EDR: cb-enterprise Services No Longer Starting After Changing SSO Certificate For ADFS
Article ID: 287206
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
The cb-enterprise services no longer starting after changing SSO certificate for ADFS.
Environment
- EDR Server: All Supported Versions
- SAML2 Integration
Cause
FederationMetadata.xml file from ADFS missing and needs to be in /etc/cb/sso/.
Resolution
1. Confirm new SSO cert key is placed in /etc/cb/certs directory.
2. Backup metadata.xml file in /etc/cb/sso directory, or other designated filepath.
3. Regenerate metadata.xml in designated directory:
/usr/share/cb/cbssl sso --make-metadata > /etc/cb/sso/metadata.xml
4. Stop all cb-enterprise services:
/usr/share/cb/cbcluster stop
5. Kill all CB process:
https://community.carbonblack.com/t5/Knowledge-Base/EDR-How-to-Restart-Server-Services/ta-p/41294
6. Restart cb-enterprise services
/usr/share/cb/cbcluster start
2. Backup metadata.xml file in /etc/cb/sso directory, or other designated filepath.
3. Regenerate metadata.xml in designated directory:
/usr/share/cb/cbssl sso --make-metadata > /etc/cb/sso/metadata.xml
4. Stop all cb-enterprise services:
/usr/share/cb/cbcluster stop
5. Kill all CB process:
https://community.carbonblack.com/t5/Knowledge-Base/EDR-How-to-Restart-Server-Services/ta-p/41294
6. Restart cb-enterprise services
/usr/share/cb/cbcluster start
Feedback
Yes
No
Powered by
