App Control: Disconnected Agent on Windows 2003 Server
search cancel

App Control: Disconnected Agent on Windows 2003 Server

book

Article ID: 286755

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

An Agent installed on a Windows Server 2003 endpoint is showing as Disconnected in the Console.

Environment

  • App Control Agent: All Supported Versions
  • Windows Server 2003 (Service Pack 2)

Cause

Either the endpoint is missing KB3072630, supported Cipher Suites are not available/enabled, or both.

Resolution

  1. Confirm if the update is installed by issuing the following command in an administrative command prompt:
    wmic qfe get hotfixid | find "KB3072630"
  2. If not present, install KB3072630.
  3. Enable the SSL Cipher Suite manually:
    • Click Start > Run > gpedit.msc > OK
    • Navigate to: Computer Configuration > Administrative Templates > Network > SSL Configuration Settings
    • Double-click the setting, SSL Cipher Suite Order
    • Enable the SSL Cipher Suite
    • Click Apply
  4. If the SSL Cipher Suite is not available, or is already enabled, the Triple DES 168 Cipher Suite must be enabled on both the 2003 Server endpoint and the application server hosting the App Control Console.
Note: The endpoint must be rebooted after the patch is applied or any changes are made to the Cipher Suites.

Additional Information

  • No settings for TLS/Cipher Suites are available in App Control and all configuration must be done at the OS layer.
  • Typically these modifications must be done via the Registry or GPO, but a tool (such as IIS Crypto) may make it easier.
  • Assistance in editing the TLS & Cipher Suites in the Operating System may require support from Microsoft.