    • A matching Certificate should be listed in the Trusted Communication Certificates list at the bottom of the Security tab, and Trusted.
  2. If Certificate Verification is enabled the Agent Communication Certificate may need to be imported on the endpoint(s).
  3. Verify the Agent is fully running by manually restarting it via the command line.
  4. Test network connectivity between the endpoint and the Server Address.
  5. Verify the TLS & Cipher Suites enabled in the Operating System on the endpoint match those enabled on the application server.
  6. Verify the Agent does not show in Duplicate Computers.
  7. If using Active Directory Policy Mapping, verify Slow Lookups are not contributing to the issue.
  8. If the issue persists, collect the Disconnected Agent Logs.